{"video_id":"EZn-j-4p7y8","title":"Make your iPhone Even More Secure","channel":"Mac Address","show":"Mac Address","published_at":"2021-05-05T14:58:16Z","duration_s":374,"segments":[{"start_s":0.0,"end_s":12.9,"text":"In the summer of 2020, I read about a Brazilian man whose iPhone was stolen right out of his","speaker":null,"is_sponsor":0},{"start_s":12.9,"end_s":20.38,"text":"hand. Despite his best efforts to lock it up, he still lost over $30,000 because once the thieves","speaker":null,"is_sponsor":0},{"start_s":20.38,"end_s":25.46,"text":"easily bypassed his six-digit passcode, they had automatic access to all of his banking,","speaker":null,"is_sponsor":0},{"start_s":25.46,"end_s":31.94,"text":"user accounts, and iTunes purchasing. Because of the way iCloud Keychain, the default password manager used by every single iPhone","speaker":null,"is_sponsor":0},{"start_s":31.94,"end_s":34.98,"text":"and Mac since 2013, is designed.","speaker":null,"is_sponsor":0},{"start_s":34.98,"end_s":42.66,"text":"So let's explore how iCloud Keychain works and how you can keep your digital life safe.","speaker":null,"is_sponsor":0},{"start_s":42.66,"end_s":47.94,"text":"According to a recent study by NordPass, the average internet user has over 100 user accounts","speaker":null,"is_sponsor":0},{"start_s":47.94,"end_s":57.32,"text":"and passwords to manage. That's insane, so what most of us do is use the same or nearly the same password for everything.","speaker":null,"is_sponsor":0},{"start_s":57.32,"end_s":61.16,"text":"This is not good because it leaves you vulnerable to getting stuffed.","speaker":null,"is_sponsor":0},{"start_s":61.16,"end_s":65.52,"text":"Credential stuffing is when a hacker buys a database of logins from a compromised site,","speaker":null,"is_sponsor":0},{"start_s":65.52,"end_s":71.44,"text":"like say when Yahoo got hacked in 2016 with a 3 billion user breach.","speaker":null,"is_sponsor":0},{"start_s":71.44,"end_s":75.92,"text":"And then they try those logins on hundreds of other sites, like your bank or iTunes.","speaker":null,"is_sponsor":0},{"start_s":75.92,"end_s":79.6,"text":"The best solution to avoid this is to have a different unique password for each one of","speaker":null,"is_sponsor":0},{"start_s":79.6,"end_s":87.12,"text":"your accounts. But how on earth are we to remember over 100 strings of passwords?","speaker":null,"is_sponsor":0},{"start_s":87.12,"end_s":91.04,"text":"Each with their own numbers and special characters.","speaker":null,"is_sponsor":0},{"start_s":91.04,"end_s":96.28,"text":"Enter iCloud Keychain. It's Apple's solution to this very pernicious problem.","speaker":null,"is_sponsor":0},{"start_s":96.28,"end_s":100.4,"text":"If you use any of the company's devices, you're probably already using it.","speaker":null,"is_sponsor":0},{"start_s":100.4,"end_s":106.56,"text":"You've probably seen the pop-up on your phone or iPad or Safari browser, asking if you want","speaker":null,"is_sponsor":0},{"start_s":106.56,"end_s":110.24,"text":"to save your password. If you tap yes, it's saved to your Keychain.","speaker":null,"is_sponsor":0},{"start_s":110.24,"end_s":114.04,"text":"But still, if you're creating a new account, the feature can help you create really secure","speaker":null,"is_sponsor":0},{"start_s":114.04,"end_s":118.44,"text":"passwords and you can save credit card and address info for online shopping.","speaker":null,"is_sponsor":0},{"start_s":118.44,"end_s":123.24,"text":"And all of these credentials are synced between your devices through the cloud, which you","speaker":null,"is_sponsor":0},{"start_s":123.24,"end_s":131.04,"text":"may have switched on during your iPhone setup. Simply put, iCloud Keychain is Apple's implementation of what's known more broadly as a password","speaker":null,"is_sponsor":0},{"start_s":131.04,"end_s":136.0,"text":"manager. There are many options in the world of password managers.","speaker":null,"is_sponsor":0},{"start_s":136.0,"end_s":143.08,"text":"The aforementioned NordPass is one, as are OnePassword, Dashlane, and LastPass.","speaker":null,"is_sponsor":0},{"start_s":143.08,"end_s":147.96,"text":"The services are quite a bit more fully featured than iCloud Keychain, but they also cost money,","speaker":null,"is_sponsor":0},{"start_s":147.96,"end_s":152.52,"text":"ranging between $1.50 to $4 a month for individual plans.","speaker":null,"is_sponsor":0},{"start_s":152.52,"end_s":156.6,"text":"They work on all the platforms and with all the browsers.","speaker":null,"is_sponsor":0},{"start_s":156.6,"end_s":159.84,"text":"And individual credentials can even be shared with others.","speaker":null,"is_sponsor":0},{"start_s":159.84,"end_s":165.12,"text":"All that info is encrypted behind a MasterPass phrase, which is a password you make incredibly","speaker":null,"is_sponsor":0},{"start_s":165.12,"end_s":174.08,"text":"long, strong, and ideally nonsensical, like Unicorn Milk Poison Control or Tusken Winter","speaker":null,"is_sponsor":0},{"start_s":174.08,"end_s":177.12,"text":"Battle Skies exclamation mark.","speaker":null,"is_sponsor":0},{"start_s":177.12,"end_s":180.64,"text":"What's convenient is that you can always have the right password when you need it, no","speaker":null,"is_sponsor":0},{"start_s":180.64,"end_s":186.96,"text":"matter where you are, and it's all behind that MasterPassword.","speaker":null,"is_sponsor":0},{"start_s":186.96,"end_s":192.4,"text":"But critically, that's not how iCloud Keychain works.","speaker":null,"is_sponsor":0},{"start_s":192.4,"end_s":197.04,"text":"Your Keychain MasterPassword is the same as your device's password, so the weak password","speaker":null,"is_sponsor":0},{"start_s":197.04,"end_s":201.44,"text":"you've been using for years on your MacBook or the convenient passcode you used to quickly","speaker":null,"is_sponsor":0},{"start_s":201.44,"end_s":205.52,"text":"get onto your iPhone could be all that stands between would-be thieves and your treasure","speaker":null,"is_sponsor":0},{"start_s":205.52,"end_s":211.2,"text":"trove of passwords. This is why the victim of our earlier story was so brutally compromised.","speaker":null,"is_sponsor":0},{"start_s":211.2,"end_s":216.28,"text":"The thieves cracked his iPhone passcode and thus had access to his entire library of passwords,","speaker":null,"is_sponsor":0},{"start_s":216.28,"end_s":223.6,"text":"including the one for his Apple ID. So if you're using your iPhone or iPad with a 6-digit numeric passcode, you should probably","speaker":null,"is_sponsor":0},{"start_s":223.6,"end_s":229.44,"text":"consider an alphanumeric password like you use on your computer, which for face ID users","speaker":null,"is_sponsor":0},{"start_s":229.44,"end_s":235.04,"text":"in the middle of a messed up COVID pandemic is a massive inconvenience.","speaker":null,"is_sponsor":0},{"start_s":235.04,"end_s":238.64,"text":"iCloud Keychain is also not as flexible as the big password managers.","speaker":null,"is_sponsor":0},{"start_s":238.64,"end_s":242.0,"text":"On your Mac, it only auto-completes on Safari, and though I'm pleased to report it's now","speaker":null,"is_sponsor":0},{"start_s":242.0,"end_s":249.6,"text":"available on Windows PCs, like this laptop, it only works on Chrome and there are hoops.","speaker":null,"is_sponsor":0},{"start_s":249.6,"end_s":253.8,"text":"First, you need to install Apple's iCloud software before you can even get the Chrome","speaker":null,"is_sponsor":0},{"start_s":253.8,"end_s":258.68,"text":"extension, and then every time you freshly open Chrome, you have to input a two-factor","speaker":null,"is_sponsor":0},{"start_s":258.68,"end_s":261.68,"text":"code that you get from the same device.","speaker":null,"is_sponsor":0},{"start_s":261.68,"end_s":269.12,"text":"And before you get too excited, it doesn't work on Chrome for Mac.","speaker":null,"is_sponsor":0},{"start_s":269.12,"end_s":276.04,"text":"So should you keep using iCloud Keychain? A lot of times I hear people say that having all your passwords stored in the cloud is","speaker":null,"is_sponsor":0},{"start_s":276.04,"end_s":281.64,"text":"a big risk. And I understand, your passwords are somewhere you don't control, and you have to just trust","speaker":null,"is_sponsor":0},{"start_s":281.64,"end_s":286.28,"text":"that they're not going to be compromised, like they have been everywhere else.","speaker":null,"is_sponsor":0},{"start_s":286.28,"end_s":293.64,"text":"But that's the reason why you should get a password manager. You can have a hundred different passwords for all of your accounts, and password managers","speaker":null,"is_sponsor":0},{"start_s":293.64,"end_s":298.08,"text":"like iCloud Keychain will store and transfer those passwords behind encryption, which is","speaker":null,"is_sponsor":0},{"start_s":298.08,"end_s":305.2,"text":"only unlocked with your master password. I've personally struggled with whether or not to use iCloud Keychain since it came","speaker":null,"is_sponsor":0},{"start_s":305.2,"end_s":309.76,"text":"out in 2013. But there are two factors that have me rethinking things.","speaker":null,"is_sponsor":0},{"start_s":309.76,"end_s":315.04,"text":"First, Apple opening up to Windows users, like I mentioned earlier, does make it significantly","speaker":null,"is_sponsor":0},{"start_s":315.04,"end_s":318.6,"text":"more viable should your digital life fit within those limitations.","speaker":null,"is_sponsor":0},{"start_s":318.6,"end_s":323.2,"text":"Then, starting March 16th, the last pass free tier, which has been arguably the best option","speaker":null,"is_sponsor":0},{"start_s":323.2,"end_s":329.68,"text":"for a while now, will be restricted to either all PC access, or all mobile access.","speaker":null,"is_sponsor":0},{"start_s":329.68,"end_s":335.04,"text":"But not between the two. As a free option, iCloud Keychain is now the best of the bunch.","speaker":null,"is_sponsor":0},{"start_s":335.04,"end_s":339.44,"text":"But if you care about maximum security, flexibility, and features, paying for a password manager","speaker":null,"is_sponsor":0},{"start_s":339.44,"end_s":344.96,"text":"might be the better option. Whatever the case, I think it's important to practice good password hygiene by ensuring","speaker":null,"is_sponsor":0},{"start_s":344.96,"end_s":351.2,"text":"you don't reuse passwords. And if you do choose to use a password manager, make sure that its passphrase is long, strong,","speaker":null,"is_sponsor":0},{"start_s":351.2,"end_s":357.6,"text":"and memorable. Since I better practice what I preach, I should probably get on updating some of my older","speaker":null,"is_sponsor":0},{"start_s":357.6,"end_s":360.72,"text":"passwords. Thank you for attending this Mac Address.","speaker":null,"is_sponsor":0},{"start_s":360.72,"end_s":364.52,"text":"Passwords are certainly a big pain. Comment below with the worst password you use.","speaker":null,"is_sponsor":0},{"start_s":364.52,"end_s":368.48,"text":"I just, please don't do that. You can comment about other things, however.","speaker":null,"is_sponsor":0},{"start_s":368.48,"end_s":372.96,"text":"And if you learned something, go ahead and give me a like and subscribe. Oh, thank you.","speaker":null,"is_sponsor":0}],"full_text":"In the summer of 2020, I read about a Brazilian man whose iPhone was stolen right out of his hand. Despite his best efforts to lock it up, he still lost over $30,000 because once the thieves easily bypassed his six-digit passcode, they had automatic access to all of his banking, user accounts, and iTunes purchasing. Because of the way iCloud Keychain, the default password manager used by every single iPhone and Mac since 2013, is designed. So let's explore how iCloud Keychain works and how you can keep your digital life safe. According to a recent study by NordPass, the average internet user has over 100 user accounts and passwords to manage. That's insane, so what most of us do is use the same or nearly the same password for everything. This is not good because it leaves you vulnerable to getting stuffed. Credential stuffing is when a hacker buys a database of logins from a compromised site, like say when Yahoo got hacked in 2016 with a 3 billion user breach. And then they try those logins on hundreds of other sites, like your bank or iTunes. The best solution to avoid this is to have a different unique password for each one of your accounts. But how on earth are we to remember over 100 strings of passwords? Each with their own numbers and special characters. Enter iCloud Keychain. It's Apple's solution to this very pernicious problem. If you use any of the company's devices, you're probably already using it. You've probably seen the pop-up on your phone or iPad or Safari browser, asking if you want to save your password. If you tap yes, it's saved to your Keychain. But still, if you're creating a new account, the feature can help you create really secure passwords and you can save credit card and address info for online shopping. And all of these credentials are synced between your devices through the cloud, which you may have switched on during your iPhone setup. Simply put, iCloud Keychain is Apple's implementation of what's known more broadly as a password manager. There are many options in the world of password managers. The aforementioned NordPass is one, as are OnePassword, Dashlane, and LastPass. The services are quite a bit more fully featured than iCloud Keychain, but they also cost money, ranging between $1.50 to $4 a month for individual plans. They work on all the platforms and with all the browsers. And individual credentials can even be shared with others. All that info is encrypted behind a MasterPass phrase, which is a password you make incredibly long, strong, and ideally nonsensical, like Unicorn Milk Poison Control or Tusken Winter Battle Skies exclamation mark. What's convenient is that you can always have the right password when you need it, no matter where you are, and it's all behind that MasterPassword. But critically, that's not how iCloud Keychain works. Your Keychain MasterPassword is the same as your device's password, so the weak password you've been using for years on your MacBook or the convenient passcode you used to quickly get onto your iPhone could be all that stands between would-be thieves and your treasure trove of passwords. This is why the victim of our earlier story was so brutally compromised. The thieves cracked his iPhone passcode and thus had access to his entire library of passwords, including the one for his Apple ID. So if you're using your iPhone or iPad with a 6-digit numeric passcode, you should probably consider an alphanumeric password like you use on your computer, which for face ID users in the middle of a messed up COVID pandemic is a massive inconvenience. iCloud Keychain is also not as flexible as the big password managers. On your Mac, it only auto-completes on Safari, and though I'm pleased to report it's now available on Windows PCs, like this laptop, it only works on Chrome and there are hoops. First, you need to install Apple's iCloud software before you can even get the Chrome extension, and then every time you freshly open Chrome, you have to input a two-factor code that you get from the same device. And before you get too excited, it doesn't work on Chrome for Mac. So should you keep using iCloud Keychain? A lot of times I hear people say that having all your passwords stored in the cloud is a big risk. And I understand, your passwords are somewhere you don't control, and you have to just trust that they're not going to be compromised, like they have been everywhere else. But that's the reason why you should get a password manager. You can have a hundred different passwords for all of your accounts, and password managers like iCloud Keychain will store and transfer those passwords behind encryption, which is only unlocked with your master password. I've personally struggled with whether or not to use iCloud Keychain since it came out in 2013. But there are two factors that have me rethinking things. First, Apple opening up to Windows users, like I mentioned earlier, does make it significantly more viable should your digital life fit within those limitations. Then, starting March 16th, the last pass free tier, which has been arguably the best option for a while now, will be restricted to either all PC access, or all mobile access. But not between the two. As a free option, iCloud Keychain is now the best of the bunch. But if you care about maximum security, flexibility, and features, paying for a password manager might be the better option. Whatever the case, I think it's important to practice good password hygiene by ensuring you don't reuse passwords. And if you do choose to use a password manager, make sure that its passphrase is long, strong, and memorable. Since I better practice what I preach, I should probably get on updating some of my older passwords. Thank you for attending this Mac Address. Passwords are certainly a big pain. Comment below with the worst password you use. I just, please don't do that. You can comment about other things, however. And if you learned something, go ahead and give me a like and subscribe. Oh, thank you."}