Previous 1 2 Next 17 Replies Latest reply: Aug 25, 2008 2:08 AM by macjack
Diamond White Level 1 Level 1
I've recently started to use the Secure Notes in Keychain Access, to store my passwords, banking details etc. Does anyone think this is a risky idea. What are the chances of being hacked from outside, or if the computer was stolen, what are the chances of the information being retrieved by a determined thief.

Powerbook, Mac OS X (10.5.1)
  • macjack Level 9 Level 9
    If you create a new keychain for secure note with a new password it is safer. Safer yet, would be to keep an encrypted disk image. I do this an have all of my sensitive information stored there.



    -mj
  • Diamond White Level 1 Level 1
    How would I go about creating an encrypted disc image?
  • macjack Level 9 Level 9
    You can create .dmgs in Disk Utility by using the "New image" icon. You can create a new folder and put all your files you want to encrypt in it. This Apple support article will explain how to create a disk image and encrypt it.



    -mj
  • lechtmmg Level 1 Level 1
    macjack I installed the upgrade to Office 08 and there was a message that Microsoft wanted access to
    my keychain I did not authorize it and ever since no email with the Entourage in 08. thoughts?


    lechtmmgg
  • macjack Level 9 Level 9
    I'm not sure, I have Office 08 with the latest update and didn't encounter it. Then, I never used Entourage. I just launched Entourage for the first time to test and didn't get any message about keychain but I didn't go through the setup for an account.

    It's perfectly consistent if you have a mail account set up there that it would want to store the login and password in your keychain. I'd allow it or else you will need to enter the information every time you launch the app.



    -mj
  • lechtmmg Level 1 Level 1
    macjack Thank you very for the quick reply. I did no have o log in the past. You see nothing wrong in granting access? ( It will not allow Microsoft access to my machine??) Again thanks.

    lechtmmgg
  • macjack Level 9 Level 9
    I don't think you need to worry, it's a "trusted" application. If you used Mail.app you'd want to give Keychain access also. EDIT: If you can still send & receive mail in Entourage without it, then leave it alone.

    Here's the advice I usually give about security:

    While there are no known viruses that attack Mac OS X at the present time, it is possible for spyware to get onto your Mac.

    So I go to lengths to protect my user. A hosed system can be replaced but a compromised user folder is compromised forever. Along with all your important data like bank records, credit cards, ... I.e. your "identity" stolen.

    The best way to avoid that is by using your built-in firewall which is industrial strength and/or a hard wired router, downloading only from "trusted" sites, installing all security updates and being careful about what you give administrative power to. It is also recommended to run day to day tasks from a non-admin account.

    Don't use Limewire or any other P2P service to download your software, get it from reputable sources. In addition, always keep at least your users backed up, preferably a clone of your entire system on a separate disk. And put your sensitive passwords, bank accounts, credit card numbers in a "secure note" in a new keychain or in an encrypted folder.

    If and when a Mac virus does appear it will be headline news and you can download the AV software then. If you feel you have to run an AV program I'd suggest ClamXav a mac friendly freeware app that is very stable with OS X. It will check for known virus signatures at any rate.

    Hope this helps.



    -mj

    Message was edited by: macjack
  • Diamond White Level 1 Level 1
    Thanks for your help so far MacJack.
    I've created the encrypted disc image, as per the directions provided, however, at no point in the opening procedure does it ask for the password I gave it when it was created. Sorry to be stupid, but what have I done wrong?
  • lechtmmg Level 1 Level 1
    macjack I cannot send and receive.

    lechtmmg
  • macjack Level 9 Level 9
    My guess would be that when it asks if you want to add it to Keychain, you accepted. Try again and decline.
    Be sure to make it large enough to add items.



    -mj
  • Diamond White Level 1 Level 1
    Thanks for your help so far macjack.
    I've created the encrypted disc image, following the instructions, however, at no time am I asked for the password I used when it was created. I can open and close it at will. This doesn't seem right. Any idea what I'm doing wrong?
  • macjack Level 9 Level 9
    Let's try a step-by-step. I didn't even bother to look at Apple's instructions, just created a test image and it worked fine.

    Launch Disk Utility and from the File menu choose >> new >> blank disc image.
    "Save As" whatever you like.
    "Volume size" whatever you like.
    "Volume Format" OS X journaled
    "Encryption" 256-bit
    "Partitions" Single partition
    "Image format" Read & Write

    Click on "Create". You will be prompted to enter a password. *Uncheck the box* that says, "Remember password in my keychain.
    Photobucket



    -mj
  • Diamond White Level 1 Level 1
    Ok, that's sorted that. I wasn't un-checking the box.
    Am I right in thinking that the contents of the disc image will be encrypted, and unreadable, unless accessed via the password?
  • macjack Level 9 Level 9
    That's what it's for. It should prompt you for the pass everytime you open it.Try opening it with wrong password... it won't. If you have a strong pass, nobody's getting in there.



    -mj
Previous 1 2 Next