After reading how Wire journalist Mat Honan was broken, as well as various paranoid articles about Mac security, I decided to describe how I personally protect my Mac, iPhone and iPad from external risks. More than 6 months have passed since the release of the first version of this material. Some things have changed, so I decided to update and republish it.
To begin with, there are no plans for a coup d’état or blueprints for submarines on my equipment, so Patsai’s recommendations, like “the password for access to the iPhone must be set to a complex, not a 4-digit numeric, but arbitrary”, I consider a strong overkill.
Breaking the balance between safety and convenience causes nothing but annoyance and the desire to turn it all off to hell. Therefore, when setting up my system, I tried to maintain a sense of proportion.
What we protect
The main information that I need to secure is related to e-wallets, server access rights, etc. Roughly speaking, it all comes down to protecting the 1Password database, where this stuff is stored. Next comes user data, such as photos, music, and other personal information. If you have been saving all this for more than one year, then the value of such data, especially photographs, is constantly growing.
It is possible to lose information on a Mac both due to physical interference (fire, theft) and from an outside attack. Therefore, we will put protection on both sides.
It will not be superfluous to protect yourself from losing your iPhone or iPad, as they can cause serious data leakage. With the default settings, anyone can access your mail or Dropbox folder.
Conscious users are already using most of these recommendations, but I will repeat myself with my example:
- Set a password for your Account, and disable the Guest Account. The last step has an obvious benefit – no one can use your Mac under any circumstances. But there are also downsides – if it is stolen, it cannot be tracked by the iCloud search function.
You can disable guest login in the section System Preferences -> Users and Groups…
Here you can also set an administrator password.
- The password must be entered every time you wake up from sleep or screen saver mode, and every time you turn it on. After a certain time, you will begin to enter even complex passwords automatically, so this does not bring any inconvenience.
The frequency of asking for a password is configured in System Preferences → Security…
- Turn on FileVault to encrypt data on your disk, and without an administrator password, attackers will decrypt your disk for years.
You can turn on FileVault encryption in the appropriate tab of the Security section.
- Turn on Firewall and Invisible Mode. This will create an additional barrier to network attacks.
Be sure to activate Firewall.
Everything is simple, effective enough and without problems. The only thing you have to do now is enter your password when you log in. If you want even more reliability, you can deprive the main account of Administrator rights, but this will already affect the convenience.
IPhone and iPad security
The main problem with losing your phone is that the finder gets access to mailboxes and Dropbox content (where 1Password likes to back up). Therefore, the first thing to do when setting up your iPhone is to set a password to unlock it.
As I mentioned, the hard version of iPhone passwords (phrases) is only for the paranoid. I am using a classic four-digit code. When using random (!) Combinations, the probability of guessing the code with 10 attempts is less than 4%. If anyone is interested, then read the excellent translation on Habré. Is it difficult to guess the PIN?
You can disable guest login in System Preferences → Users and Groups
The darker the dot, the more often people use this PIN.
Summarizing this study, we get the following recommendations:
- Avoid ascending sequences;
- Avoid any dates like DDMM, DDMM, MMYY, etc. (2311, 1123, 1984, 0683 …);
- Avoid keyboard patterns (1245, 2580, 3698 …);
- Avoid digital patterns (8585, 6969, 4567 …);
- And never use one of these codes:
0000, 0101–0103, 0110, 0111, 0123, 0202, 0303, 0404, 0505, 0606, 0707, 0808, 0909, 1010, 1101–1103, 1110–1112, 1123, 1201–1203, 1210–1212, 1234, 1956–2015, 2222, 2229, 2580, 3333, 4444, 5252, 5683, 6666, 7465, 7667.
Well, now let’s get back to the iPhone and what needs to be configured on it:
- set a password on your phone;
- select auto-blocking after 1–2 minutes;
- enable data deletion after 10 incorrect password attempts;
- set up iCloud to back up important data (address book).
All of these actions will prevent an attacker from accessing your applications.
Correct backups will eliminate total data loss. I am using 3-tier backups. Of course, everything here revolves around Time Machine. This means that backups can automatically take place at home to your Time Capsule (or any external drive), as well as to an additional drive at work.
The likelihood of both disks and a computer being spoiled at the same time is much less. But if this happens, then a USB stick with a 1Password base and important files will come in handy on the farm, which can be hidden in a bank safe. It is only necessary to update its contents when the basic passwords are routinely changed. In practice, this happens no more than twice a year, so the method does not cause any inconvenience, but there can be a lot of benefits from such a magic wand.
Of course, the Time Machine backup disk and USB stick must be encrypted. This can be done using Disk Utility.
Protection from external threats
The most common scenario is that someone will gain access to your mailbox and recover passwords from other services to it. There is no point in talking about the complexity of passwords, it is better to talk about the very ideology of working with mail.
History shows that the @ me.com post has repeatedly compromised itself. Therefore, registering domains with hosting and other important information on it will only be crazy. Here’s a great example of how MacPages.me was hacked through this email.
For important data, you need to create a separate email known only to you. By the way, here you can score on Gmail and seek help from other services. For example, a free account in Lavabit will be more than enough for these purposes (at the time of this writing, they temporarily suspended registrations).
On the same mailbox, you can tie up password recovery from all other mail addresses and services. But what you don’t need to do is connect such mail on your iPhone or iPad.
After creating such an email and transferring key services to it, do not forget to look for passwords in your old mailbox. You will be surprised how many “leaks” you can find there.
Thus, hacking any of your public mailboxes will not allow an attacker to recover passwords for your domain, hosting, Twitter, Facebook, as well as other mail accounts and other stuff.
Well, if you opted for Gmail, then two-level authorization will help reduce the likelihood of hacking itself (when, in addition to the password, you need to enter the confirmation code that came to the phone).
You should definitely install two-level authorization on Dropbox, where the same 1Password database is stored.
By the way, recently two-level authorization appeared for Apple ID accounts, but so far it is available only for a few countries. Most of Europeans are flying by …
The final touch is one-time passwords in Gmail for authorizing applications. When this feature is enabled, a one-time password can be created for each application that uses Google services.
It is especially useful for iPhone or iPad. If you lose your device, you just have to log into your account and “disconnect” the necessary programs (devices) from the mail. Those interested can read the post How do one-time passwords work? on habr.
Now, point by point:
- Use separate emails: personal, work, for trash registrations and super secret;
- Set up two-level authorization wherever possible;
- Recover important passwords, including passwords from public mailboxes, tie to a secret email;
- All external mailers must work with one-time passwords.
The system is quite effective, since hacking any of the public mailboxes does not have any serious consequences, and the process itself is impossible without physical access to the phone. Losing the phone itself is also not a problem – in a couple of minutes you can disconnect it from mail or even clean it up. Accounts can be accessed using one of the secret one-time passwords.
The only problem is these one-time passwords that need to be generated when connecting each new program that works with mail. But you only need to do this once (for the current session).
It seems to me that the task of protecting the data with minimal user input is complete. Anyway, it works for me. The rear is covered, there is no need to keep a bunch of complex passwords in your head, and user data is almost impossible to destroy. In any scenario, you can deploy the system to its original state, and restore passwords.