Note: This book is moderately outdated. Now that passkeys are a thing, the book has to cover them in detail—that will be a whole new chapter. There are changes to support for passwords and one-time passcodes in the various Apple operating systems, and Safari has some new password-related tricks too. The book should also address the significant changes in 1Password 8 and refresh the advice on other third-party password managers. We hope, but do not promise, to release a new edition as a paid upgrade in January 2023. (Read more about updates).)
Passwords have become a truly maddening aspect of modern life, but with this book, you can discover how the experts handle all manner of password situations, including multi-factor authentication that can protect you even if your password is hacked or stolen.
The book explains what makes a password secure and helps you create a strategy that includes using a password manager, working with oddball security questions like “What is your pet’s favorite movie?”, and making sure your passwords are always available when needed.
Bundle special! Save 33% when you buy this along with Take Control of 1Password for just $20.
Joe helps you choose a password manager (or switch to a better one) in a chapter that discusses desirable features and describes a dozen different apps, with a focus on those that work in macOS, iOS, Windows, and Android. The book also looks at how you can audit your passwords to keep them in tip-top shape, use two-step verification and two-factor authentication, and deal with situations where a password manager can’t help.
The book closes with an appendix on helping a relative set up a reasonable password strategy for those whose friends or relatives have distressing password strategies, and an extended explanation of password entropy for those who want to consider the math behind passwords.
“Awesome. You did an amazing job breaking it down. This should be mandatory reading.” –Rich Mogull, CEO at Securosis
This book shows you exactly why:
- 9-character passwords with upper- and lowercase letters, digits, and punctuation are not strong enough.
- You cannot turn a so-so password into a great one by tacking a punctuation character and number on the end.
- It is not safe to use the same password everywhere, even if it’s a great password.
- A password is not immune to automated cracking because there’s a delay between login attempts.
- Even if you’re an ordinary person without valuable data, your account may still be hacked, causing you problems.
- You cannot manually devise “random” passwords that will defeat potential attackers.
- Just because a password doesn’t appear in a dictionary, that does not necessarily mean that it’s adequate.
- It is not a smart idea to change your passwords every month.
- Truthfully answering security questions like “What is your mother’s maiden name?” does not keep your data more secure.
- Adding a character to a 10-character password does not make it 10% stronger.
- Easy-to-remember passwords like “correct horse battery staple” will not solve all your password problems.
- All password managers are not pretty much the same.
- Your passwords will not be safest if you never write them down and keep them only in your head.
But don’t worry, the book also teaches you a straightforward strategy for handling your passwords that will keep your data safe without driving you batty.
“Joe handles a confusing and scary subject more clearly and calmly than I would have thought possible. I’ll be recommending this book to just about everybody I know.” –William Porter, database developer, author, photographer
What’s New in Version 3.2
Version 3.2 of this book is a minor update to cover changes in recent versions of macOS, iOS, iPadOS, and third-party software; and to make a few small corrections. Along with a great many small tweaks and improvements, this version includes these notable changes:
- Renamed and refreshed the sidebar now called “Apple’s Password Handling Improvements” to cover recent versions of iOS, iPadOS, and macOS.
- Updated the “Example Password Managers” topic with the latest details on a dozen or so apps. I also dropped Password Boss (see Whither Password Boss?) and added NordPass (and a note about Dropbox Passwords; see “What About Dropbox Passwords?”).
- In “Back to zxcvbn,” I corrected the formula I gave for calculating entropy in bits from zxcvbn’s guesses_log10 figure; I also linked to a version of zxcvbn that shows older and newer entropy calculations.
Posted by Joe Kissell on August 8, 2021
Once again, Joe Kissell joined Chuck Joiner on MacVoices to discuss passwords in the context of his recently updated books Take Control of Your Passwords version 3.2 and Take Control of 1Password, Fifth Edition.
In part one, Joe talks about passwords generally, including changes that may affect your overall password strategy.
In part two, Joe covers some of the new features in 1Password.
Posted by Michael E. Cohen on March 30, 2016
Joe and Chuck Joiner of MacVoices sit down for a wide-ranging chat about the new edition of this book and the state of passwords in this age of multi-factor authentication, password entropy, and password managers. They discuss all the myriad ways you can improve your personal online security without having to create and memorize a new password like R>preVckEf7*fh% every few weeks.
Posted by Adam Engst on April 15, 2014
For anyone who is wondering, neither the Take Control Web site nor the eSellerate ecommerce site that we use for purchases were ever vulnerable to the Heartbleed bug, so you don’t need to worry about the security of your Take Control transactions or account information. There’s no reason to change your Take Control password either, although it’s always a good idea to do that if your current password is weak.
December 31, 2022—This book is moderately outdated. Now that passkeys are a thing, the book has to cover them in detail—that will be a whole new chapter. There are changes to support for passwords and one-time passcodes in the various Apple operating systems, and Safari has some new password-related tricks too. The book should also address the significant changes in 1Password 8 and refresh the advice on other third-party password managers. We hope, but do not promise, to release a new edition as a paid upgrade in January 2023. (Read more about updates.)