Digital Security Foundations

May 12, 2025

Keep Your Digital Treasures Safe with Built-in Password Managers

Never Lose Your Keys Again: Your Device's Password Vault

🌊 This Fortnight's Skim: Built-in Password Managers

Securing your digital treasures with tools you already have

Think of your device's password manager as your very own treasure chest where all your precious passwords are stored safely. You've already got one master key (your device login) that opens the chest, and everything inside is protected like pearls in an oyster.

Quick-start: Your first secure vault

For Apple Users: Getting the Most from “Passwords” 

  1. Download the dedicated Passwords app from the App Store (iOS 18+) or use Settings > Passwords (earlier versions)
  2. Open the app and authenticate with Face ID/Touch ID
  3. Tap the + icon to manually add passwords or let it auto-save from Safari
  4. Use the search function to quickly find specific accounts
  5. Check "Security Recommendations" for weak or compromised passwords
  6. Enable password sharing with trusted contacts via the sharing options
  7. Use the "Verification Codes" tab for built-in 2FA code generation
  8. Set up the app on Mac (Sonoma 14.0+) for seamless desktop integration


For Google Users: Power-User Chrome Setup

  1. Chrome://password-manager > Settings > Enable all security features
  2. Import passwords from other managers via "Import passwords"
  3. Set up Password Health checkup with regular automated scans
  4. Enable "Biometric authentication for filling" in advanced settings
  5. Configure sync passphrase for extra encryption layer
  6. Use Chrome's built-in password generator settings to customise complexity rules


For Windows Users: Enterprise-Level Security

  1. Enable Windows Hello for Business (face/fingerprint) for seamless access
  2. Configure Microsoft Authenticator for password sync across devices
  3. Set up conditional access policies if using Microsoft 365
  4. Enable password monitor alerts for 200+ million compromised password database
  5. Use Edge's "Collections" to organise passwords by client or project
  6. Enable "Secure account recovery" with trusted contacts

💫 Smooth Stones: Tech Terms Simplified

Today's Term: Two-Factor Authentication (2FA)

Like having two guards at your digital door instead of one. Your password is the first guard, and a code sent to your phone is the second. Double the protection, double the peace of mind.

But here's what most people don't know about 2FA:


Types of 2FA (from strongest to weakest):

  1. Hardware Security Keys - Physical devices you plug in or tap (like YubiKey)
  2. Authenticator Apps - Time-based codes from apps like Google Authenticator
  3. SMS/Text Messages - Codes sent to your phone (convenient but less secure)
  4. Email Codes - Sent to your email address (weakest form)


Why SMS isn't always best: While text messages are convenient, they can be intercepted through "SIM swapping" attacks where criminals transfer your number to their device. That's why authenticator apps or your device's built-in code generators are more secure.


Built-in 2FA Options You Already Have:

  • Apple: Built-in verification codes in Settings > Passwords > Verification Codes
  • Google: Authenticator app or built-in Chrome prompts
  • Microsoft: Authenticator app with push notifications


Quick Win: Enable 2FA on these accounts first (in order of importance):

  1. Email accounts (especially if they're the recovery method for others)
  2. Banking and financial services
  3. Password manager account
  4. Website hosting and domain registrar
  5. Business social media accounts


The 2FA Backup Rule: Always set up backup codes or a backup method when enabling 2FA. Store these recovery codes in your password manager - if you lose your phone, these codes are your lifeline back into your accounts.

🌟 Pebble Drops: Advanced Security Features You're Already Paying For

Apple's Hidden Gems:

  • Private Relay: Like a personal VPN for Safari browsing (requires iCloud+)
  • Hide My Email: Generate unique email addresses for different services
  • App-Specific Passwords: Secure authentication for third-party apps
  • Two-Factor Authentication Codes: Built-in generation without additional apps
  • Keychain Access: Direct password sharing between specific devices and users


Google's Power Features:

  • Password Health Reports: Identifies weak, reused, or compromised passwords across accounts
  • Cross-Account Protection: Shares security alerts across Google services
  • Advanced Protection Programme: Extra security for high-risk accounts
  • Breach Monitoring: Automatic dark web monitoring for your saved passwords
  • Password Family Sharing: Secure sharing with up to 5 family members


Microsoft's Business-Grade Tools:

  • Passwordless Authentication: Complete elimination of passwords using biometrics
  • Risk-Based Conditional Access: Intelligent authentication based on location/device
  • Password Protection: Custom banned password lists for your organisation
  • FIDO2 Security Keys: Hardware-based authentication support
  • Privileged Identity Management: Enhanced control for admin accounts


*Pro Tip from the Pebbles:

Set up all three password managers with the same strong master password, then compare which one fits your workflow best. Many businesses use Apple for personal tasks, Chrome for browsing, and Edge for Microsoft 365 work - you can have them all sync securely.

🌊 Making Waves: Client Success Story

Sarah used to keep passwords in a spreadsheet. After one close call with a phishing attempt, she started using her iPhone's built-in password manager. "Now I can manage all my client accounts securely, and I never worry about syncing issues since it's all native to my device. The best part? It didn't cost me anything extra!"

🔐 Our tech simplification tip:

Start using one built-in password manager consistently for two weeks. Most people find it becomes second nature and wonder how they managed without it.

🪨 Your next stepping stone:

Ready to secure your business systems comprehensively? Our Rock Stack Balance package helps you set up all your password management and security systems efficiently. Book a chat to see how we can help.

📚 The complete Digital Security Guide will be available in our Founding Pebbles Membership Area  - add your name to the waiting list to find out when it launches!

Stay secure,
Vix and the Pebble Co Team

Painting Pebbles: Why Creativity Still Beats Any Digital Tool

By Vix Novissimo April 22, 2025
Sometimes, the most profound business lessons come from the most unexpected places.