WEBVTT 00:00:00.000 --> 00:00:12.900 In the summer of 2020, I read about a Brazilian man whose iPhone was stolen right out of his 00:00:12.900 --> 00:00:20.380 hand. Despite his best efforts to lock it up, he still lost over $30,000 because once the thieves 00:00:20.380 --> 00:00:25.460 easily bypassed his six-digit passcode, they had automatic access to all of his banking, 00:00:25.460 --> 00:00:31.940 user accounts, and iTunes purchasing. Because of the way iCloud Keychain, the default password manager used by every single iPhone 00:00:31.940 --> 00:00:34.980 and Mac since 2013, is designed. 00:00:34.980 --> 00:00:42.660 So let's explore how iCloud Keychain works and how you can keep your digital life safe. 00:00:42.660 --> 00:00:47.940 According to a recent study by NordPass, the average internet user has over 100 user accounts 00:00:47.940 --> 00:00:57.320 and passwords to manage. That's insane, so what most of us do is use the same or nearly the same password for everything. 00:00:57.320 --> 00:01:01.160 This is not good because it leaves you vulnerable to getting stuffed. 00:01:01.160 --> 00:01:05.520 Credential stuffing is when a hacker buys a database of logins from a compromised site, 00:01:05.520 --> 00:01:11.440 like say when Yahoo got hacked in 2016 with a 3 billion user breach. 00:01:11.440 --> 00:01:15.920 And then they try those logins on hundreds of other sites, like your bank or iTunes. 00:01:15.920 --> 00:01:19.600 The best solution to avoid this is to have a different unique password for each one of 00:01:19.600 --> 00:01:27.120 your accounts. But how on earth are we to remember over 100 strings of passwords? 00:01:27.120 --> 00:01:31.040 Each with their own numbers and special characters. 00:01:31.040 --> 00:01:36.280 Enter iCloud Keychain. It's Apple's solution to this very pernicious problem. 00:01:36.280 --> 00:01:40.400 If you use any of the company's devices, you're probably already using it. 00:01:40.400 --> 00:01:46.560 You've probably seen the pop-up on your phone or iPad or Safari browser, asking if you want 00:01:46.560 --> 00:01:50.240 to save your password. If you tap yes, it's saved to your Keychain. 00:01:50.240 --> 00:01:54.040 But still, if you're creating a new account, the feature can help you create really secure 00:01:54.040 --> 00:01:58.440 passwords and you can save credit card and address info for online shopping. 00:01:58.440 --> 00:02:03.240 And all of these credentials are synced between your devices through the cloud, which you 00:02:03.240 --> 00:02:11.040 may have switched on during your iPhone setup. Simply put, iCloud Keychain is Apple's implementation of what's known more broadly as a password 00:02:11.040 --> 00:02:16.000 manager. There are many options in the world of password managers. 00:02:16.000 --> 00:02:23.080 The aforementioned NordPass is one, as are OnePassword, Dashlane, and LastPass. 00:02:23.080 --> 00:02:27.960 The services are quite a bit more fully featured than iCloud Keychain, but they also cost money, 00:02:27.960 --> 00:02:32.520 ranging between $1.50 to $4 a month for individual plans. 00:02:32.520 --> 00:02:36.600 They work on all the platforms and with all the browsers. 00:02:36.600 --> 00:02:39.840 And individual credentials can even be shared with others. 00:02:39.840 --> 00:02:45.120 All that info is encrypted behind a MasterPass phrase, which is a password you make incredibly 00:02:45.120 --> 00:02:54.080 long, strong, and ideally nonsensical, like Unicorn Milk Poison Control or Tusken Winter 00:02:54.080 --> 00:02:57.120 Battle Skies exclamation mark. 00:02:57.120 --> 00:03:00.640 What's convenient is that you can always have the right password when you need it, no 00:03:00.640 --> 00:03:06.960 matter where you are, and it's all behind that MasterPassword. 00:03:06.960 --> 00:03:12.400 But critically, that's not how iCloud Keychain works. 00:03:12.400 --> 00:03:17.040 Your Keychain MasterPassword is the same as your device's password, so the weak password 00:03:17.040 --> 00:03:21.440 you've been using for years on your MacBook or the convenient passcode you used to quickly 00:03:21.440 --> 00:03:25.520 get onto your iPhone could be all that stands between would-be thieves and your treasure 00:03:25.520 --> 00:03:31.200 trove of passwords. This is why the victim of our earlier story was so brutally compromised. 00:03:31.200 --> 00:03:36.280 The thieves cracked his iPhone passcode and thus had access to his entire library of passwords, 00:03:36.280 --> 00:03:43.600 including the one for his Apple ID. So if you're using your iPhone or iPad with a 6-digit numeric passcode, you should probably 00:03:43.600 --> 00:03:49.440 consider an alphanumeric password like you use on your computer, which for face ID users 00:03:49.440 --> 00:03:55.040 in the middle of a messed up COVID pandemic is a massive inconvenience. 00:03:55.040 --> 00:03:58.640 iCloud Keychain is also not as flexible as the big password managers. 00:03:58.640 --> 00:04:02.000 On your Mac, it only auto-completes on Safari, and though I'm pleased to report it's now 00:04:02.000 --> 00:04:09.600 available on Windows PCs, like this laptop, it only works on Chrome and there are hoops. 00:04:09.600 --> 00:04:13.800 First, you need to install Apple's iCloud software before you can even get the Chrome 00:04:13.800 --> 00:04:18.680 extension, and then every time you freshly open Chrome, you have to input a two-factor 00:04:18.680 --> 00:04:21.680 code that you get from the same device. 00:04:21.680 --> 00:04:29.120 And before you get too excited, it doesn't work on Chrome for Mac. 00:04:29.120 --> 00:04:36.040 So should you keep using iCloud Keychain? A lot of times I hear people say that having all your passwords stored in the cloud is 00:04:36.040 --> 00:04:41.640 a big risk. And I understand, your passwords are somewhere you don't control, and you have to just trust 00:04:41.640 --> 00:04:46.280 that they're not going to be compromised, like they have been everywhere else. 00:04:46.280 --> 00:04:53.640 But that's the reason why you should get a password manager. You can have a hundred different passwords for all of your accounts, and password managers 00:04:53.640 --> 00:04:58.080 like iCloud Keychain will store and transfer those passwords behind encryption, which is 00:04:58.080 --> 00:05:05.200 only unlocked with your master password. I've personally struggled with whether or not to use iCloud Keychain since it came 00:05:05.200 --> 00:05:09.760 out in 2013. But there are two factors that have me rethinking things. 00:05:09.760 --> 00:05:15.040 First, Apple opening up to Windows users, like I mentioned earlier, does make it significantly 00:05:15.040 --> 00:05:18.600 more viable should your digital life fit within those limitations. 00:05:18.600 --> 00:05:23.200 Then, starting March 16th, the last pass free tier, which has been arguably the best option 00:05:23.200 --> 00:05:29.680 for a while now, will be restricted to either all PC access, or all mobile access. 00:05:29.680 --> 00:05:35.040 But not between the two. As a free option, iCloud Keychain is now the best of the bunch. 00:05:35.040 --> 00:05:39.440 But if you care about maximum security, flexibility, and features, paying for a password manager 00:05:39.440 --> 00:05:44.960 might be the better option. Whatever the case, I think it's important to practice good password hygiene by ensuring 00:05:44.960 --> 00:05:51.200 you don't reuse passwords. And if you do choose to use a password manager, make sure that its passphrase is long, strong, 00:05:51.200 --> 00:05:57.600 and memorable. Since I better practice what I preach, I should probably get on updating some of my older 00:05:57.600 --> 00:06:00.720 passwords. Thank you for attending this Mac Address. 00:06:00.720 --> 00:06:04.520 Passwords are certainly a big pain. Comment below with the worst password you use. 00:06:04.520 --> 00:06:08.480 I just, please don't do that. You can comment about other things, however. 00:06:08.480 --> 00:06:12.960 And if you learned something, go ahead and give me a like and subscribe. Oh, thank you.