{"id":8120,"date":"2021-08-02T14:03:57","date_gmt":"2021-08-02T19:03:57","guid":{"rendered":"https:\/\/tcn.tidbits.com\/?p=8660"},"modified":"2021-08-02T14:56:40","modified_gmt":"2021-08-02T19:56:40","slug":"how-to-take-the-annoyance-out-of-your-key-passwords-and-passcodes","status":"publish","type":"post","link":"https:\/\/www.macworks.com\/blog\/how-to-take-the-annoyance-out-of-your-key-passwords-and-passcodes\/","title":{"rendered":"How to Take the Annoyance Out of Your Key Passwords and Passcodes"},"content":{"rendered":"<p>We constantly say, \u201cUse a password manager!\u201d for good reason. Password managers make it easy to generate, store, and enter strong passwords. You don\u2019t have to decide whether or not your password is strong or weak, remember it, and type it accurately every time you log in to a website. Seriously, just get <a href=\"https:\/\/1password.com\/\" target=\"_blank\" rel=\"noopener\">1Password<\/a> or <a href=\"https:\/\/www.lastpass.com\/\" target=\"_blank\" rel=\"noopener\">LastPass<\/a>, or you could use Apple\u2019s <a href=\"https:\/\/support.apple.com\/en-us\/HT204085\" target=\"_blank\" rel=\"noopener\">iCloud Keychain<\/a>.<\/p>\n<p>But what about those passwords you have to enter regularly, like your Mac\u2019s login password, your Apple ID password, and the master password for your password manager? And the passcodes for your iPhone, iPad, and Apple Watch? Plus, it may also be helpful to be able to remember and type passwords for a few services that require you to enter the password into an app instead of a Web browser. (Of course, you can copy and paste the password from your password manager, but that\u2019s fussy if you have to do it frequently.)<\/p>\n<p>For such passcodes and passwords, you\u2019ll want to come up with options that are strong, memorable, and easily entered. Here\u2019s what we recommend for most people. (If you\u2019re a target of a nation-state or regularly deal in highly confidential government or corporate information, you\u2019ll need an even higher level of security.)<\/p>\n<h3>Passcodes<\/h3>\n<p>It\u2019s essential that your iPhone, iPad, and Apple Watch have a passcode that can\u2019t easily be guessed. Once someone can get into an iPhone or iPad, they could read all your email, look at all your photos, make purchases via Apple Pay, and impersonate you in conversations with others. And yet, many people use worthless passcodes like 111111 or 123456. Don\u2019t do that! Also, don\u2019t worry about making a passcode that\u2019s easy to type\u2014with Touch ID, Face ID, and Apple Watch unlocking, you don\u2019t have to type your passcode all that frequently.<\/p>\n<p>Since we\u2019re talking about physical objects that can\u2019t be accessed remotely and are most likely to be compromised by someone who knows you personally, the key is to think about what six digits you can remember but that even people who know you well couldn\u2019t guess.<\/p>\n<p>For instance, you might think of using <b>081995<\/b> if you were born in August 1995, but your birthdate is both widely known and easily discovered. A better pattern would be the dates of the month associated with the birthdays of your best friend from high school, your favorite cousin, and your late grandmother\u2014<b>132408<\/b> if they were born on May 13th, July 24th, and November 8th. No one will ever guess that.<\/p>\n<p>You get the idea. Think of dates associated with people or events important to you but that even close friends or family members wouldn\u2019t necessarily know. Then combine those days, months, or years in a way that makes sense to you. You\u2019ll end up with a strong passcode that you\u2019ll never forget.<\/p>\n<p>One last point. Given the level to which data syncs between your iPhone, iPad, and Apple Watch, we don\u2019t see any significant benefit in creating different passcodes for each. Come up with a secure passcode and use it on all three.<\/p>\n<h3>Mac Login Passwords<\/h3>\n<p>Much like an iPhone\u2019s passcode, the primary vulnerability for your Mac\u2019s login password is someone who has physical access. You don\u2019t have to worry about remote brute force attacks (as long as you don\u2019t have remote access enabled in System Preferences &gt; Sharing) or password files being stolen, suggesting that the password doesn\u2019t need to be insanely strong and equivalently hard to type.<\/p>\n<p>That\u2019s especially true for an M1-based Mac or <a href=\"https:\/\/support.apple.com\/en-us\/HT208862\" target=\"_blank\" rel=\"noopener\">Intel-based Mac with a T2 security chip<\/a>, and even more so if you have <a href=\"https:\/\/support.apple.com\/en-ca\/guide\/mac-help\/mh11785\/mac\" target=\"_blank\" rel=\"noopener\">enabled FileVault<\/a> (which we recommend). But if it\u2019s an older Intel-based Mac without a T2 chip, it\u2019s conceivable that a thief could image the drive and use brute force attacks to find the password. A stronger password might make sense for such an older Mac.<\/p>\n<p>Considering all this, we recommend coming up with a password that\u2019s easy to type, memorable, and difficult to guess for even those who know you well. It doesn\u2019t have to be strong enough to protect against serious cracking software unless you live in a Spy-vs.-Spy world. Consider taking a few words from a song lyric or movie quote you\u2019ll never forget and jamming them together, such as \u201c<a href=\"https:\/\/en.wikipedia.org\/wiki\/Et_tu,_Brute%3F\" target=\"_blank\" rel=\"noopener\">ettubrute<\/a>\u201d or \u201c<a href=\"https:\/\/en.wikipedia.org\/wiki\/Up_to_eleven\" target=\"_blank\" rel=\"noopener\">goestoeleven<\/a>.\u201d<\/p>\n<p>If you unlock your Mac and apps using an Apple Watch or Touch ID most of the time, you can make the login password a bit stronger without the annoyance of having to type it so frequently.<\/p>\n<h3>Apple ID and Password Manager Passwords<\/h3>\n<p>When it comes to your Apple ID password, the master password for your password manager, and other passwords to online services you need to type, attacks will take place either remotely or be directed against a stolen password file. Plus, your Apple ID password and master password to your password manager literally hold the keys to your kingdom, so they must be extremely strong and resistant to automated cracking. It\u2019s also essential that you won\u2019t forget them and that you be able to enter them\u2014on both a Mac keyboard and an iPhone keyboard\u2014reasonably easily. What to do?<\/p>\n<p>One possible solution is to create a long passphrase of random but easily remembered words, as suggested in the <a href=\"https:\/\/xkcd.com\/936\/\" target=\"_blank\" rel=\"noopener\">classic xkcd cartoon<\/a>. Current advice suggests that a passphrase of five words\u2014with at least 32 characters\u2014is now necessary to resist modern cracking methods.<\/p>\n<p>Passphrases are highly secure, but they can be tedious to type and may not work well for an Apple ID password. <a href=\"https:\/\/support.apple.com\/en-us\/HT201303\" target=\"_blank\" rel=\"noopener\">Apple requires that Apple ID passwords<\/a> have upper and lowercase letters and include at least one number. But don\u2019t make it longer than 32 characters; some have reported problems with longer passwords.<\/p>\n<p>For a compromise approach, consider a password built using the following rules:<\/p>\n<ul>\n<li>It starts with an uppercase letter. That satisfies Apple\u2019s requirement and means you don\u2019t have to switch between upper and lowercase keyboards on an iPhone more than once.<\/li>\n<li>That letter and subsequent lowercase letters come from the initials of unrelated people, movie titles, the first few letters of a saying or product name, or something similar that you\u2019ll have no trouble remembering.<\/li>\n<li>It includes several punctuation characters accessible from the iPhone\u2019s numeric keyboard that don\u2019t require the use of the Shift key on the Mac keyboard.<\/li>\n<li>It ends with digits developed along the lines of the passcode above\u2014this keeps you on the iPhone\u2019s numeric keyboard. (You could also swap the order of the punctuation and digits.)<\/li>\n<li>Overall, it has at least 13 characters, preferably more.<\/li>\n<\/ul>\n<p>(As an aside, does having two-factor authentication (2FA) turned on for any account where you\u2019re creating a memorable password let you make a weaker password? Yes, in the sense that your overall security is much higher with 2FA because someone would have to hack your password <i>and<\/i> compromise the 2FA system in some way. But no, if your password is so weak that it\u2019s trivially crackable, such that 2FA becomes the only protection. Don\u2019t overthink it\u2014stick with strong passwords.)<\/p>\n<p>As an example, consider this possibility for a LastPass master password: <b>Tpmbialas\/.19851955<\/b>. It\u2019s not entirely random, but it\u2019s close and doesn\u2019t use obvious patterns that cracking software could exploit. Let\u2019s break it down:<\/p>\n<ul>\n<li><b>Tpmbialas<\/b> comes from the first letter of the words in the movie <i>The Phantom Menace<\/i> and the Dire Straits album <i>Brothers in Arms,<\/i> plus the first three letters of LastPass<i>.<\/i><\/li>\n<li><b>\/.<\/b> plays on the name of the tech news site Slashdot to be memorable, and the characters are easily typed on both the iPhone and Mac keyboards.<\/li>\n<li><b>19851955<\/b> will be easily remembered by fans of the movie <i>Back to the Future,<\/i> whose characters travel in time from 1985 back to 1955.<\/li>\n<\/ul>\n<p>It\u2019s highly secure\u2014the <a href=\"https:\/\/www.security.org\/how-secure-is-my-password\/\" target=\"_blank\" rel=\"noopener\">How Secure Is My Password?<\/a> site says it would take 1 quintillion years to crack, and there\u2019s no way that even someone who knew your taste in movies and music could guess it (as long as you don\u2019t tell them about your pattern).<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-8661\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2021\/08\/how-to-take-the-annoyance-out-of-your-key-passwords-and-passcodes.png\" sizes=\"auto, (min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) 597px, 100vw\" srcset=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2021\/08\/how-to-take-the-annoyance-out-of-your-key-passwords-and-passcodes.png 597w, https:\/\/macworks.com\/blog\/wp-content\/uploads\/2021\/08\/how-to-take-the-annoyance-out-of-your-key-passwords-and-passcodes-1.png 480w\" alt=\"\" width=\"597\" height=\"313\" \/><\/p>\n<p>One last thing to consider: is your password fun to type? Some key combinations probably roll off your fingers, whereas others will be prone to typos. Test your proposed password on both a Mac keyboard and your iPhone. If you hate typing it, tweak the characters until it\u2019s better.<\/p>\n<p>When you\u2019re developing your own unique passwords that you must be able to remember and type, a strategy along these lines should serve you well. Just make sure to avoid dictionary words, repeated characters, and any password under 13 characters in length, all of which make passwords easier for cracking software to guess.<\/p>\n<p>(Featured image by iStock.com\/peshkov)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We constantly say, \u201cUse a password manager!\u201d for good reason. Password managers make it easy to generate, store, and enter strong passwords. You don\u2019t have to decide whether or not your password is strong or weak, remember it, and type it accurately every time you log in to a website. Seriously, just get 1Password or [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":8121,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,69,106,880,8,25,112,185,104],"tags":[],"class_list":["post-8120","post","type-post","status-publish","format-standard","has-post-thumbnail","category-apple","category-apple-consulting-ct","category-apple-support-ct","category-ipad","category-iphone","category-mac","category-mac-support-ct","category-mactech","category-security"],"_links":{"self":[{"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/posts\/8120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/comments?post=8120"}],"version-history":[{"count":1,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/posts\/8120\/revisions"}],"predecessor-version":[{"id":8128,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/posts\/8120\/revisions\/8128"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/media\/8121"}],"wp:attachment":[{"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/media?parent=8120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/categories?post=8120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/tags?post=8120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}