Bournemouth — Oct 21st 2014

The meeting started with a presentation by John Hooper on Passwords and Keychains. Keychains were introduced in 1997 with OS 8.6 to store passwords, wireless keys etc. and to allow designated apps to use this information so that there is no need to type it in every time you visit a web page. John demonstrated how Keychain Access (found in the Utilities folder) is used to manage the passwords stored in your Login Keychain, noting that you will need the admin password of the computer to make any changes.

John then moved on to cover the iCloud Keychain facility, introduced with Mavericks and iOS7. John described the setting up procedure on both the Mac and iPad. You will need to give a 4 digit PIN then, for additional security, a mobile phone number to which a second 5 digit security code will be sent by text message. Once setup, the Mac will show the iCloud keychain in addition to the System and Login keychains that were there before. All the passwords added to this keychain will then be synchronised across both devices.

The iCloud keychain is limited to Safari browsers (no support for Firefox, Chrome etc.) and of course you need to be comfortable with the idea of all your passwords being stored in California, albeit in encrypted form. John also noted that, if you turn off the passcode on your iPad for any reason, then all the passwords stored in the iCloud keychain are freely available.

John then went on to list some other password management apps, including 1Password, LastPass, KeePass, SplashID and Password Bank Vault for Mac. In discussion DashLane was also recommended. There was some discussion on the security implications of using these apps, including encryption levels used, where the passwords were stored and the difficulty of ensuring the integrity of the app itself.

After a quick lesson on creating a strong password (and one which you still might have some chance of remembering) John ended by stressing that the user was always the weakest link in the security chain, and reminding us of the importance of not clicking on links in any e-mail purporting to come from an organisation with which you have an account, especially if they suggest you need to login or change your password. Instead go to the website directly by typing the web address into Safari (unless you have it already bookmarked) and go from there.

John was thanked for a clear and helpful presentation and, after discussing a few more security-related issues, a show of hands was called for on who admitted to writing down their passwords. The results of this have been suppressed for security reasons.

After a coffee break there was a full Q&A session covering everything from playing region coded DVDs to experience with Yosemite (so far, so good), and iOS8 (good but does slow down an iPad 2), and advice on switching mobile phone providers in pursuit of better coverage.

Alan closed the meeting with a trailer for the November meeting and announced his intention to stand down as convenor at the end of the year so we shall need a successor. - T&M H

Comments

Page 1
Page 1