Password Security

Perfect password security

Your passwords are a tremendous security measure, but sometimes they seem to be no more than an inconvenience, designed to stop or slow you from accessing a computer or web site.

For decades (literally since the 60s) passwords have been the first line of defence to secure access to computer systems, and are increasingly important against a growing cyber threat; from the password you type to log in to your Mac, to the PIN you enter on your iPhone.

Even apparently fancier technologies like Apple's TouchID and FaceID have only one job; ensure access to the existing PIN on your iPhone. It's the PIN (or more complex password) which in turn actually unlocks the phone.

So passwords aren't going anywhere, and consequently it’s always a perfect time to review your approach to passwords, and find out how a few simple changes can give you an immediate security boost.

But, in this digital world, password are everywhere. Each time you login to your computer, iTunes, FaceBook, Google Drive, iCloud, work-based systems, DropBox, Zomato, Seek, Uber, Tinder, and (of course) the numerous financial systems which we take for granted these days. The list is almost endless.

So how do you effectively protect yourself?

Do you go the simplistic route, and pick one really good password and use it everywhere? No. Absolutely not. If someone gets that password then you're compromised everywhere.

But having secure, unique passwords to everything is unusually complex, and entirely impractical. So now what?

Fortunately, technology (the cause of the problem) also has a number of solutions. Below are 6 ways in which you can get the best of both worlds; security and simplicity.

This article should be viewed as essential reading, not just as a set of recommendations.

Related Tags: Mac SupportApple Support Australia




Go Long

Despite what all those prompts for unique characters and uppercase letters might have you believe, length matters more than complexity, as is elegantly displayed in one of our favourite geek comics, XKCD. The more characters, the more mathematically complex it becomes to guess a password, and the longer an attack would take.

Stringing together a sentence, and mixing in some symbols, numbers, and upper-case (think &, 4, U) makes a password much, much harder to assail.

“inever4getaface!” is a great, easy to remember but complex to guess password.

Let your Mac do the heavy lifting

Don’t trust foreign browsers. A convenient shortcut to remembering all those passwords, or getting a paid password manager account, is letting your browser remember them for you. You’ve seen the option yourself. You probably even use it on at least one site. Don’t! The option is convenient, but the underpinning security is often undocumented, and it doesn’t require that your password actually be, you know, good. If you need a free and easy option, go with a password manager like Dashlane instead of trusting everything to Chrome.

The only problem is that apps like Google's Chrome don't take advantage of the keychain, so you'll need to manually enter passwords from the keychain to Chrome, and Chrome can save the password in it's own database.

Use a password manager

Password managers like 1Password or LastPass create strong, unique passwords for all of your online accounts, and then store them for you to access across all your devices. So you have strong, unique passwords, and if one of your passwords does get caught up in a data breach, criminals won’t have the keys to the rest of your online services.

Now all you need to do is remember one master key.

The limitations with these applications is that, like all 3rd party software, you'll need to download a separate app, and then you'll need to install the appropriate browsers plugin for them to work.

Use keyboard patterns

A much-less-often used password mechanisms is using a keyboard pattern.

Instead of making up a sentence or using substitutions, you pick a pattern on your keyboard as a password. This has the advantage of being extraordinarily easy to type in, but hard for others to hack.

Of course, there's an obvious downside; if typing in the password on a foreign or virtual keyboard, the layout may not be exactly the same as your normal keyboard. Also, keys like the numbers and symbols (the top row) may not even appear on virtual keyboard - so you'll need to really remember this type of password.

An example... "cftyuijnbvc" makes so sense as a word, but you'll see how nifty it is when you type it out.

Single-serve passwords

What makes safety glass so safe? Simple... it's designed to stop little cracks becoming big ones, resulting in tiny, relatively innocuous pieces of glass rather than large, sharp, extremely dangerous shards of glass.

In the same way, using unique passwords means that if the password to one online service is discovered, then it means your other online services are not in compromised.

If you’re use a password manager then you’re already all over this. If not, then a midway solution would be to create 10 unique passwords, and evenly distribute their use, so that the exposure of any password is not entirely catastrophic. Don't believe that your passwords may have been compromised? See for yourself: The website Have I Been Pwned has nearly 5 billion compromised accounts on file - and yours may be one of them,.

Use multi-factor authentication

Increasingly, online services are using multi-factor authentication.

Users can be authenticated more than one way, including:

  • Something you know - a password or PIN
  • Something you have - a smart card, a SecureID token, a YubiKey USB key, an app like Authy, or a code via SMS
  • Something you are - a biometric measure like a fingerprint, voice pattern, or retina scan

The third factor is usually only used for physical access to something; a building, a research facility, etc.

But two-factor authentication is increasingly used for online services, and codes via SMS are by far the most popular. If an online service offers two-factor authentication then you should used it. The only down side is that you may not be able to receive an SMS code if you're overseas and don't have roaming turned on.

FCR Case Study


FCR (Financial & Corporate Relations) is a leading Australian corporate, financial, and investor communications company, founded in 1985, assisting about 50 clients throughout Australia to communicate with their stakeholders.

They provide counsel and assistance to directors and senior management, combining skills in media and public relations, issues and crisis management, marketing, research, writing, graphic design, and online and print production.

Their contacts with financial journalists, analysts, brokers and fund managers are second to none among communication consultancies.

The Brief

FCR had been with the same IT support company for some years, but when their needs changed it was time to find a new provider which could help them move with the times.

They turned to iHelp IT in 2012 to provide quality technical support and service, to maintain and update their equipment, help their staff on an ongoing basis, and provide ongoing consultancy in all IT matters.

An initial, free consultation identified a number of areas of improvement.

The Solution

iHelp IT identified key areas where the business could improve it's IT, reduce risks, and streamline it's business.

Amongst the solutions provided were:

  • Multiple on-premise services were migrated to the cloud
  • Business continuity was ensured by implementing local and secure cloud backups
  • Security was improved via the removal of old user accounts
  • High-speed internet access was implemented, at a lower cost than the previous service
  • Network security was improved through new router equipment and directory integration
  • Support costs were fixed via iHelp IT’s iCare managed service product
  • FCR saved 45% on their phone bills by implementing iHelp IT’s My Cloud Phones cloud-hosted PBX
The Outcome

Today, FCR enjoys a smooth, integrated IT environment, with continuous updates and monitoring. FCR rests easy in the knowledge that their IT services are in good hands, and their IT dollars are well spent.

Their staff are able to call on iHelp IT's technical assistance without hesitation, knowing that having all their IT services under one roof means problems are quickly solved.

With significant savings on services like internet and phone systems, FCR is able to direct funds towards improving their IT investment and strategically planning for future growth.

anaesthetics case study

Eastern Suburbs Anaesthetics

Eastern Suburbs Anaesthetics comprises fourteen specialist anaesthetists who are all registered in NSW, and recognised by the NSW Specialist Recognition Board.

All anaesthetists in this practice are highly qualified and skilled specialist doctors, having undergone extensive training.

The Brief

Eastern Suburbs Anaesthetics had migrated their office from Windows to Mac about 6 months before contacting iHelp IT.

Their current IT provider, who had done the migration, had proven unable to maintain the office Macs in working order, and had difficulty doing simple things like removing unneeded software, despite multiple requests.

The staff at Eastern Suburbs Anaesthetics felt the previous IT provider had over-promised and under-delivered.

The Solution
iHelp IT was brought on-board and Eastern Suburbs Anaesthetics immediately signed up to an iCare Managed Services agreement. iCare meant the staff could call iHelp IT with any support requests without fear of blowing a budget. Support is delivered first remotely, and then on-site if required, for one fixed monthly fee. iHelp IT quickly fixed the most pressing issues, and has maintained the Eastern Suburbs Anaesthetics office ever since.
The Outcome

Eastern Suburbs Anaesthetics were so impressed with the iCare product that they renewed the initial agreement, and migrated the email hosting to iHelp IT.

Recently, Easter Suburbs Anaesthetics migrated their on-premise PBX to an iHelp IT My Cloud Phones PBX, resulting in a saving of around 75% on their office phone bills.

highbury case study

Highbury Partnership

Highbury Partnership is one of Australia's leading independent financial advisers.

They advise their clients on strategic and always highly confidential financial transactions, including recommending on takeovers, advising on the sale of assets, recapitalisations, IPOs, and mergers.

About a year after starting in a serviced office, they needed more space, and needed their IT to move with them, and be much more secure.

The Brief

When Highbury Partnership moved their corporate offices from ServCorp to their own address, they needed an IT solution for themselves and for their subtenant.

Due to the nature of their business and the sensitive work they do for their clients, security was a top priority, but they also needed flexible work arrangements.

The Solution

iHelp IT configured a Mac Mini server as the hub of their storage and security, and used the Mac OS Open Directory Architecture as the core of their security.

Building on the Open Directory architecture of Mac OS X, and using the Kerio Control router, iHelp IT deployed WPA2 Enterprise WiFi security. This means that only authorised staff could access the wireless network, and each staff member had their own unique access, whether using a Mac or Windows PC.

The Outcome

Staff could also work securely from anywhere in the world, allowing their team to work together no matter where staff were located. Highbury Partnership's subtenant was so impressed with the secure environment that iHelp IT implemented that they engaged iHelp IT to installed their network infrastructure as well.

Both companies enjoyed very secure, high-speed internet, with staff able to access the company's critical resources securely, satisfying their business needs.



Lightwell is a media design studio for museums and public spaces located in Chippendale.

They make responsive environments for exhibitions and public spaces, and story-driven media for cultural institutions, mobile devices and the web.

The Brief

Michael Hill from Lightwell contacted us in mid 2014, after being referred by the Apple Store Broadway.

They had significant IT infrastructure in place, but needed to integrate the security of their existing IT systems in order to bid on a large contract for a leading multi-national in the financial services sector, where security was of high concern.

The Solution

iHelp IT implemented Apple’s Mac OS X Server, using Open Directory as the core of the security measures.

The existing Kerio Control router’s VPN, the Apple Airport Extreme’s WPA2 Enterprise network (via RADIUS), and access to the various Synology NAS devices were all configured to authenticate against Mac OS X’s Open Directory. Additionally, the guest wifi network was configured to only allow access to the internet.

The Outcome

Access to network resources and data on servers were secured using a single directory, ensuring staff had to authenticate with their own account to access these resources, and allowing Lightwell to centrally manage security.

The solution allowed Lightwell to satisfy their client of the security of their infrastructure, and they won the contract.


Backup your iPhone and save a world of pain

A long time ago, in a galaxy far far away, I used to work for the Apple Store Sydney as a Genius (note the capital "G" denoting this is a title, not a claim!)

We saw many things at the Genius Bar, but the one thing which consistently amazed me was the number of times people didn't back up their devices, whether Mac or iPhone.

In fact, the only time someone cried (literally) at the Genius Bar was when the Mac owned by a young couple had a failed hard disk. The couple didn't have a backup, and consequently they lost every precious photo they'd taken of their baby's first year!

What do you do in such a situation? There was nothing we could do but hand over a box of tissues.

The Future

Fast forward to a day in the future when you too lose all the photos on a device. I'm not saying this scenario may happen, I'm saying that in all likelihood this scenario will happen.


There are a myriad reasons. Phones get stolen, are dropped in the ocean, are forgotten on a train in a foreign city. Your ex could make off with your iPhone. Your roommate could make off with your iPhone. Your ex and your roommate could make out and then make off with your iPhone! And then everything on that iPhone which wasn't backed up is gone. Forever.

Avoid Pain

Apple, as the inventor of the smartphone, has looked into it's crystal ball to see this day, and has you covered. All you have to do is take advantage of what's available. So let's revisit how to back up your iPhone.

Firstly, some data doesn't need to be backed up separately. If you have your calendar, contacts, notes, reminders, and email in the cloud then your data is automatically synchronised, and in the event you need to replace your phone that information can be synchronised with your new phone in just a few minutes.

But what about everything else? Your game progress? Your Skype login? Your FaceBook account? And, more important than all of those - your photos!

Most people know that backing up their iPhone to their Mac or PC can be done via iTunes, but this only happens when you're on the same wifi network, and when your computer is on and iTunes is running. In some cases this is further restricted to happen only when your iPhone is physically connected to your computer.

But when you're out and about - the times you're most likely to be taking family snaps - your computer is nowhere near you. If you're on holidays it could be weeks before you get back to your computer!


Apple has a number of solutions to this, and they all assume you have an iCloud account.

  • A free iCloud account gives you 5 GB of storage
  • 50 GB of iCloud storage costs $1.49 / month
  • 200 GB of iCloud storage costs $4.49 / month
  • 2 TB (or 2000 GB) of iCloud storage costs $14.99 / month
  • These are Australian prices, and include GST
  • Prices may change, so click here for current information

If you have an Apple ID (for the iTunes or App Store) then use that to sign in to iCloud.

Once you've setup your iCloud account on your iPhone you're ready to use one of Apple's backup solutions.













iCloud Backup
  • What it is: A backup of everything on your iPhone to iCloud
  • Pros: Everything on your iPhone is backed up; a lost iPhone can be restored from the last backup
  • Cons: Backups can take up a lot of space, so you may need to pay for more iCloud storage
  • To activate:
    • Go to your iPhone Settings
    • Click on your name at the top
    • Click on iCloud
    • Scroll down to iCloud Backup and switch it on
  • Important: Backups only happen when your iPhone is plugged into power, locked, and connected to wifi; use a hotspot or your hotel wifi when on vacation.
iCloud Photo Library
  • What it is: A copy of your entire photo library on iCloud
  • Pros: Uses less storage than iCloud Backup, and photos can then be shared with Photos on your Mac, so all photos automagically appear on your iPhone and Mac
  • Cons: Only backs up your photos (you may need a paid iCloud subscription if you have many photos and videos)
  • To activate:
    • Go to your iPhone Settings
    • Click on your name at the top
    • Click on iCloud
    • Click on Photos
    • Switch on iCloud Photo Library
  • Important: Photos will upload via both wifi and cellular data, so be aware of any cellular data charges (especially when overseas). To enable or disable cellular data for Photos go to Settings > Mobile > Mobile Data on your iPhone.
Photo Streaming
  • What it is: A stream of the last 30 days of photos from your iPhone
  • Pros: Takes up the least storage on an iCloud account, so you may not need a paid iCloud subscription
  • Cons: Only the last 30 days of photos are stored in iCloud, so you'll need to download these to your Mac or PC or risk losing them, only works with wifi
  • To activate:
    • Go to your iPhone Settings
    • Click on your name at the top
    • Click on iCloud
    • Click on Photos
    • Switch on Upload to My Photo Stream
  • Important: Uploads only happen when your iPhone is connected to wifi; use a hotspot or your hotel wifi when on vacation.

Follow this guide and you should never need a box of tissues because you've lost your photos.

For the full Apple support document on backing up, go here or contact iHelp IT.