dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4
share rss forum feed

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS
reply to TamaraB

Re: [OS X] Keychain disappointment

said by TamaraB:

But that's just me, I am just a little bit paranoid and very concerned about privacy, who else uses WiFi over VPN at home for their iPads, MacBooks, and iPhones and restricts everything else to ethernet?

There's nothing wrong with being a little paranoid.

WiFi at home should be using WPA2 by now which already ensures the connection is encrypted and is secure. With modern hardware there is really no downside to layering a VPN on top, however.

I assume that you also have a strong passcode on your iPad, iPhone, and other mobile devices too? You MacBook should be using FileVault2 or other full disk encryption (iPads and iPhones already encrypt their storage by default). In fact every one of my devices (desktops, servers, laptops, mobile) all have their storage encrypted.

While I may or may not trust DropBox, I do not consider it secure. However 1Password keychains and encrypted containers such as encfs/boxcryptor, truecrypt, etc provide known security on top.


TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
kudos:1
Reviews:
·Optimum Online
·Clearwire Wireless
said by Shady Bimmer:

WiFi at home should be using WPA2

Yes, I use WPA2 Personal on WiFi. With Mac address /restrictions/filtering.

said by Shady Bimmer:

I assume that you also have a strong passcode on your iPad, iPhone, and other mobile devices too?

Yes, long pass phrases. The only way I could do that was to use OSX Server's Profile manager. But yes long secure pass phrases on both iPad and iPhone.

said by Shady Bimmer:

You MacBook should be using FileVault2 or other full disk encryption (iPads and iPhones already encrypt their storage by default). In fact every one of my devices (desktops, servers, laptops, mobile) all have their storage encrypted.

No. After reading up on encrypted Mac filesystems, I was a bit apprehensive about going that route. I understand recovery becomes an issue with encrypted filesystems, as does disk access times. All my Macs are tricked-out with SSDs for speed, and I didn't want to take a speed hit.

--
"Remember, remember the fifth of November.
Gunpowder, Treason and Plot.
I see no reason why Gunpowder Treason
Should ever be forgot."

"People should not be afraid of their governments. Governments should be afraid of their people"



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
This thread is really off the rails at this point, but..

MAC address filtering is useless. It causes more headaches for you than anybody trying to get into your wireless network. WPA2 is enough. I'm not even saying there's a trade-off with disabling it. It really, really is useless.

Long passwords can be set on iOS by going to the passcode lock settings. When the keyboard pops up to enter a passcode, press the button on the bottom left to switch between number/alpha. Then just type in any passphrase you want.

FileVault 2 is incredibly fast. If you have a recent Mac (i5 or better from the Westmere line or later, e.g. after 2010), it supports hardware AES encryption. If you have an older Mac, the speed penalty is small. In day-to-day operation, I've noticed zero difference with FileVault 2 turned on. And recovery shouldn't be a concern for you as you use Time Machine.
--
University of Southern California - Fight On!

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS
reply to TamaraB
said by TamaraB:

Yes, I use WPA2 Personal on WiFi. With Mac address /restrictions/filtering.

I use MAC address filtering too, but realize that it really does not offer anything in the way of security (it is trivial to spoof a hardware address, and it is trivial to identify an authorized hardware address)
said by TamaraB:

No. After reading up on encrypted Mac filesystems, I was a bit apprehensive about going that route. I understand recovery becomes an issue with encrypted filesystems, as does disk access times. All my Macs are tricked-out with SSDs for speed, and I didn't want to take a speed hit.

I'm not sure where recovery becomes an issue, though it depends entirely upon your backup solution. You noted you use Time Machine (as do I), which backs up the unencrypted data. You have the option to additionally encrypt your backups, but the data that is backed up is itself the unencrypted contents.

With respect to performance, you may want to do some testing. Not necessarily running benchmarks, but actually trying it out to see if it makes a noticeable difference. Modern intel processors include acceleration for the types of encryption used most commonly which helps tremendously. I personally don't notice any difference on my mid-2010 MBP.

Getting back to the original topic, Apple's direction with integration of keychains with iCloud is a good thing, even if only to encourage more users to embrace password managers. This is beyond basic browser password caching and is more secure.

Users of 1Password will likely not find any benefit with the Apple solution, especially with the recently released update. However for those that do not use any password manager this is a big step forward.


TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
kudos:1
Reviews:
·Optimum Online
·Clearwire Wireless
reply to Thinkdiff
said by Thinkdiff:

FileVault 2 is incredibly fast. If you have a recent Mac (i5 or better from the Westmere line or later, e.g. after 2010)

All my Macs are Late 2012 i7s with the faster CPU. FileVault can be turned on at any time right?

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Yes it can be enabled or disabled at any time.

As a best practice always ensure you have a good backup (or two). It will take some time to encrypt the drive, but with an SSD this will be much faster than spinning rust.