Undelete your 1Password Keychain from Dropbox

Don't PanicThe cool thing about Dropbox is anything that goes there is sync’ed across every computer, iPad, iPhone, toaster, microwave running Dropbox. The bad thing about Dropbox is that everything is sync’ed across computers, iPads, etc.

Today, I learned about that the hard way when I deleted my 1Password keychain from my Dropbox folder. No big deal you say because I can restore the files on the Dropbox website. You would be right in saying that if your keychain was stored as one file. Alas, it is not, it’s a bundle of many different files with very cryptic names. No easy way to restore this.

For some odd reason, Dropbox won’t let you take an entire folder back a revision. Needless to say, I was panicking.

As it turns out, I didn’t need to panic at all, I just needed to RTFM. Dropbox makes regular local backups of your keychain files. All you have to do is restore the backup. It gets put back into Dropbox and away you go.

Here’s how to do it.

Launch 1Password
On the password screen chose the File menubar menu.
Select “Restore Data File from Backup”
Restore 1Password keychain files

and away you go.

13 Quick Tips for Securing Your New Mac

So you just got your new Mac – now Let’s talk security! There are various security settings that can be enabled on your Mac to make it extra secure. Many of them are not enabled by default simply because some users may consider them a turn-off. However, if you want to keep your data secure, you definitely need to take certain precautions. Always remember that one of the biggest trade-offs with improved security is less convenience. The task for any major OS is to provide the right balance for each. Here is a list of important security measures that you can take to protect your data.

1. Lock It Down

Let’s start with the obvious. Physical security is the first and most important issue to address when it comes to protecting your data. Store your computer in a safe location and don’t leave it unattended. Also, grab a good security cable if you are using your laptop in public to prevent grab and run theft.

2. Ensure Your Account is Password Protected

This is the first and most basic form of protection that you can enable on your mac. Please be aware of the limitations of your account password – if someone has an OS X boot disk, they are able to easily change this password and gain access to your machine. Nevertheless, having a password to protect your account is a no-brainer!

3. Disable Automatic Log In

While it is really convenient to boot up your Mac and not be bothered with a log-in screen at start-up, this is the first form of defense against unauthorized access to your machine. Enable it!

4. Setting Up Your Firewall

Launch System Preferences and go to the ‘Security‘ section and select Firewall. By default OS X has the Firewall set to allow all incoming connections. You want to change this to the more powerful application specific firewall by selecting ‘set access to specific services and applications’. Next, go ahead and select the ‘Advanced’ button and ensure that ‘Firewall Logging‘ and ‘Stealth Mode‘ are enabled.

P.S. If you are using your machine on a public network, I would suggest that you enable the firewall for only essential services. This is the most conservative mode and is sure to keep you uninvited traffic out. Read here for more info on Leopard’s Firewall.

5. Install an AntiVirus

Install a good anti-virus program – yes, you better believe it! While there may not be many known viruses for the Mac OS today, tomorrow may be a totally different story. I’m proud of the inherent security in Mac OS (I brag about it all the time to my friends), but I’m not naive enough to believe that it will be like this forever. Also, while you may not be at risk, you do not want to harbor a virus on your system that can be easily transfer a friend’s PC or your virtual machine. Grab a copy of a good anti-virus software and keep it up to date. I recommend Clam X AV – it’s very good plus it’s free – give it a try.

6. Change Default Password in Keychain

Keychain is a really great utility that ships with OS X that manages all your stored passwords, keys and certificates. The default settings need to be changed however to increase the security of your machine. When you first create your account, a default keychain called ‘login’ is created. There are two main problems with this default set-up. Firstly, the login keychain uses the same password as your account. Secondly, the keychain is unlocked as soon as you log into your account. Therefore, if someone gets a hold of your account password, they will also have access to all your other stored passwords. Let’s change that. First launch Keychain Access (Applications>Utilities>Keychain Access) and select the ‘ ‘login’ keychain. Navigate to Edit>Change Password For Keychain “login”. Replace the old password with a difficult new one. You can use the password generator to help you come up with a memorable yet difficult password. By changing the default password, the login keychain will not be unlocked automatically after logging into your account.

7. Show Keychain Status in Menubar

Remember we spoke about maintaining the balance between security and convenience. Well, now that your Keychain has a unique password, you will need an easy way to turn it on and off. Navigate to Keychain Access>Preferences and enable the checkbox to Show Status in Menu Bar. You will now see a small lock icon in your menu bar that will give you access to your keychain while using any application. For me, this is the most important menu bar item on my Mac. Click on the lock and a menubar will pop up with 2 important commands and 2 shortcuts.

Lock Screen – Whenever you are stepping away from your computer, always lock your screen. It will automatically launch your screensaver and require your account password to unlock.

Lock Keychain “login” – It is always a good idea to lock your keychain when it is not in use.

You can also quickly open Security Preferences and Keychain Access from the menubar item.

8. Keep Your OS and Applications Up to Date

Apple frequently releases updates for its applications and services that address security issues or bugs. It is important to keep your system up to date with the latest releases. Open System Preferences and under Software Update, select check for updates “Daily“. You can check for new updates by going to the Apple logo and running Software Update. It is also important to update third party applications also. Most applications give the option to check for an update at start-up (enable it) which makes this process a bit easier.

9. Enable The Guest Account & Fast User Switching

Ever so often, you may need to share your Mac with someone that you don’t want to access private data. The Guest Account was designed specifically for this purpose. Go to System Preferences>Accounts and enable the Guest Account. The best thing about the guest account is that upon log-out, all information and files in the Home Folder is erased and the account is brought back to its original settings. It can be quite a hassle to save and close all your applications just to lend a friend your computer for a few minutes. Therefore, you may want to enable Fast User Switching to allow you to quickly switch between both accounts without logging out. To enable this feature go to System Preferences>Accounts and select Login Options. Customize as desired.

10. Automatic Log-out or Screen Saver Password Lock

In the Security Pane under System Preferences, you can tell your Mac to log you out after a certain period of inactivity. Simply enable the preference and set the desired period of inactivity. You know, just in case you left your computer and left the screen unlocked.

As an alternative (or additionally), you can enable the option to require a password to wake the computer from sleep or screensaver. Combine this with a hot corner that triggers your screensaver and you can lock your computer with a quick mouse gestures.

11. Encrypt Your Home Folder with FileVault

FileVault (System Preferences>Security>FileVault) is a built in feature of Mac OS X that encrypts your home folder and decrypts it on the fly when you need to access your files. To enable FileVault you will need to set a Master Password.  If you forget this password, all your data will be lost. Please be aware of certain issues that FileVault has with Time Machine Backups:

Once FileVault is enabled, Time Machine will back up a user’s Home folder only after the user logs out.

Also, you cannot restore individual files.

Personally, I only recommend using FileVault if you have a large amount of highly sensitive data. If you only have a few files, just create an encrypted disk image (see below).

12. Use Encrypted Disk Images to Store/Send Sensitive Data
When storing sensitive data on your Mac, use an encrypted disk image. This is also very helpful if you are sending sensitive data via email – simply attach the disk image as a regular attachment. The recipient must have a mac and will need the password which you used to create the disk image in order to access it. You must provide this via another medium of course. If you can’t bother with the involved process of creating your own encrypted disk images, take a look at Espionage by Tao Effect.

13. Secure Empty Trash

When you delete a file, the file’s location is simply removed from your computer’s memory. The file is still located on the machine until it is overwritten by another file. When deleting sensitive material, it is a good practice to Secure Empty your Trash. In Finder, navigate to the FInder Menu and select Secure Empty Trash. OS X will run a 35-pass overwrite of the file, essential removing any trace of it or possibility of recovery.

Additional Thoughts & Extras

OS X’s Firewall does a great job at monitoring and shielding out unwanted incoming traffic, however, it does not monitor outgoing traffic. Do some reading on an application calledLittle Snitch(29.95) and give it a try. This app monitors all outgoing network traffic and allows you to grant access and set rules as you desire. I consider it be one of the few essential applications that need to be installed on a Mac!

Secure your home network using WPA encryption rather than the weak WEP that most providers use by default. Having a secure network at home will protect you against wardriving.

Third party software such as Undercover and LoJack may be helpful in the event that your Mac is actually stolen. They basically run in the background and if your machine is reported stolen, it will send location and additional info when it is connected to the internet.

Finally, you may also consider enabling an EFI or Open Firmware password. This will prevent someone from booting into your Mac from an Install Disk.

If you have any more helpful tips on securing your Mac, share them with us in the comments.