Password management on the Mac

Keychain is good. But if you really want to be secure, use the suggestion on the first page and make a password-protected disk image in Disk Utility and store your file in there.
You can also rename a file or folder via terminal and turn it invisible. I've not done that but I think it's just by adding a period/full stop to the beginning of the file.
 
A hyphen would probably be even more effective if you put it in the wrong place: yello-wbox, for example, or federa-lexpress. Then you have no contiguous letters forming actual dictionary words.

One suggestion I've seen that makes a lot of sense is to pick a phrase or quotation or something and use the initial letters from that: "Toto, I don't think we're in Kansas anymore" would become "tidtwika" Provided you can remember the phrase, you can always remember the password, but again, with no dictionary words it's going to be harder to crack.
 
Cypher can encrypt you a file you want.
http://www.versiontracker.com/dyn/moreinfo/macosx/13892
The review does not look super great (3 stars) but i have used that since 10.1. I like it - take a single file that you want to encrypt (e.g. the file with your passwords), and just encrypt it.
I rather encrypt single files than all my music and movies (a' la file vault)
 
sonjay said:
One suggestion I've seen that makes a lot of sense is to pick a phrase or quotation or something and use the initial letters from that: "Toto, I don't think we're in Kansas anymore" would become "tidtwika" Provided you can remember the phrase, you can always remember the password, but again, with no dictionary words it's going to be harder to crack.

Another thing is to put the answers that are 100 % uncorrelated to the question. So "your last 4 digits" >> WASTGRHJTJX "your mum's maiden name" > 764564531215 or "afvdg#%#sz777" (= ANYTHING as qurstion) >> (only an answer that you know).
 
You don't need to use FileVault and encrypt everything with a protected disk image. And the advantage to that is you can drag items to it, or trash them, as needed. And it's free, built-in and uses the same security protocols as FileVault.
 
The Keychain is vulnerable, though, because it can be unlocked with your user password, which is encrypted using a primitive algorithm and easy to crack. The same goes for FileVault, - the heavy encryption doesn't help much when the password itself can be cracked in usually only a few minutes or hours.

I recommend making an encrypted disk image with a long pass phrase that you can remember, but can't be guessed by anyone else. Something like "5i 4have 3a 2fast 1computer" is virtually uncrackable.
 
i just needed something more safe than a text file. I'm not needing something so complex because i'd never get into it, and i open my password file weekly.
 
Back
Top