Apple’s two-factor authentication system sets up a chain of trust from one device to another. By ensuring your identity on one device, that device can then authenticate you on another device, and provide you with enhanced features, such as an Apple Watch unlocking a Mac, or an iPhone authorizing Apple Pay on a Mac. Understanding this chain of trust helps you better understand how Apple protects you.
It’s Black Friday again, either the day we release this episode if you’re in Europe, or next week, if you’re in the US. It’s the day when you can get some good deals on things you need, discounts on things you don’t need, and, if you’re not careful, you could get scammed. We discuss some best practices for buying new and used on Black Friday, and warn you about buying a used iPhone.
We discuss Apple’s new 16″ MacBook Pro with a redesigned keyboard; two new entrants in the video streaming market, Apple TV+ and Disney+; a bug in Facebook’s app; Google’s Pixel 4’s face unlock; and more.
Designer Khoi Vinh weighs in on a recent article called The Ultimate Guide to Strong Passwords in 2019, by Jon Xavier. This article points out how to have the strongest password: how long it should be, that it doesn’t need special characters or numbers, that there’s no need to regularly change it unless it has been compromized, etc.
Vinh points out my biggest annoyances with password managers (like him, I use 1Password).
It’s also difficult for a password manager to understand when a password is applicable to more than one site or app. Once a password is created, it’s often matched exclusively to the domain of that site. So if your login is also valid on a closely related site, as is the case with many sites from large companies, the password manager won’t automatically recognize the relationship and present the relevant login.
I have lots of sites where I have passwords stored for login.domain.com, user.domain.com, domain.com, etc. If I just look at Apple, which has a number of sub-domains, and check one of my passwords, 1Password shows me this:
They’re not “reused,” they are just used with different subdomains:
Arguably, some of these are no longer used, but 1Password cannot understand that it is not wrong to use the same password for all these sites. I understand that there are cases where different sub-domains should have different passwords, but a password manager should be able to allow you to map a password to a domain regardless of its subdomain.
Another example is Amazon. You may not know this, but if you have an account with one Amazon store, you can use it in any Amazon store (US, UK, Canada, etc.). I do use multiple Amazon stores, and have a separate login in 1Password for each one. So there is a long list of Amazon logins, with various subdomains – 54 in all – and these can’t all be grouped. The ones with different sub-domains can, but each store (each country) has a different top-level domain.
With the release of iPadOS, the iPad has become a serious competitor to a laptop. While you can’t do everything on an iPad that you can on a laptop, the gulf between the two is getting slimmer. We talk with Ian Schray, a dedicated iPad user, about replacing a laptop with an iPad.
Apple has release a whole slew of security updates this week, stretching back quite far, and we discuss some of the changes, and also Apple’s problematic HomePod update. Equifax is sued for using admin as user name and password to protect sensitive data. (Duh.) And we take a close look at the many security alerts and dialogs you see with macOS Catalina.
After a couple of news items, about Apple sending browsing data to Tencent in China, and a Google exec warning people to be wary of its smart home devices, we discuss Josh’s talk at the MacTech conference about developing a security mindset.
Josh and Kirk celebrate the two-year anniversary of the podcast, and discuss getting ready to upgrade to Catalina, with tips on how to ensure that your upgrade will be smooth, and the most efficient way to upgrade your Mac.
Josh and Kirk discuss the many updates to iOS 13, how legit-looking lightning cables that can hack your devices will soon be on sale, how malspam mostly tries to trick people with bogus links, a Touch ID issue, and much more.
As iOS 13 is out, Josh and Kirk discuss its new features and what you can look forward to. They also discuss how smart TVs spy on you, sending data about everything you watch. They also discuss a new SIM card flaw, and an iOS 13 lock screen bypass.