Mac Power Users 148: Security Audit

David and Katie review best security practices and discuss email encryption, VPN, password practices, data encryption, two factor authentication and more.

Thanks to MPU listener Jigar Talati for assistance with the shownotes this week.

Links for this episode:

PRISM (surveillance program) – Wikipedia, the free encyclopedia


Tips | Agile Blog

How Apple and Amazon Security Flaws Led to My Epic Hacking | Gadget Lab |

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

Multi-factor authentication – Wikipedia, the free encyclopedia

Multi-factor authentication (also MFA, Two-factor authentication, TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor (“something the user knows”), a possession factor (“something the user has”), and an inherence factor (“something the user is”).

Apple ID: Frequently asked questions about two-step verification for Apple ID


Install Google Authenticator

If you set up 2-step verification using SMS text message or Voice call and also want to be able to generate codes using the Android, iPhone or a Blackberry, you can use the Google Authenticator app to receive codes even if you don’t have an Internet connection or mobile service.

ID Protection Mobile Center – VIP Access for Mobile

Get VIP Access to help protect your online accounts. VIP Access provides a unique security code that you can use in addition to your user name and password for safe and secure account access.

How do I enable two-step verification on my account? – Dropbox

Two-step verification is an optional but highly recommended security feature that adds an extra layer of protection to your Dropbox account. Once enabled, Dropbox will require a six-digit security code in addition to your password whenever you sign in to Dropbox or link a new computer, phone, or tablet.

Sign in using application-specific passwords – Accounts Help

Using application-specific passwords

Hover and Google Apps

Secret decoder ring – Wikipedia, the free encyclopedia

Transport Layer Security – Wikipedia, the free encyclopedia

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet.

Pretty Good Privacy – Wikipedia, the free encyclopedia

Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, e-mails, files, directories and whole disk partitions to increase the security of e-mail communications

The GNU Privacy Guard –

GnuPG is the GNU project’s complete and free implementation of the OpenPGP standard as defined by RFC4880 . GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available.

Official Homepage | GPGTools (OpenPGP Tools for Apple OS X)

GPGTools is a software collection that brings encryption/decryption and signing of e-mails and files, to you on your mac (for Windows use Gpg4win). The main goal is to bring OpenPGP – in the form of an easy installer package based on MacGPG – to Mac OS X.

OS X: About FileVault 2

FileVault 2 uses full disk, XTS-AES 128 encryption to help keep your data secure. With FileVault 2 you can encrypt the contents of your entire drive.

Mac OS X: About file system journaling

“Journaling” is a feature that helps protect the file system against power outages or hardware component failures, reducing the need for repairs.

Password Protect an External Drive in Mac OS X with Encrypted Partitions

Learning To Love Evernote — Chambers Daily

Have you always wanted to love Evernote, but never really got it? I completely understand! I was in your same place for 4 years, but just recently saw the light. I want to share with you how I learned to love Evernote!

Knox | Simply secure file encryption

Virtual private network – Wikipedia, the free encyclopedia

A virtual private network (VPN) extends a private network across a public network, such as the Internet.

Apple OS X Server


ScreenCastsOnline – SCOM0375 Using Mountain Lion Server

How To Set Up a VPN Server Using a Mac « Nosillacast

Cloak VPN – Cloak –

iOS: Understanding passcodes

Domain Name System – Wikipedia, the free encyclopedia

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates easily memorized domain names to the numerical IP addresses needed for the purpose of locating computer services and devices worldwide


5by5 | Mac Power Users #17: DNS and Macworld 2010

It’s a jam packed show this week. We discuss alternative DNS services including OpenDNS and Google’s DNS service with special guest George Starcher. We talk about the advantages and disadvantages of using an alternative DNS service and compare the new Google DNS service with OpenDNS.

MPU Screencast: Configuring OpenDNS

Please support our exclusive sponsor for this episode, 1Password.

1PasswordHave you ever forgotten a password? Now you don’t have to worry about that anymore.