Passwords are a fact of life in the wired 21st century. You probably have dozens or even hundreds of passwords, such as these:
Your Mac OS X administrator password
Passwords for .Mac and any other email accounts you may have
Passwords for Web sites and other online services
A password for your AirPort base station, and perhaps another one for your wireless network
Passwords that protect encrypted files, folders, or volumes (such as your backups)
It's easy to become lazychoosing short, easy-to-type (and easy-to-remember) passwords and reusing the same password in multiple places. The Mac OS X keychain enables you to store most of your passwords in one place and access them easily, but it can also contribute to password laziness by keeping you from noticing how often your passwords are required.
If you're the only person who uses your computer, and if you don't access sensitive information online (such as bank accounts or proprietary corporate data), you can probably get away with relatively few passwords that remain the same indefinitely. Otherwise, I strongly recommend changing your passwordsat least, those that protect the most sensitive informationonce a year (or more often). That way, if someone were to guess one of your passwords, it would be useful for only a limited period of time.
Look for Passwords to Change
Each Web site, application, or device has its own procedure for changing passwords, and I can't begin to cover them all here. I will, however, mention a few common places to look:
To change your Mac OS X user account password, go to the Accounts pane of System Preferences. Select your user name in the list on the left and click the Change Password button in the Password view.
To change your .Mac password, go to www.mac.com and click the Log In link on the right side of the blue .Mac tab, which runs across the top of the window just under the row of tabs. Enter your member name and password. Then click your member name on the .Mac tab (logging in again if asked to do so) to display the Account Settings page, click Password Settings, and follow the instructions.
To change the password used by your AirPort base station or your wireless network, open AirPort Admin Utility (in /Applications/Utilities). Select your base station and click Configure. Then, in the AirPort view, to change the password of the base station itself, click Change Password. To change the password of your wireless network, click Change Wireless Security.
In addition, I recommend opening Keychain Access (which is also in /Applications/Utilities) and looking through the passwords stored there. That will give you an important reminder of many of the Web sites and applications for which you've already established passwords.
Choose a Good Password
You've undoubtedly heard this sermon before, so I won't beat you over the head with it, but let me briefly reiterate the qualities of a good password:
Longer is better: A 16-character password is much more secure than a 6-character password, and even longer is better still.
No common words: Don't use a word (or words) from the dictionary as your password; a hacker can break it easily. Also avoid words and numbers people might guess: your favorite color, date of birth, pet's name, and so on.
Mix letters, case, and numerals: Every password should include at least one uppercase letter, at least one lowercase letter, and at least one numeral.
Luckily, Tiger includes a tool to help you create passwords that meet these requirements: Password Assistant. Whenever you create a new password (for instance, in the Keychain Access utility or in the Accounts pane of System Preferences), a button appears next to the New Password field. Click this button to display Password Assistant (Figure 8).
Figure 8. Password Assistant enables you to generate passwords of any desired length and type.
To use Password Assistant, follow these steps:
Choose a type from the Type pop-up menu. Most of the choices (Memorable, Letters & Numbers, Numbers Only, Random) are relatively self-explanatory. The choice FIPS-181 Compliant creates passwords that comply with the U.S. Department of Commerce standard. The options Memorable and Random may also include punctuation.
Move the slider to the desired password length.
If you don't like the automatically generated choice in the Suggestion field, click the arrow at the right of the field to see other options, or choose More Suggestions to generate even more. For each password, the Quality bar fills up farther to the right as the password becomes harder to guess (either by a person or a computer).