When you’re unboxing a new iPhone, it’s time to think about how you’ll move your digital life from your old iPhone to the new one. If your old iPhone is running iOS 11, you can use Quick Start, a new iOS 11 feature that makes the transfer easy. Just turn on the new iPhone, set it next to the old one, and tap Continue when asked whether you want to use your Apple ID to set up your new iPhone. An animation appears on the new iPhone for you to scan with the old iPhone—once you’ve done that, follow the rest of the instructions to enable Touch ID or Face ID and then restore your data and settings from your most recent iCloud backup (you can update the backup first if necessary). Leave the two iPhones next to each other while data is being transferred, and if possible, keep the new one plugged in and on Wi-Fi after setup so it can download your apps, photos, and music from Apple’s cloud-based services.
Passwords are the bane of our modern existence. Nearly anything you want to do calls for a password. As the Internet’s reach extends beyond computers and into phones, TVs, appliances, and even toys, we have to enter passwords with increasing frequency and in ever more annoying ways. Remembering and recalling all those different passwords can be frustrating in the best of circumstances and impossible in the worst.
To make dealing with passwords easier and more secure, everyone should use a password manager like 1Password or LastPass. Such apps generate random long passwords like kD*SSDcCl7^6FN*F, store those passwords securely, and automatically enter them for you when you need to log in to a Web site. They are essential in today’s world.
You’ll still need a few passwords you can remember and type manually—for instance, the master password for your password manager and your Apple ID password. Make sure those passwords are at least 12 characters, and we recommend going to at least 16 characters.
If you’re unsure of the best way to create a strong password, try taking the first letter of each word in a sentence you can remember, and also change a few words to digits. Then “Now is the time for all good men to come to the aid of the party!” becomes a password along the lines of
Nitt4agm2c2ta0tp!. So that no eavesdroppers learn your password, avoid saying your sentence out loud whenever you enter it! Or, combine four or five unrelated dictionary words, like
correct-horse-battery-staple, that add up to at least 28 characters. (Don’t use the examples in this paragraph!)
When possible, take advantage of two-factor authentication on sites like Apple, Google, Dropbox, Facebook, Twitter, and more. Accounts protected by two-factor authentication essentially require that you enter a second, time-expiring password as part of the login process. You’ll get that second password via text message, authenticator app, or other notification method when you log in.
But what we really want to talk about today is what you should not do with passwords. Follow these tips to avoid making mistakes that can undermine even the security provided by a password manager.
- Don’t use the same password twice. This is key, because if the bad guys get your password—no matter how strong—for one site, they’ll try it on other sites.
- Don’t share passwords with anyone you don’t trust completely. That’s especially true of passwords to accounts that contain sensitive information or that can be used to impersonate you, like email and social media. However, sometimes you have to share a password, such as to a club blog with multiple authors. In that case…
- Don’t send passwords to shared sites via email or text message. If someone hacks into your recipient’s email or steals their phone, the password could be compromised. Instead, use a site like One-Time Secret to share a link that shows the password only once, after which the recipient should put the password into their password manager.
- Don’t write your passwords on sticky notes. Yeah, it’s a cliché, but people still do it. Similarly, don’t put all your passwords in a text file on your computer. That’s what password managers are for—if someone steals your computer, they can’t break into your password manager, whereas they could open that text file easily.
- Don’t change passwords regularly if you don’t have to. As long as every site has a strong, unique password, changing a password is a waste of time, especially if doing so makes you write down the password or communicate it insecurely. If you do have to update a password regularly, a password manager makes the task much easier.
We realize that it’s tempting to take the easy road and share a password with a friend via email or write a particularly gnarly one on a sticky note. But today’s easy road leads directly to identity theft and is paved with insecure password habits. You might think no one would pay attention to little old you, but times have changed, and organized crime is interested in any Internet account that can be cracked.
Social Media: Want to avoid online identity theft? Use a password manager, strong passwords, and two-factor authentication. But there are also some insecure password habits that can undermine your security—read on to learn what NOT to do.
Apple’s Calendar apps in both macOS and iOS let you manage multiple calendars, some of which may be private and others may be shared with family or colleagues. That’s great, but if you create a new event on the wrong calendar, you may end up oversharing with colleagues (who don’t need to know about your colonoscopy) or undersharing with your spouse (who does need to know about the soccer carpool). To reduce the chances of this happening, set the most appropriate calendar as your default. In macOS, you do this in the Calendar app, in Calendar > Preferences > General > Default Calendar. In iOS, set it in Settings > Calendar > Default Calendar.
All iPhones pick up fingerprints, and it’s all too easy to get your iPhone dirty with ink, lotion, makeup, dirt, food, and oil. If you’re faced with an iPhone that needs cleaning, resist the urge to spray it with window cleaner, rubbing alcohol, or ammonia, or, even worse, to scrub it with baking soda or Borax. That’s because all iPhones have oleophobic—oil repellent—coatings on their glass surfaces that make it easy to wipe off fingerprints. You don’t want to remove that coating any faster than it will wear off normally, and cleaning products will strip it quickly. Instead, Apple recommends a soft, lint-free cloth such as you would use for glasses or camera lenses. By the way, even though the iPhone 7 and later have some level of dust and water resistance, it’s important to avoid getting moisture in the openings—most of the time, a lens cloth should be all you need.
One of the most important things you can do to stay safe on the Internet is to be careful while reading email. That’s because online criminals know that we’re all busy, and we often don’t pay enough attention to what we’re reading or where we’re clicking.
To take advantage of our inattention, these Internet information thieves forge email messages to look like they come from the likes of Apple, Facebook, and Amazon, along with well-known banks, payment services, retailers, and even government agencies. We’ve received calls from several clients over the past few months who have received very realistic looking phishing emails. Even more dangerous are messages that appear to come from a trusted individual and include personal details—these messages are often targeted at executives and company managers. Generally speaking, these attacks are called phishing—you can see examples here.
The goal? Get you to click a link in the message and visit a malicious Web site. That site usually continues to masquerade as being run by a company or organization you trust. Its aim is to sucker you into revealing confidential information by asking you to log in, pay for a product or service, or fill out a survey. The site—or an attachment in the email message—might also try to install malware. Although macOS is quite secure, if you approve security prompts, it can still be infected.
Although phishing is a huge problem that costs businesses hundreds of millions of dollars every year, you can easily identify phishing messages by looking for telltale signs:
- Be suspicious of email messages, particularly from people you don’t know or from well-known companies, that ask you to click a link and do something with an online account.
- Look closely at email addresses and URLs (hover the pointer over a link to see the underlying URL). Phishing messages don’t use official domains, so instead of paypal.com, the addresses and links might use paypa1.com—close enough to pass a quick glance, but clearly a fake.
- Watch out for highly emotional or urgent requests. They’re designed to make you act without thinking. Take any such messages with a grain of salt.
- Channel your inner English teacher and look for poor grammar or odd phrasing, which are red flags for phishing messages. Email from real companies may not be perfect, but it won’t have multiple egregious errors.
So what do you do if you get a message that may be phishing for sensitive information? Most of the time you can just ignore it. If you’re worried that it might be legit, instead of clicking any links in the message, navigate to the site in question manually by typing the organization’s URL into your browser—use a URL that you know to be correct, not the one in the email message. Whatever you do, do not open attachments that you aren’t expecting and never send confidential information via email.
If you think you’ve fallen prey to a phishing attack and given away a password, you’ll want to change passwords on any affected accounts. If you’ve opened any attachments or approved any installs, run anti-malware software to determine whether your Mac has been infected. Contact us if you need help. And remember, regular backups protect you from a multitude of sins.
Twitter: Can you tell if you’ve been targeted by a phishing attack? Read on to learn how to identify malicious messages!
Facebook: Phishing attacks—email containing links that try to get you to reveal usernames, passwords, or credit card details—are all too common these days. Follow our advice to learn how to identify malicious messages.
If we’re unavailable, please leave a message and we will return your call by the end of the next business day.
Established clients can email for tech support help or for scheduling an appointment. An email to this address automatically enters your issue into our Help Desk system so that we can respond as fast as possible.
Chock full of Apple hints, tips, news, and so forth, our newsletter is designed for home users who want our recommendations and commentary. No spam. Email address not shared with anyone else. You won’t regret it. (If you do, Unsubscribe at any time.)