Press "Enter" to skip to content

James Koole Posts

How I Secure My MacBook Pro

Securing a computer is a balancing act. On one hand, if you go for complete security of your data, you’ll be annoyed by repeated password entries and other hassles. On the other hand, if you rid yourself of even a few of those pesky little hassles, it compromises security.

Who cares?

If you wondering why it even matters, think about what you have on your computer right now. I bet you have easy access to your email account(s), photos, probably a year or more of your browsing history and logged in sessions for your online banking, and who knows what else.

Would you hand your computer to a stranger, walk away for an hour and let them dig around? Of course not. Losing it or having it stolen is the same thing except it’s more than an hour, and the person with your laptop is going to be looking for more than your bathroom selfies.

It’s all about balance

I’ve got what I think is a pretty good balance now. Here’s how I’m set up:

I have a good user account password for my MacBook. It’s long, contains things other than lower case letters but it’s still memorable enough that I can type it in if required.

The user account password on a Mac is almost useless if someone gets physical control of your computer as it can be bypassed without much effort. With that in mind, I also have a firmware password set. My firmware password is not the same as my user password, it isn’t very memorable and I store it safely in 1Password in case I ever need to use it.

I also have FileVault full-disk encryption enabled. That means my full hard drive is encrypted and protected from prying eyes, even if someone clones the drive or steals my whole computer.

‘Unattended’ consequences

None of those things do much if I leave my Mac logged in and unattended. To mitigate this risk, I have fairly aggressive screensaver and lock settings. My screensaver starts after one minute and my computer locks five seconds after the screen saver is activated. Closing the lid puts my Mac to sleep and locks it immediately.

For example, if I’m sitting at my desk and don’t interact with my Mac for a minute, the screensaver starts. I have five seconds to flick the trackpad and clear the screensaver before it locks my Mac, requiring the password.

When I leave my desk, my computer is vulnerable for the first minute and five seconds which is probably not the end of the world where I work. I sometimes use the “hot corners” feature of macOS to instantly start the screensaver if I am leaving my desk, or I use Alfred to quickly start it from the keyboard.

The ‘key’ to reducing password entry annoyance

Entering my user password a few dozen times a day is a bit of a pain point, so I invested in a Yubikey 4 USB key. This little device works with macOS Sierra and when it’s plugged in to one of the USB ports on my Mac, the requirement for my user password is reduced to a requirement to enter a 6-digit numeric pin which is quick and easy to type.

1Password

As noted above, I also use 1Password to help keep all my online accounts secure. I have unique, long, unmemorable passwords on every online service I use, and I rely on the 1Password browser extension to log me into the various accounts on my Mac and the 1Password app on my iPhone.

The Yubikey 4 offers some additional convenience for 1Password. While there isn’t the full support I’d like for these type of hardward keys, the Yubikey 4 in particular can store a static password that it will enter on demand by pressing a button on the key.

I have my 1Password password stored in the Yubikey and when the 1Password extension asks for my password, I touch the button on my key for a few seconds and the Yubikey 4 types the password in for me, and hits enter. That allows me to to set the lock delay for 1Password to a much shorter duration as it removes the annoyance of having to type a long password in every time I want to use the extension.

Balance achieved

Overall I’m finding this to be a workable balance. My MacBook Pro is locked and secured behind good passwords when it is unattended. When I do need to log in, the Yubikey makes it much less annoying by lowering the requirement to a PIN.

If my laptop is stolen while closed, I’m covered. The data is encrypted and locked away. My user account is safe. Inside the office, my data is safe from snoopers by enforcing a quick account lock. I never store the Yubikey with my MacBook unless it’s plugged into the USB port. If I leave my MacBook on my desk at the office, I take the Yubikey with me. When my MacBook is in a bag over my shoulder, the Yubikey is in my pocket on a keyring.

Total investment was about $40 USD for the Yubikey, $5USD/month for 1Password Family, and some time getting the various screensaver and lock timings set up.

Leave a Comment

Using ProtonMail alongside iCloud (or another free email service)

I recently made the switch to using ProtonMail on a custom domain for the majority of my email. I like that ProtonMail stores all of my email encrypted and that they use end-to-end TLS when sending and receiving email to and from most large email providers. It means that nobody should be able to snoop my email in transit, and that in the event that my account is compromised, the contents aren’t readable by anyone since they are encrypted (hello, John Podesta…this would have saved you guys bigly).

To make the switch, I’m using a bunch of email forwards to handle things like bill emails and various notifications so I don’t have to update them anymore and I can also have some of them sent to myself and also to my spouse so she knows what’s happening with our finances.

While I’d love to completely cutover to ProtonMail, switching email addresses for all my friends and family is a pain. Because of this, I’m continuing to use iCloud email for a lot of my personal emails. I’m more comfortable with iCloud than something like Yahoo or Gmail because it isn’t ad-supported. I trust Apple to maintain security of my emails. Obviously, I don’t trust someone like Yahoo or Gmail to do the same based on past experience.

That said, I also don’t want all my mail sitting in iCloud forever (just in case), so I’ve set it up to forward my mail to my encrypted box at ProtonMail automatically.

On the ProtonMail side, I use their Gmail-like filters and tags to archive and mark that mail as read, so I don’t get double notified. I tag that mail as “forwarded” so I can find it later and add other tags like “bills” to keep things nicely organized.

The one missing feature I would love to see in ProtonMail is the ability to send via outside SMTP servers so I could reply to my iCloud email within ProtonMail. I’m hopeful that we’ll see that in time, but it’s not the end of the world for now.

Other than that, I feel much more secure knowing my email is stored encrypted in ProtonMail. Over time, I’m hoping to slowly ease back on my use of iCloud and ProtonMail plus a custom domain is turning out to be a great first couple of steps towards that.

Comments closed

Privacy Matters

Some things you should do if you value your privacy online:

  • Stop using FB Messenger, start using Signal: Facebook is a data-mining, advertising company with (some say) ties to the CIA. Stop communicating though Facebook or Google, or SMS. It’s not private. Use Signal or at least use the secret messaging function of FB Messenger which you can choose to enable when starting a new conversation.
  • Stop using GMail, start using your own domain email: GMail, Hotmail, etc. all read your mail to advertise and build a profile on you. That’s not a good tradeoff for providing email service. Get email on your own domain from Hover, Fastmail, or ProtonMail or use iCloud instead (if you use Apple products). Bonus points if you learn about and use PGP for really important communication.
  • Stop using Google, start using DuckDuckGo: Again with the profiling. You search, Google profiles you. Everything you search for, they know about. If you are okay with that, then you should have your head examined. Use DuckDuckGo instead. The search results are just as good, and they don’t track you. Ever.
Comments closed

Stop Hating, Start Listening

My hope today is that everyone will drop the hate and anti-Trump or anti-Hillary rhetoric and talk to the other side instead of writing them off.

I believe in my heart that even the worst of Trump’s supporters have the ability to change. I’m talking about the ones that were attracted to him by the racism, sexism and all the other ‘isms. Dare I say it, even Trump himself has shown an ability to change over the course of the election campaign through dialog and through (he says) talking with his wife, and children. He has much work to do before I’d consider him a changed person, but that means only that we all have work to do to help him change too.

Attacking people for how they think and forcing change on them doesn’t accomplish anything. Working to learn about the roots of their hate and addressing the issues that brought us all where to we are at can lead to real change.

Consider where people grew up and the environmental factors that influenced them throughout their lives. Believe and offer the benefit of the doubt that they are fallible humans with the real potential to understand and change. Realize that they may be right and accept that you may be wrong.

Much to learn

As a Canadian and as a Torontonian looking south, this week has shown me that I have much to learn as well. I’m just as guilty of attacking those with other viewpoints as our American neighbours on both sides of the debate.

It’s been a real tough week of introspection for me and at the same time, it’s been very good for the soul for me to start questioning myself on things like how I reacted to the election of Rob Ford, and the problems we face in our city.

I’m one of the “fallible humans with the real potential to understand and change” that I talked about three paragraphs back. It’s been tough to admit that, but it’s also true. I’ve also realized that in some cases, I’ve been wrong and accepting that has also been difficult.

Sadness slowly turning to hope

Many tears have been shed since Tuesday in conversations with my wife, my friends and with myself. Mostly I’ve been terribly sad and upset by the hatred that I’ve heard around the office, out in public and also coming through in the posts on my Facebook and Twitter feeds.

At the same time I’m slowly feeling more encouraged by the number of great conversations that I’ve had over the last two days as the tone changes, and the rhetoric slowly fades from view in favour of exchanges of viewpoints and ideas. Minds are opening through real conversation and minds are being changed on both sides.

I’m finally hopeful. In a weirdly fucked up and backwards way, the election of Donald Trump has brought me the hope that we can figure this all out and make a better world for everyone.

Progress

We can’t all agree on everything and that’s fine.

Discord is good for our communities and our country; it is these differences of opinion which can lead to changes of opinion. With that comes real progress.

Discord is also dangerous. Screaming at, and writing off others because of their opinions, or shutting down in the face of disagreements, leads to both sides digging in and refusing to acknowledge the other. That, in turn, sows the seeds of division and perpetuates the cycle of hate.

Listen, learn and then maybe engage. Stop fighting. Rise above it and extend a hand or offer a hug.

At least in my social circles, we’re slowly starting to learn from each other and it’s so great to see. Spread it around.

Comments closed

Where is the Hope?

We all need to come to grips with the fact that there are tens of millions of people in one of the richest countries in the world that feel hopeless.

They live in cities that were once beautiful places to live and work and raise a family. Those cities, like Flint, Michigan, are now empty places with lead in the water, factories in ruins and where there is no hope for a future. There are “Flints” all across the USA.

They live in ghettos where unemployment is so high it’s easier to count those with jobs than without. Where gun violence kills more in a single night than are killed in Toronto in a year. Where the only escape is gangs and crime.

Look where the election turned for Trump and you’ll see exactly where the pain is the worst. In Michigan. In Pennsylvania. In Ohio. All through the south. Once proud blue collar towns…abandoned and crumbling. Coal towns…dying and dead. People with no jobs, and no hope for a job. No future.

To those people, a vote for Donald Trump represented a vote for hope. To the millions that voted for him, Donald J. Trump is Obama 2.0.

Except this time, they hope, it’s actually going to be different. Obama promised change, but didn’t deliver. His eight years in office brought them nothing except another trade deal they see as the final death blow to their towns and lives and health care that can’t afford but are now forced to pay for under penalty of law.

Clinton offered more of the same Obama rhetoric combined with more of the same Bill Clinton policy of globalism and free trade that ruined their lives. Can you see why they walked into that voting booth and filled in the line or checked the box next to Trump/Pence?

Think what you want about Donald Trump. I’m not going to try to convince you he’s anything different from what you believe him to be. I agree he’s no saint, and if even half of what was said about him is true then it’s clear he’s not the kind of leader anyone wants. His views on women, immigrants and minorities and his abusive tone is disturbing to say the least.

But no matter what you think of Trump as a person, consider that millions of people across the country have lost hope to the point that they were willing to stand up at the table and push their meagre chip pile “all in” on the one person in the election who came to their towns and came to their cities and towns and told them, “I hear you. You are hurting. I’m going to fix that…we’re going to fix that.”

Watch this Trump video and tell me I’m wrong. Look at the faces of the people at those rallies. Tens of thousands were out at each rally over the last few nights, but their story was ignored by the media who instead showed footage of Clinton rallies with millionaire celebrities and singers. I’ve watched it over and over and it makes me emotional every single time.

Look at those people. Are they racists? Do they hate gay people? Do they believe they can treat women as objects? Maybe some are. But you can’t paint the whole lot of them with that brush. If you did, that would be bigoted.

The people in that video, and the tens of thousands at Trump rallies and the millions who voted for him saw a vote for Donald J. Trump as their only hope. Think about that for a minute. The worst candidate probably in the history of the USA was and is their only hope.

Are they right? Is Trump offering real hope or just more of the same story that they’ve lived through for the last 24 years?

Trump may be more of the same, and the disillusioned and demoralized will have lost even more faith in the government that they desperately need to give them hope. Or he’ll actually come through and bring everyone together to deliver on his promises to put them back to work building up the country to what it used to be.

The American Dream died under Clinton, Bush and Obama. Donald Trump says he’ll bring it back to life. Tens of millions made a bet that this self-proclaimed, foul-mouthed, asshole outsider can bring it back.

Here’s hoping.

p.s. If you are from Toronto, think about Rob Ford for just a minute. Consider the hopeless in our city. The ones living in public housing that is falling apart, riding buses across Rexdale and Scarborough where decent rapid transit to take them to their minimum wage job is still years away.

Remember how Rob Ford was the one person who went to their buildings and told them not to lose hope? Right. And the very people who failed the most needy and vulnerable amongst us turned around and literally tore Ford down, brick by brick until he was dead. And we were all secretly happy.

Shame on us all.

3 Comments