Password usage tips
- Consider how good of a password you need to secure different things. For example, with low-risk areas, such as an online news website, you can use an easy-to-remember password—you might even use the same password for other low-risk things. For very sensitive items, such as your system administrator password or an online bank account, use a unique, hard-to-guess password for each separate area, and do not reuse it elsewhere. This way, if one password is compromised (that is, someone figures it out), your other areas are not affected.
- For most people, you probably have a high number of items that require extra security, and it's very difficult or impossible to remember really good passwords for each item. Instead, store them all in a secure location, such as in a file on an encrypted disk image, on a USB memory storage device to which only you have access, in the System Keychain, or even on a piece of paper that's locked away in a secure location.
- Do not share your password with anyone else; that also means don't send it via email. Do not enter a password for a sensitive item, like a bank account, into an unprotected location, such as a non-secure website. It is possible for someone monitoring network traffic to obtain it.
Creating a "good" password
Here are some ideas to help you create a unique, secure password:
- Use a long sequence of random characters. Include a mix of upper- and lowercase letters, numbers, punctuation marks, and (if the site or item supports it) characters typed while holding down the Option key.
- For easier-to-remember passwords, begin with a phrase, verse, or line from a song. Omit certain letters, and transform others into numbers or punctuation marks that resemble the original character. You might want to insert additional punctuation and numbers too. For example, the phrase "You will be welcomed" could be turned into "UW1llBvv3lc0meD;". And, of course, don't use our example password—everyone who sees this document would know it!
- Good passwords are over 8 characters long and contain a mix of many different character types. Avoid using city names, street names, names of people (real or fictional), pet names, words found in a dictionary or popular book, phone numbers, birthdays, anniversaries, or simple combinations of these. Avoid using a recognizable spatial pattern of keyboard characters, such as a couple diagonal lines of keyboard keys, such as "xdrcft."
Where to use good passwords in Mac OS X
Mac OS X should be protected with good passwords in these areas:
- The administrator account password. This password is required to perform many tasks on the computer, including setting system preferences, installing software, and administering user accounts. An administrator password is an administrator user's login password.
- User account passwords that allow users to log in to their home folders. This is often referred to as a "login password." Make it a good one.
- Your keychain can store passwords for various applications and resources on the computer in a secure manner. Your keychain password "unlocks" the keychain so that the passwords inside it can be used. Your keychain password is the same as your login password when you first set up your account, but can be changed via the Keychain Access utility.
- The optional master password that can be used in the event that a FileVault-protected user forgets his or her login password.
Administrator accounts should not have a blank password
Administrator user accounts that have a blank password (that is, no characters at all for the password) will be unable to use sudo functions in Terminal.
Storing passwords in a Keychain
You don't have to keep track of every password you use; instead, keep your passwords in Keychain, a utility that lets you create one or more keychains to store your sensitive passwords.
Your Mac starts you out with a single keychain that gets created when you first log in to your user account. By default, it has the same password as your user account, and automatically unlocks whenever you log in to your account.
When you access a site, application, or other item that asks for your password, a dialog may open after you type it, asking if you want to add the password to your keychain. Click Add to add it. The next time you access that item, Keychain fills in the password for you. You can also add passwords manually: Open Keychain Access in the Utilities folder inside the Applications folder, choose New Password Item from the File menu, and enter the information and password for the item.
Keychain Access allows you to see all the password items that are currently stored on the selected keychain
If you ever forget a password that's stored in Keychain, do this:
- Open Keychain Access.
- From the list, double-click the item whose password you can't remember.
- In the resulting window, click the Attributes tab, then select the "Show password" checkbox.
- In the resulting dialog, type your keychain password. If you're using the default keychain, the password is the same as your user account. Click Allow Once to display your password once, or click Always Allow to always display your password in Keychain.
For added protection, you may want to create another "more personal" keychain that doesn't automatically unlock each time you log in to your user account. To create a keychain:
- Open Keychain Access
- From the File menu, choose New Keychain.
- In the resulting dialog, type a name for your keychain in the Save As field, choose where you want to store it from the "Where" pop-up menu, and click Create.
- In the resulting dialog, type a good password for this keychain in the Password and Verify fields, then click OK. Click the key button if you need help choosing a good password.