I am waiting for the day when passwords are a distant memory. To be safe and secure you have to use long and difficult to remember ones. You also should never use the same ones on different sites and change often. I would much prefer a temp password sent by text that only last 15 minutes before it expires then only need to remember the email address or username.
I don't use passwords I can remember on any site I care about my security. I mash keys on the keyboard and save it in an encrypted store. I must authenticate to get access to my password and do the copy and paste thing. Works great and no one is guessing my passwords anytime soon. I also highly recommend this method for user name selection too. The bank doesn't need my name in my user ID, so why should I put it there and lower my security. Also, I store the made up answers to my security questions in the same encrypted store. So there will be no guessing as to the answers as they are fabricated per account. You don't need to give the bank your mothers real maiden name or her real birthdate. Using public record data for recovery authentication is just dumb. It is just as bad as every place trying to use the last four digits of your social security number.
Don't answer security questions with a real answer.
If you went to elementary school at PS 123, then you don't give that as an answer when it asks you what school you went to.
I said that.
However, most people will also use the same answers across all sites that have the same or even any security questions. No different then using the same password across all sites. If someone literally hacked one site they then can easily gain info from all your sites then using the same answer.
What Apple is saying is iCloud was not broken in to and encrypted photos et al were not taken and decrypted. What they are [I]slyly[/I] saying is the hackers figured out how to login as the celebrity through some other means and then downloaded the pics. Two completely different things.
However, most people will also use the same answers across all sites that have the same or even any security questions. No different then using the same password across all sites. If someone literally hacked one site they then can easily gain info from all your sites then using the same answer.
Yes, many people do probably do that, and they will one day come to regret it, because if and when they do get hacked, everything will be vulnerable. Sucks to be them I guess.
What Apple is saying is iCloud was not broken in to and encrypted photos et al were not taken and decrypted. What they are slyly saying is the hackers figured out how to login as the celebrity through some other means and then downloaded the pics. Two completely different things.
Once and for all, if you rent a public storage, someone stole your key and gained access to it, do you blame the storage rental place or yourself? Same thing here.
However, most people will also use the same answers across all sites that have the same or even any security questions. No different then using the same password across all sites. If someone literally hacked one site they then can easily gain info from all your sites then using the same answer.
Meanwhile thousands of people simply answer phishing emails, that 'seem' to come from Apple, and voluntarily give their user name and passwords to whoever sent the email.
So most likely the majority of those celebs were stupid, careless and ignorant.
They're probably the kind of stupid people that would use their birthdates in their passwords, or the name of their pets or some other, extremely easy to guess passwords. Especially if somebody is a famous celeb, finding personal information about them online isn't exactly difficult.
And they also probably chose very easy to guess security questions, that anybody who has access to a search engine could easily figure out.
I emphatically do not agree with blaming the victim for a crime committed against them.
If you're not a celebrity and you're a regular person that is bright enough to have secure passwords and good security answers, then you are fine.
It just strikes me as worrying that if a small subset of society (celebrity) can be hacked, and these targeted individuals all had poor passwords and/or security questions, then a lot of people can be hacked there by rendering iCloud unsafe for a lot of people by virtue of their own idiocy. Surely iCloud needs an extra security measure, like a unique alpha numeric pin or something, or something that can't be retrieved or searched for by a hacker. Basically to act as an extra measure for people that don't care about their password or questions being rubbish.
It just strikes me as worrying that if a small subset of society (celebrity) can be hacked, and these targeted individuals all had poor passwords and/or security questions, then a lot of people can be hacked there by rendering iCloud unsafe for a lot of people by virtue of their own idiocy. Surely iCloud needs an extra security measure, like a unique alpha numeric pin or something, or something that can't be retrieved or searched for by a hacker. Basically to act as an extra measure for people that don't care about their password or questions being rubbish.
From Apple's PR: "After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone."
It may have been a breach of Twitter (for example), which could've yielded email addresses and passwords that were re-used for their iCloud login.
As the investigation is ongoing, they are not going to tip their hand yet.
I emphatically do not agree with blaming the victim for a crime committed against them.
I don't have any problems with blaming the victim. I mean, it all depends on the circumstances.
If somebody chooses to walk around in an area of town that is known to be unsafe and crime infested at 3am and they are flashing around money or wearing expensive jewelry, do they deserve to be shot and robbed? No they do not, but it is certainly understandable if it happened to them.
The internet is not a safe place. There are all sorts of scumbags and criminals on the internet, and I'm sorry, but I can not feel sorry for anybody who gets their account broken into, if they had a password like "cat" or "dog".
And I especially don't feel sorry for anybody who falsely accuses Apple for their problem.
It just strikes me as worrying that if a small subset of society (celebrity) can be hacked, and these targeted individuals all had poor passwords and/or security questions, then a lot of people can be hacked there by rendering iCloud unsafe for a lot of people by virtue of their own idiocy. Surely iCloud needs an extra security measure, like a unique alpha numeric pin or something, or something that can't be retrieved or searched for by a hacker. Basically to act as an extra measure for people that don't care about their password or questions being rubbish.
Sure, I wouldn't have any objections if Apple implements even stronger security, especially since they are going to be rolling out their new payment system.
I have a few different bank accounts, and some of them use a hardware dongle in addition to regular passwords when you log in.
Comments
There is a reason these people are famous and people want to see pics of them, and it isn't because of their brains...
/end sexist but true remark
Agreed!
It's not like pervert hackers are downloading scans of these women's brains and admiring them!
Oh my, what a lovely cerebellum she has! Her temporal lobe seriously turns me on man!
Sometimes its easier to gain access to someones info by going the security question route vs. guessing at the password.
Pro tip.
Don't answer security questions with a real answer.
If you went to elementary school at PS 123, then you don't give that as an answer when it asks you what school you went to.
Agreed!
It's not like pervert hackers are downloading scans of these women's brains and admiring them!
Oh my, what a lovely cerebellum she has! Her temporal lobe seriously turns me on man!
Yeah, they re not usually the brightest peas in the pod and maybe have to have simple answers and passwords so that they will remember them.
I am waiting for the day when passwords are a distant memory. To be safe and secure you have to use long and difficult to remember ones. You also should never use the same ones on different sites and change often. I would much prefer a temp password sent by text that only last 15 minutes before it expires then only need to remember the email address or username.
I don't use passwords I can remember on any site I care about my security. I mash keys on the keyboard and save it in an encrypted store. I must authenticate to get access to my password and do the copy and paste thing. Works great and no one is guessing my passwords anytime soon. I also highly recommend this method for user name selection too. The bank doesn't need my name in my user ID, so why should I put it there and lower my security. Also, I store the made up answers to my security questions in the same encrypted store. So there will be no guessing as to the answers as they are fabricated per account. You don't need to give the bank your mothers real maiden name or her real birthdate. Using public record data for recovery authentication is just dumb. It is just as bad as every place trying to use the last four digits of your social security number.
Um, well that's ok then? We don't have to worry about our accounts being compromised unless we're celebrities being targeted? Did I get that right?
Um, well that's ok then? We don't have to worry about our accounts being compromised unless we're celebrities being targeted? Did I get that right?
If you're not a celebrity and you're a regular person that is bright enough to have secure passwords and good security answers, then you are fine.
If you're not a celebrity and you're a regular person that is bright enough to have secure passwords and good security answers, then you are fine.
iCloud was not compromised and it was a targeted attack (IMO, likely a phishing attack but no one is confirming or denying this).
Pro tip.
Don't answer security questions with a real answer.
If you went to elementary school at PS 123, then you don't give that as an answer when it asks you what school you went to.
I said that.
However, most people will also use the same answers across all sites that have the same or even any security questions. No different then using the same password across all sites. If someone literally hacked one site they then can easily gain info from all your sites then using the same answer.
However, most people will also use the same answers across all sites that have the same or even any security questions. No different then using the same password across all sites. If someone literally hacked one site they then can easily gain info from all your sites then using the same answer.
Yes, many people do probably do that, and they will one day come to regret it, because if and when they do get hacked, everything will be vulnerable. Sucks to be them I guess.
What Apple is saying is iCloud was not broken in to and encrypted photos et al were not taken and decrypted. What they are slyly saying is the hackers figured out how to login as the celebrity through some other means and then downloaded the pics. Two completely different things.
Phish. Ing.
OMG, your favorite singer in high schools was ********** too? What a coincidence.
Meanwhile thousands of people simply answer phishing emails, that 'seem' to come from Apple, and voluntarily give their user name and passwords to whoever sent the email.
In other news: www.theverge.com/2014/9/2/6098347/home-depot-investigating-potentially-massive-credit-card-hack
Home Depot hacked.
I think all of these targets of hacking will come crawling to Apple for a secure transaction solution.
So most likely the majority of those celebs were stupid, careless and ignorant.
They're probably the kind of stupid people that would use their birthdates in their passwords, or the name of their pets or some other, extremely easy to guess passwords. Especially if somebody is a famous celeb, finding personal information about them online isn't exactly difficult.
And they also probably chose very easy to guess security questions, that anybody who has access to a search engine could easily figure out.
I emphatically do not agree with blaming the victim for a crime committed against them.
If you're not a celebrity and you're a regular person that is bright enough to have secure passwords and good security answers, then you are fine.
It just strikes me as worrying that if a small subset of society (celebrity) can be hacked, and these targeted individuals all had poor passwords and/or security questions, then a lot of people can be hacked there by rendering iCloud unsafe for a lot of people by virtue of their own idiocy. Surely iCloud needs an extra security measure, like a unique alpha numeric pin or something, or something that can't be retrieved or searched for by a hacker. Basically to act as an extra measure for people that don't care about their password or questions being rubbish.
It just strikes me as worrying that if a small subset of society (celebrity) can be hacked, and these targeted individuals all had poor passwords and/or security questions, then a lot of people can be hacked there by rendering iCloud unsafe for a lot of people by virtue of their own idiocy. Surely iCloud needs an extra security measure, like a unique alpha numeric pin or something, or something that can't be retrieved or searched for by a hacker. Basically to act as an extra measure for people that don't care about their password or questions being rubbish.
From Apple's PR: "After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone."
It may have been a breach of Twitter (for example), which could've yielded email addresses and passwords that were re-used for their iCloud login.
As the investigation is ongoing, they are not going to tip their hand yet.
I emphatically do not agree with blaming the victim for a crime committed against them.
I don't have any problems with blaming the victim. I mean, it all depends on the circumstances.
If somebody chooses to walk around in an area of town that is known to be unsafe and crime infested at 3am and they are flashing around money or wearing expensive jewelry, do they deserve to be shot and robbed? No they do not, but it is certainly understandable if it happened to them.
The internet is not a safe place. There are all sorts of scumbags and criminals on the internet, and I'm sorry, but I can not feel sorry for anybody who gets their account broken into, if they had a password like "cat" or "dog".
And I especially don't feel sorry for anybody who falsely accuses Apple for their problem.
It just strikes me as worrying that if a small subset of society (celebrity) can be hacked, and these targeted individuals all had poor passwords and/or security questions, then a lot of people can be hacked there by rendering iCloud unsafe for a lot of people by virtue of their own idiocy. Surely iCloud needs an extra security measure, like a unique alpha numeric pin or something, or something that can't be retrieved or searched for by a hacker. Basically to act as an extra measure for people that don't care about their password or questions being rubbish.
Sure, I wouldn't have any objections if Apple implements even stronger security, especially since they are going to be rolling out their new payment system.
I have a few different bank accounts, and some of them use a hardware dongle in addition to regular passwords when you log in.