The key to choosing a secure password
The problem with passwords can usually be summed up in three words: simplicity, memory and reuse.
People tend to choose less secure passwords since they’re easier to remember, and this is often compounded by the habit of reusing the same insecure password for every site and service. Without doubt, this is seriously concerning.
Sometimes, however, an unorthodox password problem hits you from left-field and leaves you reeling, which is exactly what happened to PC Pro reader Roger P when he purchased a new MacBook Pro with Retina display from his local Apple Store.
Roger isn’t your typical security noob; in fact, he takes this data-protection stuff very seriously and follows industry advice, such as employing a password vault. This is why his experience is so surprising.
Roger installed his usual password – a complex one that contains the euro symbol (€) in several places – to restrict access to his account on the MacBook Pro.
Find out more
He then downloaded 1Password v4 from the App Store and copied his 1Password keychain file from his previous MacBook Air onto the new machine. At this point, things took a turn.
When the 1Password login screen appeared and Roger entered his password, it was rejected. After spending a good while troubleshooting the problem, Roger realised the Apple Store had sold him a machine with a US keyboard layout. This meant that hitting Alt+2 didn’t produce the € character, as it would on a UK keyboard.
The problem wasn’t immediately obvious to Roger, since all his previous MacBooks purchased from Apple Stores in the UK had UK keyboard layouts. Not being able to see your password by default as you enter it doesn’t help, although this option can be configured to display the input if you need to troubleshoot.
I wouldn’t recommend disabling the asterisk option permanently, however, since you never know who may be watching you type.
Been there, done that
I’m glad Roger got to the bottom of this issue, and I can sympathise, since I’ve been in a similar position myself. I recall being in a hotel room in Seattle without my laptop, since I’d opted to travel light on this occasion.
The only “smart” device I had with me was a Palm Pilot 1000 (which should date this anecdote fairly precisely). I’d decided I could keep in touch with my email via that internet thingy and the awfully clever connected TV in my hi-tech hotel room.
The trouble was, my password included a pound sign, and the keyboard I had was a US one. Worse still, there was no way of changing this on the system in use in that room, not even by an experienced hacker such as me.
The lesson I learned was to avoid using in my passwords non-alphanumeric symbols that are keyboard-layout dependent.