Mac Power Users 203: TextExpander

This week on Mac Power Users, David and I sit down to dive deep into one of our favorite apps, TextExpander. We talk about what TextExpander does, and then discuss various use cases for TextExpander from basic to advanced. Although Smile is a long-time sponsor of Mac Power Users, this show has been “on the list” since the early days of MPU and Smile had no input or advance knowledge of this show.

You can find the show on the MPU site or subscribe in iTunes or via RSS.

Mac Power Users 202: MPU Live: Getting Started, Extending Wi-Fi, Travel Tips, Evernote & More

Last Saturday was the first Saturday of the month which means it’s time for MPU Live. This week we had a show packed with feedback covering tips and tricks for using Evernote, how to travel internationally without getting hit with an unexpected data bill, extending your home Wi-Fi network and tips for getting started with productivity.

You can find the show on the MPU site or subscribe in iTunes or via RSS.

Mac Power Users 201: Mac at Home, PC at Work

This week on Mac Power Users, David and I are joined by Gabe Weatherhead (aka macdrifter) to talk about a common problem, using a Mac at home but a PC at work. We talk about solutions for gaining access to your favorite Mac apps or their data on your PC and how to stay productive in a “slider” environment.

You can find the show on the MPU site or subscribe in iTunes or via RSS.

Mac Power Users 200: The Story So Far…

David and I reached another milestone with Mac Power Users, publishing Episode 200 this weekend. This episode is a retrospective. David and I talk a bit about how we came to the Mac platform, the origins of the show, how we create an episode of Mac Power Users and answer a few listener questions. This episode is a sentimental one for me and ranks up among my favorites.

You can find the show on the MPU site or subscribe in iTunes or via RSS.

New MacSparky Field Guide: Presentations

My friend David Sparks has done it again. He’s releasing another Field Guide, this time tackling the topic of Presentations. The new book explains how to plan and create an exceptional presentation that will connect with your audience. David will share his tips and tricks for creating a truly stunning presentation while walking you through presentation day to make sure it goes off without a hitch. Of course because it’s a MacSparky Field Guide the book contains more than 30 screencasts, audio interviews and other rich media assets.

The book is available for pre-sale now and will be shipping on July 21st. You should also check out the cool trailer that David and his daughter put together promoting the book.

ScreenCastsOnline Monthly Magazine: Creating A Comprehensive Backup Strategy

This month’s issue of ScreenCasts Online Monthly Magazine is now available in Apple’s Newsstand App. In the June issue you’ll find an article from me about creating a comprehensive backup strategy.

The monthly magazine is packed with streamable versions of Don’s excellent video tutorials as well as articles, reviews and tips from authors including David SparksAllison SheridanWally Cherwinski and more. The magazine is free for ScreenCasts online Premium Members or available as a separate subscription or you can pickup individual issues. You can download it in the AppStore or find more info athttp://www.screencastsonline.com/magazine/

LaunchBar 6 and Alfred

Todd Oltoff was a guest on MPU 189 to talk about OS X Server. He’s also an accomplished screen caster and recently has released a screencast comparing the new LaunchBar 6 to Alfred 2.

I have a long history with application launchers. LaunchBar was my first love, but I switched to Alfred 2 when it was released. I’ve been using the new LaunchBar 6 since it was in beta and I’ve now made the switch back to LaunchBar. Part of it is simply personal preference and the new interface, but I also feel with the release of version 6 the features of LaunchBar have matured to the point where they are now on par with or in some areas exceed Alfred 2.

David and I are planning to do a comprehensive launcher show featuring LaunchBar, Alfred and the new Spotlight after OS X Yosemite is released. For now you can review our prior Mac Power Users episodes on LaunchBar and Alfred 2and check out Todd’s Screencast.

Essential Security Tips

The Heartbleed bug first made public earlier this summer is pretty nasty news, possibly the biggest security story of the year. People in the tech community seem to be on top of things. Though, when I speak to my less tech savvy friends and family, I find that they seem fairly unconcerned. Some of them have taken the tactic of this is simply the “new normal” and the cost/benefit of constant vigilance is simply not worth it. Others seem to adopt the approach that the “odds are it won’t impact them” and until they see evidence to the contrary there’s no need to take action. One friend told me “what’s the worst thing that can happen, they take money out of my account and I just contest the charge, right?”

I get it. Seems every other week we geeks are telling our friends and family about some other dire vulnerability they have to pay attention to. It’s exhausting. So the question is, how can people start making changes in their everyday practices to be more secure without letting security concerns take over their entire life? Here are a couple steps I’ve taken and encourage my friends and family to take. I’m listing these in order of importance, so if you can only get your friends and family on board with a few, start at the top of the list.

1) Get Your Passwords Under Control. 

Seriously, we must stop rotating the same passwords across all our sites. We’ve all been guilty of it at one time. Using the same password, or the same few passwords across all our various sites and services. Most people have a standard password they use for most things, maybe another “more secure password” then a couple different variations on the password. My brother and I joked as kids that if not for our parents poor password habits we would never have access to all their accounts. (Of course, we would never do such things now - the statute of limitations on past transgressions has long since run!).

The problem with using the same or similar passwords is if one site is compromised, then multiple services are ripe to be compromised as attackers will take your login credentials and start trying them on other services. Using strong unique passwords for all your accounts is the single best thing you can do to increase security. I’m a big fan of 1Password (full disclosure, they’re a long time sponsor of Mac Power Users) but there are other options including LastPass. In light of the Heartbreak bug, Don McAllister of ScreenCastsOnlinemade his 1Password 4 Tutorial free and it will walk you through getting setup and using the program. I’ve bought a family license to 1Password for my family and sent them Don’s tutorial.

If you can convince your loved ones to do nothing else, get them to change the way they think about passwords.

2) Change “Mission Critical” Passwords. 

Even if you start using a password manager today, that probably doesn’t make up for your past bad habits. The first thing to do is start going through your most critical passwords and services and changing them now to randomly generated, long, unique passwords. I call these your “mission critical” passwords and they would include financial institutions, email accounts, your AppleID, and file sharing and storage services. Basically, any site that has access to your personal data, financial information, or access to debit your credit card or bank account would fall in this category.

Furthermore, I suggest you get in the habit of regularly changing these passwords regardless of a breach. In 1Password I’ve created a custom tag called “Red Alert” for any site that falls in this category, and I make a note to change these passwords twice a year, or more often in the case of any security breach. (My friend David Sparks suggests you do this when the clocks change).) Regardless of your preference, pick a time, at least once, preferably twice, a year and go through and systematically change them. The process will take less than 30 minutes.

3) Setup Two-Factor Authentication. 

For the services that offer it, setup two-factor authentication. Two-factor authentication means that in order to access your sites, you’ll need to know something (your password) but you’ll also need to have something, typically your mobile phone. The implementation of two-factor authentication varies from service-to-service, but usually you require your authentication key every time you try to log in from a different computer, or every 30 days. This means if someone compromises your password they’ll also be prompted to enter a unique code, usually generated by or sent to your cell phone, to log into your account.

In a hypothetical scenario, let’s say a bad guy has managed to compromise my password to a particular service. Maybe through a security breach, social engineering or other means. When that person goes to log into an account using my username and password they’ll now be prompted for a security code that is generally sent to my cell phone by text message or accessed by an App on my phone. Now, said villain’s compromised passwords are useless unless he also has my cell phone.

Google has an Authenticator App that works with several services for retrieving authentication keys. Two-factor authentication is available for many services including GoogleDropboxEvernotePayPal, and to a limited extent your AppleID. If you want to learn more about how two-factor authentication works, Google has created a video walking through the process. There’s also a ScreenCastsOnline episode SCOM0417 all about two factor authentication, walking you through setting up many of the popular services

4) Change Passwords For Any Compromised Sites.

 It seems every day we’re hearing of a site that has been exploited. Mashable is keeping a hit-list of notable sites and whether they were impacted by the Heartbleed vulnerability. It should be noted this is by no means a comprehensive list, but it lists the more popular sites. If you use a site that is on this list, was known to be vulnerable, and has patched the vulnerability, time to change your passwords. Note that in the case of Google, if you use two-factor authentication you’ll also need to revoke and re-issue any application specific passwords. If you use Dropbox or a similar service, you’ll want to unlink your devices and log back in again with your new credentials. In response to vulnerabilities like Heartbleed, 1Password has introduced a new feature called “Watchtower” that is built into the application. Watchtower is a regularly updated database of compromised sites. It compares this list with your passwords and then check the date your passwords were last changed (whether before or after the venerability) to let you know whether your password needs to be updated.

5) Start Changing The Rest of Your Passwords.

 If you’ve been lax in your password policies in the past, the idea of going back and changing all your old passwords to new, randomly generated, secure, unique passwords can seem overwhelming. So, take it one step a time. I’m fond of the saying “stop digging the hole”. If you find yourself in a mess, sometimes the best thing you can do is just stop digging any deeper and slowly start working your way out. That’s usually the best approach to tackling your passwords, otherwise the task can be overwhelming and you’ll eventually give up.

After you’ve changed all your “mission critical” passwords (see step 2) and the password to sites we know were vulnerable to Heartbleed or other security breaches (see step 4) you can take a breather, but keep moving forward working on everything else. I suggest that as you come across a web site or service, take a moment and change your password. I’m not being particularly proactive about this, simply as I log into a service, I’m resetting my password and updating the password in 1Password. Over the course of a day you probably interact with a dozen different sites and services, so in the first week you should hit most sites you regularly interact with. After a month, you’ll probably hit 80 - 90% of all the sites and services you actively use. That’s huge.

This article first appeared in the May Issue of ScreencastsOnline Monthly Magazine.  ScreenCastsOnline monthly magazine is packed with hints, tips, articles and links to streamable versions of ScreenCastsOnline tutorials and delivered monthly via Newsstand on the iPad. You can find out more at http://www.screencastsonline.com/magazine/