dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
8

TamaraB
Question The Current Paradigm
Premium Member
join:2000-11-08
Da Bronx
·Verizon FiOS
Ubiquiti NSM5
Synology RT2600ac
Apple AirPort Extreme (2013)

TamaraB to Shady Bimmer

Premium Member

to Shady Bimmer

Re: [OS X] Keychain disappointment

said by Shady Bimmer:

WiFi at home should be using WPA2

Yes, I use WPA2 Personal on WiFi. With Mac address /restrictions/filtering.
said by Shady Bimmer:

I assume that you also have a strong passcode on your iPad, iPhone, and other mobile devices too?

Yes, long pass phrases. The only way I could do that was to use OSX Server's Profile manager. But yes long secure pass phrases on both iPad and iPhone.
said by Shady Bimmer:

You MacBook should be using FileVault2 or other full disk encryption (iPads and iPhones already encrypt their storage by default). In fact every one of my devices (desktops, servers, laptops, mobile) all have their storage encrypted.

No. After reading up on encrypted Mac filesystems, I was a bit apprehensive about going that route. I understand recovery becomes an issue with encrypted filesystems, as does disk access times. All my Macs are tricked-out with SSDs for speed, and I didn't want to take a speed hit.

Thinkdiff
MVM,
join:2001-08-07
Bronx, NY

Thinkdiff

MVM,

This thread is really off the rails at this point, but..

MAC address filtering is useless. It causes more headaches for you than anybody trying to get into your wireless network. WPA2 is enough. I'm not even saying there's a trade-off with disabling it. It really, really is useless.

Long passwords can be set on iOS by going to the passcode lock settings. When the keyboard pops up to enter a passcode, press the button on the bottom left to switch between number/alpha. Then just type in any passphrase you want.

FileVault 2 is incredibly fast. If you have a recent Mac (i5 or better from the Westmere line or later, e.g. after 2010), it supports hardware AES encryption. If you have an older Mac, the speed penalty is small. In day-to-day operation, I've noticed zero difference with FileVault 2 turned on. And recovery shouldn't be a concern for you as you use Time Machine.
Shady Bimmer
Premium Member
join:2001-12-03

Shady Bimmer to TamaraB

Premium Member

to TamaraB
said by TamaraB:

Yes, I use WPA2 Personal on WiFi. With Mac address /restrictions/filtering.

I use MAC address filtering too, but realize that it really does not offer anything in the way of security (it is trivial to spoof a hardware address, and it is trivial to identify an authorized hardware address)
said by TamaraB:

No. After reading up on encrypted Mac filesystems, I was a bit apprehensive about going that route. I understand recovery becomes an issue with encrypted filesystems, as does disk access times. All my Macs are tricked-out with SSDs for speed, and I didn't want to take a speed hit.

I'm not sure where recovery becomes an issue, though it depends entirely upon your backup solution. You noted you use Time Machine (as do I), which backs up the unencrypted data. You have the option to additionally encrypt your backups, but the data that is backed up is itself the unencrypted contents.

With respect to performance, you may want to do some testing. Not necessarily running benchmarks, but actually trying it out to see if it makes a noticeable difference. Modern intel processors include acceleration for the types of encryption used most commonly which helps tremendously. I personally don't notice any difference on my mid-2010 MBP.

Getting back to the original topic, Apple's direction with integration of keychains with iCloud is a good thing, even if only to encourage more users to embrace password managers. This is beyond basic browser password caching and is more secure.

Users of 1Password will likely not find any benefit with the Apple solution, especially with the recently released update. However for those that do not use any password manager this is a big step forward.

TamaraB
Question The Current Paradigm
Premium Member
join:2000-11-08
Da Bronx
·Verizon FiOS
Ubiquiti NSM5
Synology RT2600ac
Apple AirPort Extreme (2013)

TamaraB to Thinkdiff

Premium Member

to Thinkdiff
said by Thinkdiff:

FileVault 2 is incredibly fast. If you have a recent Mac (i5 or better from the Westmere line or later, e.g. after 2010)

All my Macs are Late 2012 i7s with the faster CPU. FileVault can be turned on at any time right?
Shady Bimmer
Premium Member
join:2001-12-03

Shady Bimmer

Premium Member

Yes it can be enabled or disabled at any time.

As a best practice always ensure you have a good backup (or two). It will take some time to encrypt the drive, but with an SSD this will be much faster than spinning rust.