We need this even though it’s querky
Overview
Below is the script for a video course I’m writing.
Introduction
In this course you will learn how to protect your bank account and other websites from being hacked (as easily).
This is probably the most important tutorial I’ve created because it’s one thing we can do to keep our accounts safe from predators.
REMEMBER: It’s not safe to use a single password on several websites because hackers use programs to try passwords.
REMEMBER: It’s not safe anymore to use a pattern to vary passwords slightly on each site because passwords from many breached websites are open, so hackers can now recognize patterns from several sites.
REMEMBER: We should also use different user names for each site.
We can keep a list of passwords in a file.
But what if our laptop gets lost or stolen?
So what we need is a way to generate a different strong password for each website we use.
That’s what 1Password does.
If you forget your private information, several websites, such as Salesforce and job application site Valeo, don’t provide much support.
The software gives us access to a password list protected by a master password.
There are several products available to hold passwords.
1Password is unique in that it allows its password file to not leave the computer, and be stored in some cloud server for hackers to steal.
The software is called one password because you use one password to access all the passwords it saves.
This enables you to open the same website on any browser.
Moreover, this would enable someone to have access to your accounts in case you are disabled or die.
What 1Password doesn’t do is automatically change the password on every website.
2FA Companion Authy app
1Password is also where you can store One-Time Codes generated when you setup 2FA (Two-Factor Authentication).
There are many 2FA apps available:
-
Google Authenticator is from Google, who’s business is to make money off your data.
-
Microsoft Authenticator works much like Google Authenticator, but with a slightly more pleasing layout. It also lets you log into Microsoft accounts, like OneDrive and Outlook, with just a tap. So if you have an Office 365 account, you can use the same app for other accounts too.
-
Duo Mobile from Cisco has a feature called Duo Push. If a site works with it, the app can prompt you to tap to authenticate a login instead of having to enter a code. And to stop people from accessing your account without approval, you can deny requests and even mark the denied attempt as fraud.
-
LastPass Authenticator works even if you don’t use LastPass to manage your passwords. It offers push notification verification with several big names like Amazon, Dropbox, Facebook and more, and it supports SMS and QR codes.
The problem with most of them is that if you lose or change your phone, you’ll have to get setup all over again.
I (and many others) prefer Twillio’s Authy because it stores your codes in the cloud, so you can create restore onto a new phone, and sync across several devices (macOS laptop, iPhone, iPad, etc.).
Authy protects itself with a password or biometrics, but there is still a risk that opens a way for hackers to create a backup and restore onto their phone.
After download, open the app and input your phone# which Authy verifies with an SMS message or phone call.
Mary Manzi’s article How to back up your Authy app.
Authy can generate codes for use offline.
Install
Software is installed on your operating system.
Software also needs to be installed on each internet browser you have installed.
Install 1Password
Other browsers
Since work is needed on each specific browser, the last I checked the new Brave browser has not been.
Transfer to a Windows machine
Transfer to an iPhone
Transfer to an Android
Clear out Saved Passwords saved on browsers
Now that you have 1Password working, clear out auto complete on browsers:
Erase passwords kept by Browsers
Internet browsers save passwords and other data typed to fill out forms.
And when you enter a username and password that the browser has not already stored for a website, it will ask if you want it to remember the password. Deny that.
But this convenience can be dangerous because any site you visit can potentially get at that autofill data.
Clear Safari browser
(Mac OS X 10.6 – 10.12.x)
- Open Safari.
- Press command command to open the Preferences dialog.
- Switch to the Autofill tab.
- Uncheck all “AutoFill web forms”.
- Enter your password.
- Click the Edit button for “User names and passwords”.
- Click Remove for the entry that corresponds with the site you want to remove.
Clear Firefox browser
(Mac OS X 10.6 – 10.12x and Win 7 and 8 and 10)
- Click on the “hamburger” menu on the top-right corner.
- Click “Privacy & Security” on the left menu.
- Uncheck “Remember logins and passwords for websites”.
- Click “Saved Logins” button.
-
Remove all.
- Click “Saved Addresses”
- Click on each item to expose the password. Verify that you have that password in your password vault. Then click Remove for that item.
-
Uncheck “Autofill addresses”
- Click the X to dismiss the Settings tab.
Clear Google Chrome browser
(Mac OS X 10.6 – 10.12x and Win 7 and 8 and 10)
- Click on the Menu Icon (three vertical dots) in the upper right corner.
- Click on Settings, then Settings in the pop-up menu for a new “chrome://settings” tab.
- Scroll down to click “Advanced” to expose “Privacy and security” settings.
- Scroll down to the “Passwords and forms” section.
- Click “Autofill settings”.
- Click the blue toggle so it says “Off” at the left edge on the same line.
-
Click the left arrow to return to the previous page.
- Click the “Manage Passwords” section.
- Click the blue toggle so it says “Off” at the left edge on the same line.
- For both blue toggles.
- For each entry in Saved Passwords, click the menu icon for each line. Verify that you have that password in your password vault. Select Remove.
- At the top left of the screen, click the arrow to return to the previous menu.
Clear Brave browser
- Click on the Menu Icon (three vertical dashes) in the upper right corner on the tabs line.
- Click on “Security” in the left menu.
- Click “Manage Autofill Data” for a new tab.
- Remove any entry.
- Click on the Autofill tab and click x to close it.
- Click to turn off the orange toggle under the “Autofill Settings”.
- Click on the preferences tab and click x to close it.
Resources
https://www.troyhunt.com/only-secure-password-is-one-you-cant/
More on OSX
This is one of a series on Mac OSX:
- MacOS Setup step-by-step, with automation
- MacOS Hardware and accessories
- MacOS dotfiles for System Preferences setup automation
- MacOS Boot-up
- MacOS Keyboard tricks
- MacOS Terminal Tips and Tricks
- Text editors and IDEs on MacOS
- MacOS Xcode.app and CommandTools (gcc)
- MacOS Command-line utilities
- Applications on MacOS
- 1password on MacOS
- Manage Disk Space on MacOS
- Screen capture on MacOS
- MacOS iPhone integration
- Linux and Windows on Apple MacOS
- Packer create Vagrant Windows image
- Python on MacOS
- Maven on MacOS
- Ruby on MacOS
- Node on MacOS installation
- Java on MacOS
- Scala ecosystem