1
00:00:00,000 --> 00:00:12,900
In the summer of 2020, I read about a Brazilian man whose iPhone was stolen right out of his

2
00:00:12,900 --> 00:00:20,380
hand. Despite his best efforts to lock it up, he still lost over $30,000 because once the thieves

3
00:00:20,380 --> 00:00:25,460
easily bypassed his six-digit passcode, they had automatic access to all of his banking,

4
00:00:25,460 --> 00:00:31,940
user accounts, and iTunes purchasing. Because of the way iCloud Keychain, the default password manager used by every single iPhone

5
00:00:31,940 --> 00:00:34,980
and Mac since 2013, is designed.

6
00:00:34,980 --> 00:00:42,660
So let's explore how iCloud Keychain works and how you can keep your digital life safe.

7
00:00:42,660 --> 00:00:47,940
According to a recent study by NordPass, the average internet user has over 100 user accounts

8
00:00:47,940 --> 00:00:57,320
and passwords to manage. That's insane, so what most of us do is use the same or nearly the same password for everything.

9
00:00:57,320 --> 00:01:01,160
This is not good because it leaves you vulnerable to getting stuffed.

10
00:01:01,160 --> 00:01:05,520
Credential stuffing is when a hacker buys a database of logins from a compromised site,

11
00:01:05,520 --> 00:01:11,440
like say when Yahoo got hacked in 2016 with a 3 billion user breach.

12
00:01:11,440 --> 00:01:15,920
And then they try those logins on hundreds of other sites, like your bank or iTunes.

13
00:01:15,920 --> 00:01:19,600
The best solution to avoid this is to have a different unique password for each one of

14
00:01:19,600 --> 00:01:27,120
your accounts. But how on earth are we to remember over 100 strings of passwords?

15
00:01:27,120 --> 00:01:31,040
Each with their own numbers and special characters.

16
00:01:31,040 --> 00:01:36,280
Enter iCloud Keychain. It's Apple's solution to this very pernicious problem.

17
00:01:36,280 --> 00:01:40,400
If you use any of the company's devices, you're probably already using it.

18
00:01:40,400 --> 00:01:46,560
You've probably seen the pop-up on your phone or iPad or Safari browser, asking if you want

19
00:01:46,560 --> 00:01:50,240
to save your password. If you tap yes, it's saved to your Keychain.

20
00:01:50,240 --> 00:01:54,040
But still, if you're creating a new account, the feature can help you create really secure

21
00:01:54,040 --> 00:01:58,440
passwords and you can save credit card and address info for online shopping.

22
00:01:58,440 --> 00:02:03,240
And all of these credentials are synced between your devices through the cloud, which you

23
00:02:03,240 --> 00:02:11,040
may have switched on during your iPhone setup. Simply put, iCloud Keychain is Apple's implementation of what's known more broadly as a password

24
00:02:11,040 --> 00:02:16,000
manager. There are many options in the world of password managers.

25
00:02:16,000 --> 00:02:23,080
The aforementioned NordPass is one, as are OnePassword, Dashlane, and LastPass.

26
00:02:23,080 --> 00:02:27,960
The services are quite a bit more fully featured than iCloud Keychain, but they also cost money,

27
00:02:27,960 --> 00:02:32,520
ranging between $1.50 to $4 a month for individual plans.

28
00:02:32,520 --> 00:02:36,600
They work on all the platforms and with all the browsers.

29
00:02:36,600 --> 00:02:39,840
And individual credentials can even be shared with others.

30
00:02:39,840 --> 00:02:45,120
All that info is encrypted behind a MasterPass phrase, which is a password you make incredibly

31
00:02:45,120 --> 00:02:54,080
long, strong, and ideally nonsensical, like Unicorn Milk Poison Control or Tusken Winter

32
00:02:54,080 --> 00:02:57,120
Battle Skies exclamation mark.

33
00:02:57,120 --> 00:03:00,640
What's convenient is that you can always have the right password when you need it, no

34
00:03:00,640 --> 00:03:06,960
matter where you are, and it's all behind that MasterPassword.

35
00:03:06,960 --> 00:03:12,400
But critically, that's not how iCloud Keychain works.

36
00:03:12,400 --> 00:03:17,040
Your Keychain MasterPassword is the same as your device's password, so the weak password

37
00:03:17,040 --> 00:03:21,440
you've been using for years on your MacBook or the convenient passcode you used to quickly

38
00:03:21,440 --> 00:03:25,520
get onto your iPhone could be all that stands between would-be thieves and your treasure

39
00:03:25,520 --> 00:03:31,200
trove of passwords. This is why the victim of our earlier story was so brutally compromised.

40
00:03:31,200 --> 00:03:36,280
The thieves cracked his iPhone passcode and thus had access to his entire library of passwords,

41
00:03:36,280 --> 00:03:43,600
including the one for his Apple ID. So if you're using your iPhone or iPad with a 6-digit numeric passcode, you should probably

42
00:03:43,600 --> 00:03:49,440
consider an alphanumeric password like you use on your computer, which for face ID users

43
00:03:49,440 --> 00:03:55,040
in the middle of a messed up COVID pandemic is a massive inconvenience.

44
00:03:55,040 --> 00:03:58,640
iCloud Keychain is also not as flexible as the big password managers.

45
00:03:58,640 --> 00:04:02,000
On your Mac, it only auto-completes on Safari, and though I'm pleased to report it's now

46
00:04:02,000 --> 00:04:09,600
available on Windows PCs, like this laptop, it only works on Chrome and there are hoops.

47
00:04:09,600 --> 00:04:13,800
First, you need to install Apple's iCloud software before you can even get the Chrome

48
00:04:13,800 --> 00:04:18,680
extension, and then every time you freshly open Chrome, you have to input a two-factor

49
00:04:18,680 --> 00:04:21,680
code that you get from the same device.

50
00:04:21,680 --> 00:04:29,120
And before you get too excited, it doesn't work on Chrome for Mac.

51
00:04:29,120 --> 00:04:36,040
So should you keep using iCloud Keychain? A lot of times I hear people say that having all your passwords stored in the cloud is

52
00:04:36,040 --> 00:04:41,640
a big risk. And I understand, your passwords are somewhere you don't control, and you have to just trust

53
00:04:41,640 --> 00:04:46,280
that they're not going to be compromised, like they have been everywhere else.

54
00:04:46,280 --> 00:04:53,640
But that's the reason why you should get a password manager. You can have a hundred different passwords for all of your accounts, and password managers

55
00:04:53,640 --> 00:04:58,080
like iCloud Keychain will store and transfer those passwords behind encryption, which is

56
00:04:58,080 --> 00:05:05,200
only unlocked with your master password. I've personally struggled with whether or not to use iCloud Keychain since it came

57
00:05:05,200 --> 00:05:09,760
out in 2013. But there are two factors that have me rethinking things.

58
00:05:09,760 --> 00:05:15,040
First, Apple opening up to Windows users, like I mentioned earlier, does make it significantly

59
00:05:15,040 --> 00:05:18,600
more viable should your digital life fit within those limitations.

60
00:05:18,600 --> 00:05:23,200
Then, starting March 16th, the last pass free tier, which has been arguably the best option

61
00:05:23,200 --> 00:05:29,680
for a while now, will be restricted to either all PC access, or all mobile access.

62
00:05:29,680 --> 00:05:35,040
But not between the two. As a free option, iCloud Keychain is now the best of the bunch.

63
00:05:35,040 --> 00:05:39,440
But if you care about maximum security, flexibility, and features, paying for a password manager

64
00:05:39,440 --> 00:05:44,960
might be the better option. Whatever the case, I think it's important to practice good password hygiene by ensuring

65
00:05:44,960 --> 00:05:51,200
you don't reuse passwords. And if you do choose to use a password manager, make sure that its passphrase is long, strong,

66
00:05:51,200 --> 00:05:57,600
and memorable. Since I better practice what I preach, I should probably get on updating some of my older

67
00:05:57,600 --> 00:06:00,720
passwords. Thank you for attending this Mac Address.

68
00:06:00,720 --> 00:06:04,520
Passwords are certainly a big pain. Comment below with the worst password you use.

69
00:06:04,520 --> 00:06:08,480
I just, please don't do that. You can comment about other things, however.

70
00:06:08,480 --> 00:06:12,960
And if you learned something, go ahead and give me a like and subscribe. Oh, thank you.