3
What Mac OS tool do you use to generate random passwords for logins, and back them up (encrypted) in case your computer dies?
Zack Burt
Posted 2011-07-01T22:08:21.193
Reputation: 321
What Mac OS tool do you use to generate random passwords for logins?
Answers
9
Keychain Access has this capability built-in, and it comes with Mac OS X.
mkoistinen
Posted 2011-07-01T22:08:21.193
Reputation: 320
1How do you back up passwords in Keychain Access? – Zack Burt – 2011-07-03T06:15:50.553
It is one of the options for MobileMe–soon to be iCloud–which is handy, because it can sync all your passwords to your various devices. It is also backed-up with TimeMachine. If you want to back it up manually, see this: http://support.apple.com/kb/ht2980#key
– mkoistinen – 2011-07-03T08:23:42.0531
Apple has said “Syncing of Mac Dashboard widgets, keychains, Dock items, and System Preferences will not be part of iCloud, …” (see MobileMe transition and iCloud).
– Chris Johnsen – 2011-07-05T03:58:23.4401@Zachary you don't need to store in keychain access. Generate a password from the helper window and copy it wherever you want. – Daniel Beck – 2011-07-05T05:07:39.807
@Daniel how do I get access to the helper window? – Zack Burt – 2011-07-05T06:04:07.633
1@ZacharyBurt Open Keychain Access.app → ⌘N → (sheet opens up) → press the button with a key icon – Lri – 2011-07-05T06:40:31.287
3
Normally I use pwgen from the command-line if I need a memorable password. I choose the most appealing password from the list, specify one argument for the length of the password and then modify to taste.
If it doesn't need to be memorable, I use the KeePassX password generator.
On the App Store there are a few free utilities to choose from, but I suspect it is pwgen under the hood in many cases.
Somantra
Posted 2011-07-01T22:08:21.193
Reputation: 320
2
I use LastPass -- it's not OS X specific and they have browser plugins for every major browser and platform. It can generate passwords for you for any scenario really: web apps, non-web apps, etc.
Your data is stored on the LastPass server as an encrypted blob. LastPass doesn't maintain a parallel private key to access this data. This is key (and big differentiating point with a service like Dropbox). LastPass, therefore, cannot access your password file blob. If you lose your password to LastPass, you lose your data stored there. That's a good thing. Your LastPass password should be something long, preferrably a sentence, with more than just alphanumerics in it.
The service is still, I believe conceptually, vulnerable to browser-side attacks because decryption of your blob is done in the browser plugin. But this isn't any different from the way KeyChain data or even data encrypted with something like PGP is handled: at some point you have to decrypt to use the data and the best, safest place to do that is local to the machine you're working on just in time to access the data. That's, more or less, how LastPass architects it.
Ian C.
Posted 2011-07-01T22:08:21.193
Reputation: 5 383
1
I use a password matrix. Basically, I have a business card that I keep in my wallet that contains a 10 x 10 matrix of random letters, cases, numbers and symbols. I keep one copy of this stored on my email and another on my computer. Depending on the level of sensitivity of information that I'm looking to protect, I'll use a different algorithm. So all you have to remember is your algorithms.
Something that you don't care about could just be the first row for your password.
Something a little sensitive could be the first 1,1 2,2-2,9 1,10
Something very secure could be two rows, first even columns and the second the odd columns.
Basically the whole concept is that you're flaunting your passwords around, but it's completely useless unless you know what the algorithm used is.
After time, you'll have it all memorized.
kobaltz
Posted 2011-07-01T22:08:21.193
Reputation: 14 361
1http://lifehacker.com/5715794/how-to-write-down-and-encrypt-your-passwords-with-an-old+school-tabula-recta – kobaltz – 2011-07-01T22:59:37.993
0
I use the Password Assistant that comes up when you click the little key next to the new password field in the change account password section of System Preferences (it looks relatively standalone, but I've not found a more convenient way to invoke it without pretending to change my password, then cancelling). I find the "memorable" setting produces passwords that are fairly secure and, well, memorable. My one complaint is that it could be a bit more liberal with the capital letters.
To store passwords, I have a copy of 1Password on my iPhone. I picked it up for free (or at least very cheap) on a special offer; I'm not sure I'd pay the £6 they want for it at them moment, and I certainly don't have the desktop app for syncing or anything. It does, however, get backed up with everything else on my phone when I sync through iTunes.
Scott
Posted 2011-07-01T22:08:21.193
Reputation: 5 323
You can get to it in Keychain Access, as mkoistinen mentioned. – William Jackson – 2011-07-02T03:21:50.303
0
I use the !password feature of DuckDuckGo.
Just type !password in the search box and it will return a random 8-digit password for you. If you want a password of a different length, just include it as an argument, e.g., !password 16.
speedofmac
Posted 2011-07-01T22:08:21.193
Reputation: 2 887
As mkoistinen pointed out above, an offline version is probably better. Even if this is generated in Javascript, it is relatively easy for the password to be sent somewhere. – Tim – 2012-08-31T08:59:18.583
I use this page...https://www.grc.com/passwords.htm
– Moab – 2011-07-01T22:41:53.1971
Interesting resource. However, if you're concerned about security, one should avoid using an online tool to generate passwords. Even if you trust this site 100%, HTTPS isn't 100% safe, nor is DNS. Who knows, someone could poison DNS to take you to a replica of this page–complete with an SSL cert.–and be databasing all your input. For really secure passwords, use diceware: http://world.std.com/~reinhold/diceware.html
– mkoistinen – 2012-04-02T14:08:55.680