UAUG MEETING

April 23, 2013

At the onset of this evening’s presentation, Dan took a few minutes, to reiterate the new Christmas party “member prize” rules. He also explained that due to a death in the family, Al Fasoldt was unable to attend as originally scheduled, thus necessitating a change in tonight’s program.  Instead, tonight’s meeting featured Peter discussing password security applications. Specifically, he demonstrated 1Password.

Peter then began by showing Ellen Degeneres in a humorous, but thought-provoking, YouTube video on password organization. He showed a list of the 25 most popular passwords that are commonly used. This list is available on the internet. He discussed how devious password crackers use computer clusters which are able to guess 350 billion combinations per second.

A handout entitled “Password Dos and Don’ts” was distributed.

Do’s: (from us.norton.com/dos-donts-passwords/article)

•Do use a combination of uppercase and lowercase letters, symbols and numbers. Peter explained that crackers are after where the password is stored on your device.

•Do make sure your passwords are at least eight characters long. The more characters the more difficult they are to guess. However, according to MacWorld: “14 is the new 8”.

•Do try to make passwords as meaningless and random as possible.

•Do create different passwords for each account.

• Do change your passwords regularly.

Don’ts:

•Don’t use names or numbers associated with you, such as a birth date, nickname or names of close family members.

•Don’t use your user name or actual name in any form as a password.

•Don’t use a solitary word in any language. Hackers have dictionary-based tools to crack these types.

•Don’t use simple passwords like 123456, or the word password.

•Avoid writing passwords down–if you must, keep them safe, and never give them out to anyone, in writing or otherwise

•Don’t answer yes when prompted to save your password to a particular computer’s browser.

In order to meet the challenge of creating unique, random passwords Peter discussed some systems that have been devised to create and remember long passwords. He illustrated several of these on his handout.

Another video, from the writers of Time magazine, suggested ways to create passwords. Peter commented that any system you create isn’t random.  “Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess,” was the last statement on his handout. In the end, passwords made of at least 14 randomly generated characters using letters, numbers, special characters and varied capitalization are the strongest passwords.

Peter then listed some suggestions for programs that might be used to create longer passwords. These included:

LastPass, DataVault RoboForm, Wallet, Splash IDSafe, mSecure, 1Password, and eWallet.

Before discussing these Peter mentioned that Macs have the Keychain Access application. It is located under Applications > Utilities and it stores passwords for email, websites, servers, network shares, WiFi networks, and encrypted disk images etc.

It includes a difficult-to-access Password helper: Keychain Access > [click + to add password and open the helper window]

Peter mentioned that there is an article in the March 2013 Macworld magazine about keychains. It recommends changing the Login Keychain password. Changing it to something other than your user account password will increase the security of your Mac.  Change the login keychain password in the Keychain Access Keychain Viewer. Right-click on the keychain named login and select “Change password for keychain ‘login.'”

Peter then explained that he has been using 1Password by AgileBits.com for a couple of years now to remember and generate secure passwords. Version 4 is available for iOS 6 and version 3 is available for Mac. Using Dropbox, you can sync the password data file between your iPhone, iPad, iPod Touch and Mac. There is a fully functional 30 day trial version after purchase ($49.99)  and a 25% discount for user group members.

Peter opened his 1Password demo by stating that the hardest thing to do is to free one’s mind from thinking that it must remember all the different passwords one has.

Peter then demonstrated how to use 1Password to create a password and remember account information as he created an account on FitDay.com. You should create a strong password for your “master password”.  This is the only password you must remember. Then he asked 1Password to generate a password for this site, and then copied and pasted this password into the site so it could be saved. When you start up the 1Password App, it gives you a list of all the sites for which you have saved passwords. He then accessed the FitDay.com account, copied the password, and pasted it into the login form. All of these passwords are sitting on your computer in an encrypted file. There are plug-ins to help you sign up, login and create passwords for Safari, Firefox, and Google Chrome.

Dan mentioned that in the UAUGtalk website under member deals > Apple User group deals, the special 25% deal for AgileBit is  mentioned in the April 15 User Group Bulletin.

Drawings:

AgileBit License for 1Password- Paul F.

50-50: Dan H.

 

Announcements:

May 2 – Dave Marra- MugOne Oneonta- Hartwick College -iWork for Mac and iPad presentation

Meetings will continue to begin at 6 even though the Dunham Library custodian has returned.

The meeting was adjourned at 8:15.

 

Respectfully submitted,

Fran Reppel