Posts

Stay Safe in 2026 with These New Year’s Resolutions

/in /by

We’re approaching the end of 2025, so we encourage you to consider your New Year’s resolutions. For many people, the new year offers an opportunity to reflect on habits we’d like to adopt or solidify. Although we support reducing social media use and making other positive lifestyle changes, we’d like to suggest a few additional resolutions to improve your digital security and reduce the risk of bad things happening to you online.

If you read through this list and think, “I’m already doing all that,” then you’re done. Keep up the good work!

Back Up All Your Devices Regularly

The most important thing you can do to avoid digital disasters is to back up your data regularly. Bad things happen to good devices, like a Mac’s SSD failing, an iPhone falling into a pool, or data being lost due to theft, fire, or flood. With a solid backup plan, you can recover from nearly any problem.

For the Mac, the easiest way to back up is to use an external drive with Time Machine, but an off-site or Internet backup is also essential. Backblaze is a good choice, but there are numerous online backup services. For iPhones and iPads, it’s simplest to back up to iCloud, which automatically happens every night if you turn it on in Settings > Your Name > iCloud > iCloud Backup. You can also back up iPhones and iPads to your Mac if you do not have enough iCloud storage space. Apple Watches automatically back up to their paired iPhones, and that Watch data is included in iPhone backups, making restores straightforward. Whatever your setup, restore a few files periodically as a test to make sure your backups are working.

Always Install Security Updates

An important step to enhance your security is to install new operating system updates and security updates promptly after Apple releases them. While the specifics rarely make headlines because they are highly technical and detailed, you can gauge the significance of security updates by noting that a typical update fixes 10–30 vulnerabilities identified by Apple or external researchers. Other security updates include only one or two fixes, as they’re aimed at addressing zero-day vulnerabilities currently being exploited in the wild.

It’s usually wise to wait a few days after an update appears before installing it, in case it causes any undesirable side effects. Although such problems are rare, when they do happen, Apple quickly pulls the update, resolves the issue, and releases a new version, typically within a few days.

Use a Password Manager

We’ll keep emphasizing the importance of a password manager until passkeys—the replacement for passwords—become widespread, which will take years. Until then, if you’re still typing passwords manually or copying and pasting from a list stored in a file, please start using a password manager like 1Password or Apple’s Passwords, which is now pretty good. A password manager provides six significant benefits:

  • It generates strong passwords for you. Password1234 can be hacked in seconds.
  • It stores your passwords securely. Anyone walking by your unlocked Mac can read an Excel file on your desktop.
  • It enters passwords for you. Wouldn’t that be easier than typing them in?
  • It audits existing accounts. How many of your accounts use the same weak password, which has likely been stolen in multiple breaches?
  • It lets you access passwords on all your devices. Logging in to websites is just as easy on the iPhone and iPad!
  • It can store and enter two-factor authentication codes. Whenever possible, protect important accounts with two-factor authentication so even a stolen password won’t provide access.

A bonus benefit for families is password sharing. It allows couples to share essential passwords or parents and teens to share specific passwords.

Using a password manager is quicker, simpler, and more secure. If you need assistance getting started, reach out.

Beware of Phishing Email

Individuals and businesses often experience security breaches due to phishing, which involves fake emails that trick someone into revealing login details, credit card numbers, or other sensitive data. While spam filters catch many of these attacks, you must stay alert. Here’s what to watch out for:

  • Any email that tries to get you to reveal information, follow a link, or sign a document
  • Messages from unfamiliar people, asking you to take an unusual action
  • Direct email from a large company for whom you’re an anonymous customer
  • Forged email from a trusted source requesting sensitive information
  • Urgent threats like “account locked,” “unauthorized charge,” or “action required”
  • All messages that contain numerous spelling and grammatical mistakes

When unsure, avoid clicking the link or replying to the email. Instead, reach out to the sender via another method to verify the message’s authenticity. Legitimate companies—especially Apple, financial institutions, and cellular carriers—will never ask for your password or two‑factor codes by email, text, or voice.

Never Respond to Unsolicited Calls or Texts

Phishing attacks increasingly take place via texts and phone calls—and even some via deepfake audio and video. Because of weaknesses in the telephone system, these messages and calls can appear to come from trusted companies like Apple and Amazon. Other common scams warn about unauthorized logins or payments to trick recipients into calling scammers, advertise fake deliveries with malicious tracking links, or send fake two-factor authentication messages that prompt recipients to click a link to “secure” their account.

Avoid clicking links in texts unless you recognize the sender and it makes sense for you to receive that link. (For example, Apple might send text messages with delivery details for a recently placed order.) Never enter login information on a website you reach through a link because you can’t be sure it’s legitimate. Instead, if you’re interested in more details, go directly to the company’s official website by typing its URL into your browser, then log in from there.

For calls from companies, unless you’re expecting a callback regarding a support ticket you opened, don’t answer—caller ID can be spoofed. Let the call go to voicemail, and if you believe it’s important to respond, look up the company’s phone number from a reliable source and contact someone at that number instead of using the one provided by voicemail.

Avoid Anything Associated with Sketchy Websites

We won’t dwell on this last point, but it’s worth noting that you’re much more likely to encounter malware on fringe websites or those that cater to societal vices. The more you can steer clear of sites that deal with pirated software, cryptocurrency, adult content, gambling, or the sale of illicit substances, the safer you’ll be. That’s not to say reputable sites haven’t been hacked and used to spread malware, but such cases are far less frequent.

Don’t call numbers from pop‑ups or ads, don’t grant remote access, and don’t pay for any service you didn’t seek out unprompted. Instead, go directly to the company’s official site (type the URL) or contact us for help. And never paste commands into Terminal from websites or “verification” pages—you could install malware without realizing it. If you are worried after spending time in the darker corners of the Web, download a free copy of Malwarebytes and manually scan for malware.

Let’s raise a glass to staying safe online in 2026!

(Featured image by iStock.com/Marut Khobtakhob)

Social Media: Kick off 2026 with smart security habits: back up every device, stay current on software updates, outsmart phishing attempts, avoid sketchy sites, and streamline your logins with a password manager.

Dropbox Passwords Ending: Switch to 1Password Now

/in /by

If you use Dropbox Passwords, it’s time to switch to a new password manager. Dropbox has announced it will discontinue the service on October 28, 2025, with key features being disabled in phases starting August 28. After the final shutdown date, all stored passwords will be permanently deleted. Dropbox recommends users switch to 1Password and has made that super easy. Simply click the Dropbox Password extension in your browser and choose Migrate to 1Password. Create a new 1Password account or sign in to an existing one, and then follow the remaining instructions to import your passwords. If you want to use a different password manager, you can probably import a CSV file exported from Dropbox Passwords, possibly after some adjustments to the CSV file’s column headers and order to match your chosen password manager’s expected format. No matter which option you choose, don’t delay!

(Featured image based on an original by Dropbox)

Social Media: Dropbox Passwords will shut down on October 28, 2025. Switch to 1Password or another password manager now to avoid losing your stored credentials.

16 Billion Passwords Exposed in Recent Data Breach: Turn on 2FA!

/in /by

Data breaches keep coming, and the latest one revealed by Cybernews involves 16 billion passwords. There’s no way to know for sure if your passwords are included, though it’s always worth checking Have I Been Pwned and paying attention to monitoring features in password managers. Some media reports claim that passwords from accounts at Apple, Facebook, and Google were leaked, but this is likely overblown. While some accounts at those companies were compromised by infostealers, there were no centralized breaches. Our advice remains the same: use a password manager to ensure that each of your accounts has a strong, unique password and turn on two-factor authentication whenever possible.

(Featured image by iStock.com/tsingha25)

Social Media: Another day, another breach—this time involving 16 billion passwords. Despite alarming headlines about Apple, Facebook, and Google accounts, there’s no need to panic. Our advice? Use unique passwords and enable 2FA.

Passwords Becomes a Real App in macOS 15 Sequoia, iOS 18, and iPadOS 18

/in /by

Although we’re still fans of 1Password, and there are plenty of other good password managers out there, like BitWarden and Dashlane, Apple has finally removed the last hurdle to using its built-in password management capabilities.

Starting in macOS 15 Sequoia, iOS 18, iPadOS 18, and visionOS 2, Passwords is now a real app rather than being trapped inside Safari, System Settings, and Settings. If you have resisted using a password manager or don’t wish to continue subscribing to an alternative, give Apple’s Passwords a try. It makes creating, maintaining, and entering passwords faster, easier, and more secure than doing it by hand. Those already using a password manager can export their accounts and import into Passwords.

What You’ll Find in Passwords

We’ll focus on the Mac version here, but the other versions are nearly identical apart from their screen sizes.

The left-hand sidebar, reminiscent of Reminders, provides categories of accounts:

  • All: Select All to see all your accounts, regardless of what shared group they may be in.
  • Passkeys: If you have any passkeys for large websites like Apple, Google, and others, they’ll appear here.
  • Codes: Passwords can create, store, and enter two-factor authentication codes for sites that support them. If you need to look one up manually because Passwords couldn’t autofill it, you’ll find the associated account here.
  • Wi-Fi: This category contains stored passwords for all the known Wi-Fi networks on your device. Because known Wi-Fi networks aren’t synced between devices, the number of these will vary between your devices.
  • Security: If you have any accounts with weak passwords, accounts you previously shared and stopped sharing, or accounts whose passwords were leaked in a security breach, they’ll appear here. Edit these accounts and click the Change Password button to start the process; when the password changes, they’ll disappear from this category.
  • Deleted: Any accounts you delete stay here for 30 days before being deleted for good. You can delete any of these accounts immediately or restore them to their previous group.
  • Shared Groups: If you use Family Sharing, you automatically get a Family Passwords group to simplify sharing important accounts with your family members. But you can also share accounts with other groups of Apple device owners. To move an account to a group, choose it from the Group pop-up menu.

The middle pane lists the accounts in the selected category. You can sort the list using the menu with vertical arrows, search for a specific account, and manually add a new one with the + button. Otherwise, scroll through the list and click an account to view it in the right-hand pane.

At the top of the right-hand pane is an AirDrop button and an Edit button. Click AirDrop to share an account with someone nearby or Edit to make changes or set up a two-factor verification code. If you want to copy information, click the User Name, Password, Verification Code, or Website item to get a Copy menu. The password becomes visible when you mouse over it. Clicking Website also offers an Open Website option and lets you add more sites where the password should autofill.

Setup Requirements

Most people shouldn’t need to do anything to start using Passwords. However, if you have trouble, check the following items:

  • Turn on Password AutoFill: If your device isn’t entering passwords for you, turn on AutoFill Passwords and Passkeys in Settings/System Settings > General > AutoFill & Passwords. Also, ensure that Passwords is enabled in the AutoFill From section if multiple password managers are installed.
  • Turn on iCloud Keychain: If you want your passwords to sync securely among your devices, which makes life a lot easier, go to Settings/System Settings > Your Name > iCloud > Passwords and turn on Sync This Device.
  • Set up iCloud Passwords for other browsers: Apart from Safari, Chromium-based Web browsers (Arc, Brave, Google Chrome, Microsoft Edge, etc.) can access and autofill your saved passwords if you install Apple’s iCloud Passwords Chrome extension. (There’s also now an iCloud Passwords add-on for Firefox.) The overall experience is not as seamless as in Safari, requiring a once-per-launch code, and you have to create new accounts in Safari or manually in Passwords, but it works.
  • Configure settings: Choose Passwords > Settings (or look in Settings > Apps > Passwords for iOS 18 and iPadOS 18) to access options. Generally speaking, it’s fine to keep them all turned on.

If you have additional questions, check Apple’s documentation for detailed instructions for all the platforms on which Passwords runs. But realistically, Passwords is easy to use, and although the app itself is new, the underlying password management features and syncing have been in place for years, so they’re stable and reliable.

(Featured image by iStock.com/designer491)

Social Media: Apple’s new Passwords app in macOS 15, iOS 18, iPadOS 18, and visionOS 2 makes the company’s longstanding password storage and syncing features more straightforward and easy to use. It’s password management for the rest of us!

Share 2FA Setup for Team Access to a Single Account

/in /by

When your team or family shares access to a single account (such as for banking or social media, which seldom offer multi-user access), using two-factor authentication via SMS is awkward—whose phone receives the 2FA codes? One solution is to use an authentication app. Authentication apps are more secure, and multiple people can add 2FA support to the same account by scanning the QR code at setup or adding the 2FA setup URL later. (In both 1Password and Apple’s iCloud Keychain, edit the login to see and copy the setup URL.) An even better solution is to use a password manager that supports both 2FA codes and password sharing. That way, one person can set up the account with 2FA and add its login to a shared vault or collection. 1Password, Bitwarden, Dashlane, iCloud Keychain, and others provide such features.

(Featured image by iStock.com/May_Chanikran)

Social Media: For better results when a team or family group needs to share 2FA codes to log in to a website, try to use an authentication app instead of SMS, or better yet, use a password manager that can both generate 2FA codes and share logins with a group.

Apple’s iCloud Keychain Password Management Is All Many People Need

/in /by

Apple’s iCloud Keychain Password Management Is All Many People Need

We constantly recommend using a password manager like 1Password, BitWarden, or Dashlane. But many people resist committing to yet another app or paying for yet another service. Isn’t Apple’s built-in iCloud Keychain password management good enough?

The answer now is yes, thanks to two recent changes:

  • In iOS 17.3, Apple added Stolen Device Protection, which leverages biometric authentication—Face ID or Touch ID—to protect users against thieves who would surreptitiously learn someone’s passcode, steal their iPhone, and then take over their digital lives. One of the worst aspects of that attack was that the iPhone passcode was sufficient to access the user’s stored passwords, so the thief could get into everything.
  • Until mid-2023, Apple’s built-in password management worked only in Safari, which was problematic for users who rely on other browsers. Then Apple updated its iCloud Passwords extension for Google Chrome to work not just in Windows, but also in Mac browsers based on Google Chrome running in macOS 14 Sonoma. There’s also now an iCloud Passwords add-on for Firefox.

If you aren’t yet using a password manager, try iCloud Keychain.

Passwords Basics

Apple integrated iCloud Keychain into macOS, iOS, and iPadOS at a low level, so you mostly interact with your passwords in Safari. But first, make sure to enable iCloud Keychain so your passwords sync between your devices. On the Mac, you do that in System Settings > Your Name > iCloud > Passwords & Keychain. On an iPhone or iPad, it’s in Settings > Your Name > iCloud > Passwords and Keychain.

If you’re using a browser other than Safari, install the iCloud Passwords extension or add-on and activate it by clicking it in the toolbar and entering the verification code when prompted.

When it comes to website accounts, there are two main actions: creating a login and logging in to a site:

  • Create a new login: When you need to create an account on a new website, after you enter whatever it wants for email or username, Safari creates a strong password for you. Unfortunately, the iCloud Passwords extension or add-on on the Mac can’t generate passwords—you can either create a strong password manually or switch to Safari temporarily to let it create one. When you submit your credentials, you’ll be prompted to save them.
  • Autofill an existing login: The next time you want to log in to a site for which you’ve saved credentials, Safari or your other browser on the Mac displays a pop-up with logins matching the domain of the site you’re on. On the iPhone or iPad, you might get an alert at the bottom of the screen or have to pick a choice in the QuickType bar above the keyboard.

For basic usage, that’s it! However, iCloud Keychain can make mistakes. The site shown above asks for both an email address and a username and wants the email address for logging in, but iCloud Keychain remembered the username instead. Happily, Apple makes it easy to fix such unusual missteps. On the Mac, open System Settings > Passwords, or on the iPhone or iPad, open Settings > Passwords. Here’s where you find and edit your saved logins.

Open the desired login by double-clicking it on the Mac or tapping it on the iPhone or iPad, then click or tap Edit and make any desired changes.

iCloud Keychain provides additional features and options:

  • A search field at the top of the Passwords window or screen helps you find logins if scanning the full list is frustrating.
  • You can use commands in the + menu to create new passwords and shared groups. On the Mac, commands in the ••• menu let you import and export passwords; the iPhone and iPad use that menu to bulk-select passwords for deletion and show generated passwords.
  • Shared groups let you share a subset of passwords with family or colleagues. Choosing New Shared Group triggers an assistant that walks you through naming the group, adding people from Contacts, and choosing which passwords to share. You can move passwords between groups at any time.
  • The Security Recommendations screen displays logins exposed in known breaches and points out logins with weak passwords. Check those and update them as necessary.
  • In Password Options, you can turn off autofill, but why would you? Another option automatically deletes verification codes you receive in Messages after it inserts them with autofill.
  • On websites that support two-factor authentication, you can set up a login to autofill the verification code. During setup on the site, you’ll get a QR code you can scan with an iPhone or iPad if you’re using a Mac; if you’re using an iPhone or iPad, touch and hold the QR code and choose Add Verification Code in Passwords. Once you finish configuring the login, you’ll have to enter the six-digit verification code on the site to link it with the login.

Overall, iCloud Keychain provides the password management features that most people need, and it’s a massive security improvement over keeping a document of your passwords on your desktop.

(Featured image by iStock.com/loooby)

Social Media: Apple’s iCloud Keychain password manager keeps improving, and we now recommend it, especially for those not already using a third-party password manager. Here’s how to use iCloud Keychain to store and enter secure passwords.

After “Mother of All Breaches,” Update Passwords on Compromised Sites

/in /by

January’s big security news was the Mother of All Breaches, the release of a massive database containing 26 billion records built from previous breaches across numerous websites, including Adobe, Dropbox, LinkedIn, and Twitter. It’s unclear how much of the leaked data is new, but it’s a good reminder to update your passwords for accounts on compromised sites, especially those you reused on another site. Cybernews has a leak checker that reports which breached sites include your data. More generally, password managers often have a feature that checks your passwords against the Have I Been Pwned database of breaches and helps you change compromised passwords—1Password’s is called Watchtower, shown below. You can also search Have I Been Pwned directly. Don’t panic if your email address appears in numerous breaches because some of the theoretically compromised accounts may be defunct sites, trivial sites you used once 10 years ago, or duplicate password manager entries for a site whose password you already updated.

(Featured image by iStock.com/Prae_Studio)

Social Media: Worried about the “Mother of All Breaches” that has been making the rounds in security news? We share a leak checker that can tell you if your email address was involved and recommend that you update any compromised passwords.

Avoid Confusion by Setting iPhone Password Autofill to Only One App

/in /by

Let’s say you use 1Password (or another third-party password manager) on an iPhone or iPad. When that’s the case, it’s easy to end up in a situation where your device will present passwords from both 1Password and iCloud Keychain, possibly along with another app. That won’t break anything, but as you can see in the screenshot below, dueling password managers can be confusing, particularly if one doesn’t have up-to-date passwords. To make logging in easier, go to Settings > Passwords > Password Options and select just one app in Allow Filling From. For instance, if you’re using 1Password, turn off iCloud Passwords & Keychain and all the other apps.

(Featured image based on an original by iStock.com/Kostiantyn Filichkin)

Social Media: Do you suffer from dueling password managers on your iPhone or iPad? If you’re using a third-party password manager, turn off password autofill for iCloud Passwords & Keychain and any other apps to avoid confusion.

If Your Holiday Gift Was a Tech Device, It’s Time to Change the Password!

/in /by

Whatever consumer electronics product you can name, there’s probably a “smart” version that you configure via an app or Internet-connected interface once you’ve connected it to your Wi-Fi network. For ease of setup and to keep costs down, many such devices come pre-configured with not just a default username and password, but the same default username and password as all other units. That’s bad enough, but worse, most people never change those defaults, which is just asking hackers and malicious bots to break in and take over. This risk is real—it has happened to security cameras, baby monitors, light bulbs, DVRs, toasters, refrigerators, and even fish tanks. So, if you received any so-called “Internet of Things” devices for the holidays—or have one or more already installed on your home network—immediately change the usernames (if possible) and passwords to something more secure. Store the new usernames and passwords in your password manager for future reference.

(Featured image by iStock.com/EvgeniyShkolenko)

Export Passwords from Safari to Ease the Move to a Password Manager

/in /by

Although Apple has improved the built-in password management features in macOS and iOS (you can now add notes to password entries!), third-party password managers like 1Password and LastPass are still more capable. For those still getting started using a password manager, another new capability will ease the transition: Safari password export. To export a CSV file of your Safari passwords, choose Safari > Preferences > Passwords, and enter your password when prompted. From the bottom of the left-hand sidebar, click the ••• button, choose Export All Passwords, and save the Passwords.csv file to the Desktop. After you import the file into 1Password (instructions), LastPass (instructions), or another password manager, be sure to delete the exported file and empty the trash.

(Featured image by iStock.com/metamorworks)