jjmarcus tech solutions

I keep private information in a password-protected Word document. Is there a better way to store this stuff? Also, from what I’ve read, we should be using passwords that a password manager invents. Should we use Apple’s built-in Keychain, or perhaps Dropbox’s password manager?

I’ll first emphasize that you can certainly use protected documents in Word or Apple Notes (instructions for the former below). It’s easy, however, to identify the clunkiness of this method. For infrequently-accessed information, occasionally having to enter a properly long password is no big deal, but having to do that every time you want to log into a web site rather strips away the benefits of using a computer. In addition, searching for and copying out the relevant data is beyond inconvenient. 

Once you embrace a password manager and start filling it with your data — all your logins, credit cards, bank account info, passport and other citizen info, frequent-flyer numbers, and on and on including pictures of passports and cards and birth certificates — I think you’ll find it fluid and easy to access all of that data on all your devices, even when offline. 

I’ve covered the rules for online security: Each of your passwords should be long, strong, and unique, completely different from any other you use. Rather than trying to use some pattern that you hope will be memorizable, let the password manager generate your passwords for you, relieving your time and concentration. Many folks express concerns about this idea to me, and I remind them that they can always reset their password for any given account using a link sent to their email. Also, with the prevalence of multi-factor authentication, you’ll need one of your gadgets to sign in anyway, so you might as well go the automated route for all of this.

My opinions of the various options, as stated in a previous post, persist: Apple users should go with 1Password. (I’ll sound a heavy “no” to Dropbox’s offering.) And while I remain glad that there are third-party services out there, I’m especially gratified that Apple has considerably improved their built-in password management synced with iCloud. The password generation is easy, as is setting up two-factor authentication, and they support a newer technology called passkeys. Most crucially, with the next system release this fall, they will let us share our passwords via Family Sharing.

And I definitely recommend the 1Password family plan, so you can have any of this stuff in a shared vault for your loved ones. I don’t need to go into the emergency scenarios in which this can be far more than handy.

I can get you into it in short order, making sure it’s all installed everywhere so you can be smoothly off and running with it.

---

From Microsoft’s Protect a document with a password:

Passwords are case-sensitive and can be a maximum of 15 characters long… If you lose or forget your password, Word won’t be able to recover it for you. Be sure to keep the a copy of the password in a safe place or create a strong password that you’ll remember.

1. Go to File > Info > Protect Document > Encrypt with Password.
2. Type a password, then type it again to confirm it.
3. Save the file to make sure the password takes effect.

A client writes:

Our kid is headed to college for science.  They would like a 14”. Any recommendations on specs?

I deeply love the 14” MacBook Pro, and as long as they prefer the extra performance and connectivity over the lighter weight of the MacBook Air, there’s zero other reason not to go that route. 

Now to specs. Start with the middle config:

12-Core CPU
19-Core GPU
16GB Unified Memory
1TB SSD Storage

That would probably do them just fine, with these qualifiers:

• The M2 Pro chip will suit most everyone’s needs. The Max is for people putting extra-heavy loads on their computers. High-def video rendering, intense computation, yadda yadda. Or wanting to win bragging contests. But go for the 12-core CPU Pro to maximize the computer’s value and relevance over time. 
• Upgrade to 32GB RAM if they will be doing any work that requires a lot of memory: high-res audio, video big datasets, big apps. if that work is not the main of their time, they wouldn’t save much time with the M2 Max chip, but memory can disappear fast. 
• Consider 2TB storage if, for example, they’re a heavy media consumer/collector 

And always AppleCare+! I love the new monthly option, so it just keeps going until I stop it. 

Gonna put these quick’n’dirty then a little wordier:

1. Hide your screen
2. Use a password manager
3. Don’t use a personal address or phone number for work stuff
4. MFA MFA MFA†
5. No MFA by text
6. All passwords are different and long and random and unmemorable
7. All passwords go in the password manager
8. Never share logins
9. If something looks suspicious, it is

Now longer:

1. Always assume your screen is being viewed by someone else unless you are taking active measures to prevent that. Shoulder-surfers are a real and present danger. Never reveal a password onscreen or type your passcode unless you are certain no one can see
2. Always sign up for work-related services using your @yourworkdomain.com email address
3. Always use multi-factor authentication† via an authenticator app. If you use a password manager (you use a password manager, right?) then using it for MFA is likely your best choice, but if someone on your team ends up using another one, that’s totally fine.
   • Never choose to receive MFA via SMS text or a mobile number
4. Always use a password generated by your password manager
5. Never share login information with anyone, including the boss. If the boss asks, it should be to test the user’s security acumen.
6. Always assume that if something looks suspicious, it is. Otherwise put, careful what you click. AI-generated spam and deep-fake voices are real and cheaply-accessible things now, and people are getting scammed constantly. Real communication looks and feels real, and most importantly, is verifiable by a real person. 

†It is known by many names so I list them. These all refer to the same fundamental idea: two-factor authentication, multi-factor authentication, 2FA, MFA, one-time password, time-based one-time password, OTP, TOTP

We have a lot of old backup drives that we don’t need anymore. How could we get rid of them?

I don’t want to enable any hoarding tendencies, but I really don’t like the thought of my hard drives, and thus my data, being out there in the wild. The US military does not believe that a magnetic hard disk drive can ever be truly erased, and I have no desire to test that.

That said, I know some people simply don’t care, and I can’t make ’em. Ideally you’d at least erase them so your stuff doesn’t get out there. But as I mature(-ish), I learn how unpractical—and maaaaybe bordering on paranoid—that might be. In which case take ’em to Best Buy for responsible recycling.

Does that help?

We bought the new Apple TV for the conference room. Is there anything special that I need to do besides plugging it in to to make sure that everyone is able to connect to it via AirPlay?

Should be pretty straightforward. Just name it something simpler, logical, and/or fun, and join it to your wifi. From there it should work straightaway.

There are some settings to consider for security, branding, and office environment in Settings > AirPlay and HomeKit, including new ones in the new aTV. You might especially look at Conference Room Display. I don’t think you necessarily want to require a PIN code every time someone wants to connect, unless that has ever been an issue, but you might wanna make sure that it is in fact off.

If you use AirPlay heavily in a business environment, and you have a more versatile router, we can give the Apple TV higher priority on the network to reduce hiccups.

Wrote this to some friends and family a while ago:

I realize this is out of left field, but call it a sanity check with people I know to be actively concerned with proper capitalization and writing well in general. I am curious whether this makes any sense to you:

I have always been really annoyed by the auto-capitalization on iPhone. And especially since dictation and now the slide-to-type keyboard in iOS 13, it feels like a lot of apps are increasingly arbitrary about what they capitalize. That makes me have to go back and fix things, which seems counter to the whole idea of automating something.

So…I turned off auto-capitalization in Settings > General > Keyboard. I already feel more relaxed. I can still double-tap the spacebar to get a “.” period. But any failure to capitalize is entirely my own, so less frustrating.

that’s my first question: if you are even interested in the experiment, does it have the same appeal for you?

second question is, how much does it bother you to see everything lowercased, as in these last paragraphs?

thank you for reading. I didn’t think this was going to be such a long explanation, but I realized I started writing a blog post. I still want to bounce it off y’all first though.

I may have to take back my iMac Pro! It keeps crashing while asleep. I put it to sleep at night and wake up to find it is off. When I turn it on I get the ol’ “Your computer was restarted because of a problem” error. It works ok when working but I wonder if this isn’t an omen? This happens almost every time I put it to sleep for a while, even while going to lunch.

I’d bet dollars to doughnuts that’s not your iMac but one of your peripheral devices. Try unplugging everything you can when you put it to sleep, even keyboard and mouse. If you don’t encounter that error, leave keyboard and mouse plugged in next time you put it to sleep. If no error, plug in main backup drive. If no error, add your next most important device. Rinse and repeat. Eventually we all—fine, the lucky ones—narrow it down to the cheap USB hub we bought 7 years ago… 😉 (In one case for me, it was actually a card reader that I had in the expansion slot of my MBP.)

In the end, after that experimentation, if it’s the Mac, it’s the Mac. Let me know what you find!

I am thinking of buying a new iPad or gently used one. My current phone is a 64GB model and I’ve barely used half of the storage, so I think a 64GB iPad would do it. But I don’t know about cellular. What are your thoughts?

I love the recent iPad Air models, and while I might enjoy a Pro that much more, I know my personal productivity wouldn’t benefit that much from the extra performance. The iPad minis are also super sleek and totable. (Might even be some new ones coming soon!)

I have found that, because of better cameras that inspire more photography, and more available media to enjoy, its really a good idea for most people to spring for at least 128GB. (I prefer 256GB so I don’t ever have to worry about it.) That said, I see your screenshot, so perhaps you’d do fine with 64GB. If you at all suspect your needs might increase, get the bigger size.

Since the phones have personal hotspots, I no longer keep a cellular account for my iPad. And I keep them long enough that the slightly higher resale value of the cellular-enabled models is great enough to justify the personal cost. If you’re that mobile and need the Internet always on at a moment’s notice, get the cellular, otherwise skip it.

And I’m alllll about buying refurbished devices as long as they are under warranty. Also used ones, for sure, from a site with buyer protections like eBay or my new fave, Mercari. Just be very clear about the model and specs you’re getting. Listers might be misleading or just mistaken.

A Mac-based business wrote:

We potentially have a virus issue. We all received an email from a colleague stating that he was sharing a document via OneDrive. Some employees clicked on the link, but could not open the attachment. So they sent a group email asking if anyone else got this email from the colleague.

I texted the sender asking if his email was legit…and he said “Don’t open that!” Apparently his boss got hacked last week and her email sent out those messages. He clicked on it. Now his email is sending out those same emails.

I’m not sure what to do here—can you assist? Is there a scan that they/we can run? Is it something you can help with remotely?

We don’t yet know that there’s any cause for concern. To start with, have any of you gotten any indication that your own accounts are spamming other people with this bogus message?

Additionally, I have somewhat less concern for anyone who tried to open it on a Mac or via Outlook on the web. How many of you use the Outlook app on Windows?

I don’t tend to act as an alarmist in these situations, not because there isn’t a concern, but because any cause for concern gets triggered by initially opening the attachment. If you don’t see misbehavior, sussing the possible attack or effects can’t be comprehensive. It could be something that hits your computer, or your email, or ransomware that locks your files, and you don’t know ’til you know.

So with all that said:

1. Any of y’all please be encouraged to change your email and computer passwords. Also, if you haven’t enabled two-factor authentication in your email accounts (or any other online service), run-don’t-walk to do that.
2. Please ask the team if anyone has noticed their computer misbehaving, especially the browsers. If Safari, Firefox, or Chrome (or Brave or Vivaldi or Opera or…probably not Lynx…) misbehave in any suspicious way, let’s check it out. Most likely symptoms would be pestilent pop-ups, bogus search engines (i.e. does that really look like the real google.com?), persistently changed homepages, or unwanted buttons or extensions.
3. We can do audits of each of your computers, or you can run manual scans in Windows (see below) or Malwarebytes for Mac: https://www.malwarebytes.com/mac/.
4. You could each check with your correspondents to see if anyone got similar spam from you.

Please holler as soon as you run into any of that!

I hit a file on the Synology the other day that was corrupt. Is there a Disk Utility equivalent to run?

Oy. I’m real sorry you encountered that stressor.

There are just a couple of tools in the Synology* to deal with file degradation after the fact. I know you don’t need me to say that probability of recovery is a black box, but it’s worth a go. Also, I prefer to have a backup of everything on a volume before I repair the file system on it:

First, look in Storage Manager > Overview. If the volume reports as anything but “✅ Healthy,” you can repair it. Look for the same kind of thing in Storage Manager > Storage Pool. More info here.

I’m always hesitant to give a “here’s how to prevent this in the future” after a bad event, but DSM Self Healing is worth considering, primarily because you keep live data, as opposed to just backups, on the box.

Note that you have to enable “Enable data checksum for advanced data integrity” when you first create a shared folder. But it would be easy enough to recreate your shares and move everything into them.

Also in the future-proofing vein, I absolutely recommend any Synology owner subscribe to Backblaze B2 backup. Enabling it on the NAS is a little nerdy, but worth it for peace of mind. Here’s a guide.

* The Synology OS is called Disk Station Manager (DSM)