Sierra and iOS 10 are here, and we have five books to bring you up to speed!

We can help you upgrade to Sierra; give you a crash course on Sierra, iOS 10, and Photos; and teach you about iCloud.
Check out with three or more books in your cart and save 30%!

Take Control of Your Passwords

Get Detailed Instructions on How to Best Use 1Password

Save 20% and learn both password theory and practice when you buy with Joe Kissell’s companion book Take Control of 1Password for only $24!

Mar 25, 2016
The Author

Joe Kissell has written more than 50 books about the Mac, including many popular Take Control ebooks. He runs Joe On Tech and is also a contributing editor of TidBITS and a senior contributor to Macworld.

Take Control of Your Passwords, Second Edition

Overcome password frustration with Joe Kissell’s expert advice!

Passwords have become a truly maddening aspect of modern life, but with this book, you can discover how the experts handle all manner of password situations, including multi-factor authentication that can protect you even if a company’s password file is stolen and hacked.

As you can see in our Joe of Tech comic, the book explains what makes a password secure and helps you create a strategy that includes using a password manager, working with oddball security questions like “what is your pet’s favorite movie?”, and making sure your passwords are always available when needed.

Joe helps you choose a password manager (or switch to a better one) in a chapter that discusses desirable features and describes a dozen different apps, with a focus on those that work in OS X, iOS, Windows, and Android. The book also looks at how you can audit your passwords to keep them in tip-top shape, use two-step verification and two-factor authentication, and deal with situations where a password manager can’t help.

The book closes with an appendix on helping a relative set up a reasonable password strategy for those whose relatives have distressing password strategies, and an extended explanation of password entropy for those who want to consider the math behind passwords.

Teach This Book! Once you’re satisfied with your password strategy, you may want to help others improve theirs with one-on-one training or a group presentation. To help you, this book includes links to a downloadable one-page PDF handout and to a PDF-based slide deck about passwords.

More Info

“Awesome. You did an amazing job breaking it down. This should be mandatory reading.” –Rich Mogull, CEO at Securosis

This book helps you overcome frustrations that arise when attempting to design a strategy for dealing with the following password problems:

  • 9-character passwords with upper- and lowercase letters, digits, and punctuation are not strong enough.

  • You cannot turn a so-so password into a great one by tacking a punctuation character and number on the end.

  • It is not safe to use the same password everywhere, even if it’s a great password.

  • A password is not immune to automated cracking because there’s a delay between login attempts.

  • Even if you’re an ordinary person without valuable data, your account may still be hacked, causing you problems.

  • You cannot manually devise “random” passwords that will defeat potential attackers.

  • Just because a password doesn’t appear in a dictionary, that does not necessarily mean that it’s adequate.

  • It is not a smart idea to change your passwords every month.

  • Truthfully answering security questions like “What is your mother’s maiden name?” does not keep your data more secure.

  • Adding a character to a 10-character password does not make it 10 percent stronger.

  • Easy-to-remember passwords like “correct horse battery staple” will not solve all your password problems.

  • All password managers are not pretty much the same.

  • Your passwords will not be safest if you never write them down and keep them only in your head.

“Joe handles a confusing and scary subject more clearly and calmly than I would have thought possible. I’ll be recommending this book to just about everybody I know.” –William Porter, database developer, author, photographer

What's New

What’s New in the Second Edition

Version 2.0 of this book is a major new edition, with updated information and advice that reflects the state of technology in early 2016 and adds extensive details about a variety of increasingly popular products and services. Some of the interesting changes are:

  • In Usernames and Passwords: an Outdated Model, added a discussion of approaches involving Biometrics, Authenticator Devices (including EveryKey and Nymi Band), and Passwords on Demand that some people hope will eventually supplant today’s way of using passwords as a primary means of authentication

  • Updated and significantly improved the accuracy of All about Entropy, which explains the factors determining how likely (or unlikely) a password is to be guessed

  • Greatly expanded the topic Multi-factor Authentication, which now covers One-time Passwords and apps that generate them (such as Google Authenticator and Authy), Physical Keys, and Application-specific Passwords, as well as the roles of Trusted Devices

  • Added a sidebar explaining why simple passwords are always a bad idea, even for accounts that don’t apparently protect any sensitive data; see Why Use Secure Passwords for Throwaway Accounts?

  • Significantly expanded the chapter Pick a Password Manager:

    • In Features to Look For, added iOS browser support, Apple Watch support, one-time password support, U2F support, and pricing model, plus new sidebars Three Autofill/Autosubmit Models and Switching Password Managers

    • Updated and expanded the discussions of 1Password and LastPass, both of which have changed markedly since the previous edition of this book

    • Added descriptions of Blur, Master Password, Sticky Password, and True Key—along with a sidebar (Missing Managers) explaining why I don’t cover KeePassX or oneSafe

  • In Appendix A: Use Two-factor Authentication, added information about Apple’s new two-factor authentication system and using two-step verification with Dropbox, Facebook, Microsoft, and Twitter accounts

  • Added Appendix C: Calculate Password Strength to help interested readers determine the entropy of passwords they create and understand why such calculations frequently vary

Reader Raves

“I’ve purchased several of [Joe’s] books and found them more than helpful… you have kept me from committing technocide and offing my computers and iPhone. I am going to purchase more of your books as soon as I’m finished with this email.” —Michael Israel, performance artist

“I’ve been reading your Take Control books for years, and this book is the best yet. Just the right amount of knowledge to inspire action. The way most people do this stuff is frightening. I, for one, am going to move my personal stuff to your new system.” —Matt C.

“The author provides many useful tips to assist developing passwords and password management strategies. Do you know what a VIP list is relative to password security? I didn’t, but I do now, and I’m using it! — David M. Acklam, MyMac review

Update Plans

April 8, 2016 — At the moment, we have no particular plans for updating this title.

Posted by Tonya Engst

  1. Joe Passes the Word about Passwords on MacVoices

    Joe and Chuck Joiner of MacVoices sit down for a wide-ranging chat about the new edition of this book and the state of passwords in this age of multi-factor authentication, password entropy, and password managers. They discuss all the myriad ways you can improve your personal online security without having to create and memorize a new password like R>preVckEf7*fh% every few weeks.

    Posted by Michael E. Cohen (Permalink)

  2. Take Control and eSellerate Unaffected by Heartbleed Bug

    For anyone who is wondering, neither the Take Control Web site nor the eSellerate ecommerce site that we use for purchases were ever vulnerable to the Heartbleed bug, so you don’t need to worry about the security of your Take Control transactions or account information. There’s no reason to change your Take Control password either, although it’s always a good idea to do that if your current password is weak.

    Posted by Adam Engst (Permalink)

  3. Heartbleed, Heartburn, and You

    The startling and disheartening news about the recently discovered Heartbleed Internet security vulnerability no doubt has you wondering, “What should I do? What can I do to protect myself and my data?” The answer is, “Change your passwords for the affected sites. But not necessarily immediately, and not all at once.” Why not immediately? Because the vulnerability affects a wide range of servers across the entire Internet, and not all of those affected servers have been patched—changing your password on an unpatched server simply means that your new password may be purloined just as easily as your old one. Instead, you should avoid logging in to unpatched sites and servers until they are patched, and change your password at that point. The TidBITS article The Normal Person’s Guide to the Heartbleed Vulnerability provides several links to help you figure out which servers are vulnerable and which have been patched, and provides guidance about what you should do to protect yourself and when you should do it.

    Eventually, of course, you will have a bunch of passwords to change.

    If you use password-management software, such as LastPass or 1Password, that software can help you with that unwelcome but essential task. (AgileBits, the developer of 1Password, has posted an Updating Your Site’s Password guide to help you with your labors.) Browse safely, my friends.

    Posted by Michael E. Cohen (Permalink)