Think twice before encrypting your HFS+ volumes on High Sierra – Bombich Software

One of our users made a startling discovery this week after upgrading to High Sierra. He had an HFS+ formatted 16TB RAID device, and had always intended to enable encryption on that volume. There’s no OS on it, so he simply right-clicked on the volume in the Finder and chose the option to encrypt it.

This is an easy way to enable encryption on a volume: plug in a password, verify, add a hint, done!

Oddly, though, [Carbon Copy Cloner], Disk Utility, and Terminal all agreed that his HFS+ volume was now an APFS Encrypted volume. Naturally he contacted AppleCare. “Not possible, says Apple”, he reported.

Yet again, Apple support doesn’t know what they’re talking about.

This is particularly worrisome. If you convert a disk to the new APFS (Apple File System), it won’t be readable from a computer that is not running on an APFS volume. So if you have a problem with your computer, you may not be able to access data on that disk. Also, this means you cannot encrypt a portable hard drive on an APFS computer if you plan to use that drive with a non-APFS computer (ie, one running macOS Sierra or earlier).

Source: Think twice before encrypting your HFS+ volumes on High Sierra | Carbon Copy Cloner | Bombich Software

Apple Two Factor Authentication and Sign-In Location

I set up two-factor authentication for my Apple ID yesterday. I had tried previously, and it was a disaster. In spite of some confusing instructions from Apple, it seems to have worked so far.

But I was surprised to find that, when I was logging into different devices, it didn’t show the correct location.

I’m not near London; I’m about 100 miles away.

Coincidentally, Glenn Fleishman has an article in Macworld about this today. But he doesn’t really explain why this happens. He mentions someone in Louisiana, who is told he’s logging in near San Fransisco; or his wife, who gets told she’s logging in about 30 miles from where she is.

I don’t use a VPN, which would certainly affect this, and I find it surprising that the Apple devices that already know my exact location can’t pass this info on to Apple’s authentication servers. Because if I look on Apple Maps on the same iPad, it pinpoints me, exactly where I am.

This is particularly disturbing because it may make you think that someone is trying to hack your account. If you have just tried to log into your Apple ID on a device, you can safely assume that the alert is simply worng. Or can you? This doesn’t seem like good security to me.

Safely wipe your iPhone or iPad before trading it in or reselling it – iMazing

When you upgrade to a new iPhone or iPad, you may want to sell or give away your old device, or pass it on to a friend or family member. When you do this, you need to make sure that the device is erased so the new user can’t access any of your data. At the same time, you need to ensure that you can transfer your existing data to the new device. These operations are simple, but it’s important to prepare for the change.

Your entire iPhone or iPad is encrypted; all the data is protected, and only when you unlock the device can you access any of it. As such, erasing the device – as we explain below – ensures that no one can access the data. There is no need to use apps that claim to “fully erase” the device, since all the data that remains is inaccessible because of this encryption. In addition, these apps cannot access the file system, so they can’t even erase all the data.

But iMazing can help you back up your device before wiping it, making sure that your backup does indeed contain all your data.

Here’s how to safely wipe your iPhone or iPad before selling it:

Read the rest of the article on

How to Securely Dispose of Your Old Mac

It’s time to move on and end your relationship with your current Mac. You had good times together; you’ll always have memories of the best moments you shared. But there’s a better Mac now, it may be faster, have a better display, or be lighter and more portable. While break-ups are always tough, it’s good to make this one as smooth as possible.

Your Mac contains a lot of personal information, and is connected to a number of Apple accounts. When you plan to dispose of your Mac — whether you sell it, give it away, or send it for recycling — there are a number of things you should do to make sure your data and your accounts remain secure. There are also a few steps you need to take to remove that Mac from Apple’s accounts.

In this article, I go over the 8 steps you should take before getting rid of a Mac.

Read the rest of the article on the Mac Security Blog.

How to Choose and Answer Security Questions

To help you keep your online accounts safe, most web and cloud services have you answer a number of security questions. You are asked a few things that you know, and that you can remember–such as your first pet’s name, or your mother’s maiden name–so you can access your account and prove your identity, if you forget or lose your password.

Yet sometimes these security questions are too simple, and the answers you provide may be things that people can find out about you far too easily in a web search or on social media. You may tweet a photo of your first dog, and mention that his name was Rex. You may post on Facebook that you met your second grade teacher, Mrs. Harrison. And your mother’s maiden name may be so widely used that anyone who hacks into a large database of user information could find it.

Fortunately, there are ways to get around this. This post explains how to choose the best security questions you should answer, and how to securely answer them so no one can figure them out.

Read the rest of the article on the Mac Security Blog.

Protect Your Tweets with Twitter’s New Privacy and Data Options

In this recent article, we looked at how you can protect your children’s social media accounts, making sure that only their friends can see what they post and interact with them. We covered a number of major social media apps, such as Facebook, Instagram, WhatsApp, and more.

Twitter is a bit different, and its security and privacy settings go beyond what many of the other companies offer. Twitter recently rolled out new options to help prevent abuse and to protect its users, as well as new options telling Twitter how the company can use your personal data.

In this article, I’m going to take a close look at Twitter’s privacy and safety settings, and explain how you can protect your kids from bullying on Twitter, how you can limit the use of personal data, and how you can adjust other privacy and safety settings.

Read the rest of the article on the Mac Security Blog.

The iPhone at 10: Still No Major Malware

Many people are writing about the success of the iPhone, and how ten years on, we can clearly see how it changed personal computing. As the fastest-selling consumer electronic device ever, this pocket computer has swept across the globe like a tsunami, selling hundreds of millions of units. In the past year alone, Apple has sold more than 200 million iPhones.

One of the biggest successes of the iPhone is its security. In a time when surfing the web has its dangers, there has been no serious malware in the ten years of its existence. Computer users have long been used to needing anti-virus software on their devices, especially on Windows PCs. Generally speaking, this software can slow down computers, isn’t totally reliable, and may be costly. (Free anti-virus software exists, but paid software is always better and more efficient.) Yet we simply don’t need this on the iPhone.

Read the rest of the article on The Mac Security Blog.

How to Manage Privacy Settings on Popular iOS Apps

Kids and teens are using apps to stay in touch with friends, follow celebrities, and get news — they’re all doing it. These social media apps allow them to share their lives online, but there’s a danger in children telling too much. Earlier this week we explained what your kids should never tell anyone online, and today we’ll discuss how you can manage privacy settings on some of the most popular iOS apps.

Most social media apps have privacy settings that can help keep kids safe, but they’re not always easy to find. It’s a good idea to ensure that none of these accounts are public, so your kids won’t be harassed. They can still tweet and view photos from others, and they can invite their friends to share with them, but they’ll be safe from online predators and bullies.

Following is a look at some of the popular social media apps for iPhone and iPad, and how you can set up your kids’ accounts so they stay private.

Read the rest of the article on The Mac Security Blog.

8 Things to Teach Your Kids Never to Give Out Online

Children sometimes say the darnedest things. And that’s fine, if they’re at home, at school, or hanging out with friends. But if they’re online–on social media, in chat rooms, in online multiplayer apps–then the things they say can have consequences.

When kids are chatting with others on the Internet, they may mention personal information that shouldn’t be shared. They may talk about where they are, or where they’re planning to be. They may mention that their parents aren’t home, or that they’re working late. And they may give out their address, phone number, or more. All of these things can be very dangerous.

Parents need to explain to children what things they should never give out online, and kids need to understand why. In this article, I’m going to discuss 8 things that kids should never mention online. If you’re a parent, take some time to talk to your children and explain why these bits of seemingly innocuous information can lead to danger.

Read the rest of the article on The Mac Security Blog.

Apple’s new iCloud security requirements: How it affects you and the software you use – Macworld

If you use iCloud for email, calendar events, or contacts with any apps other than those made by Apple, and you haven’t upgraded the security on your account to use two-factor authentication (2FA), syncing and other interaction will fail starting June 15. That’s when Apple imposes a new security requirement that requires unique passwords for all third-party software that works with iCloud accounts. That includes apps like BusyContacts, Fantastical, and Thunderbird, to name a few of hundreds, as well as online services that sync with iCloud or retrieve email.

I mentioned this in an article last week. Apple’s two-factor authentication is problematic, and as Glenn Fleishman points out at Macworld, it’s not that secure. In fact, it’s probably less secure, at least as far as third-party apps are considered.

Glenn mentions that John Chaffee of BusyMac, developer of BusyCal and BusyContacts, “has been trying to get attention for this problem for some time.” Chaffee says, “”My guess is that 99 percent of users have no clue about app-specific passwords and Apple does very little to help them figure it out. The vast majority of our tech support requests are from users who are unable to connect to iCloud and have no idea why.”

Indeed. Users of third-party apps will be flummoxed, and many will blindly go turn on two-factor authentication and encounter problems that will lock them out of their iCloud accounts, if they do anything slightly wrong. But beyond that, I think that many people will stop using third-party apps; I’m thinking of doing so. Even though I think that Apple’s Calendar is inferior to the many third-party calendar apps for macOS and iOS, I’m not prepared to again enter the two-factor labyrinth, that was such a disaster the first time I tried it.

And Apple points out that, this time, if you turn on two-factor authentication, you cannot turn it off. I think this is going to be a disaster for many users, and for developers of third-party apps that need access to iCloud data.

Source: Apple’s new iCloud security requirements: How it affects you and the software you use | Macworld