|
Strong passwords
http://www.emptyage.com/post/2867987...as-hacked-hard
yikes! i just went through and reset all my passwords after reading this. So maybe you saw my Twitter going nuts tonight. Or you saw Gizmodo’s Twitter account blow up. Or you saw this in AllThingsD. Or this in the DailyDot. Although embarrassing, Twitter was the least of it. In short, someone gained entry to my iCloud account, used it to remote wipe all of my devices, and get entry into other accounts too. Here’s what happened: At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it’s not. Especially given that I’ve been using it for, well, years and years. My guess is they used brute force to get the password (see update) and then reset it to do the damage to my devices. The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed. At 5:00 PM, they remote wiped my iPhone At 5:01 PM, they remote wiped my iPad At 5:05, they remote wiped my MacBook Air. A few minutes after that, they took over my Twitter. Because, a long time ago, I had linked my Twitter to Gizmodo’s they were then able to gain entry to that as well. |
Who uses only 7 character passwords? There's the mistake.
|
Not using Google 2-factor authentication = stupid.
Apple not offering it as an option at all = really stupid. |
I'm glad the article was updated to indicate that the password was gained by other means.
Yes brute forcing a password is certainly possible, and it's made a lot easier when short passwords, dictionary and non-complex passwords are used. However, the majority of online sites prevent such attacks these days by locking the account after incorrect logins. My best guess is that the password was stolen through other means, eg. using a trojanised computer, falling for a phishing attack ... Or, the challenge questions for the Apple account not being secure. |
Originally Posted by ScottC
(Post 19060550)
Not using Google 2-factor authentication = stupid.
Apple not offering it as an option at all = really stupid. ^^ And make a small investment: 1Password |
Originally Posted by dtsm
(Post 19060718)
^^
And make a small investment: 1Password |
Originally Posted by njxbean
(Post 19062553)
is 1password better than lastpass?
Lastpass is free* 1password is $50 Both appear to support most everything out there... |
Report from Gizmodo now is that the "hacker" socially engineered his way into the account:
http://gizmodo.com/5931931/hackers-g...sword-required So, no 2-factor AND tech reps who'll let someone sweet talk their way into an account that can wipe all your devices. Niiiiiice :D |
I wish there was more uniformity in character limits, both in number and types of characters. Since Windows 2000, a password on a Windows computer can be as many as 127 characters, including spaces, but many banking and credit card sites allow no more than 12-14 characters. Some sites also do not allow the use of some special characters.
I like being able to create a simply remembered sentence (one of my passwords used to be "I want to play golf!") that is more difficult to guess than a single word or character combination. I also like that certain websites require you to pick a phrase and picture that will be displayed sometime during the logon process--it certainly seems a good additional defense to phishing scams. |
ZD net says that he actually discussed with the hacker how he got in.
Wonder then if he found our first from the Hacker or first from Apple? |
Originally Posted by lwildernorva
(Post 19063518)
I also like that certain websites require you to pick a phrase and picture that will be displayed sometime during the logon process--it certainly seems a good additional defense to phishing scams.
|
Originally Posted by Flahusky
(Post 19063156)
maybe...
Lastpass is free* 1password is $50 Both appear to support most everything out there... |
Originally Posted by dtsm
(Post 19068248)
Lastpass is free. Lastpass Premium [similar to 1Password] is not free.....and not sure if there are lastpass apps for iPhone and iPad?
|
Originally Posted by dtsm
(Post 19068248)
Lastpass is free. Lastpass Premium [similar to 1Password] is not free.....and not sure if there are lastpass apps for iPhone and iPad?
Originally Posted by ScottC
(Post 19060550)
Not using Google 2-factor authentication = stupid.
Apple not offering it as an option at all = really stupid. |
Originally Posted by gfunkdave
(Post 19068789)
The LastPass Premium is IIRC $10/year and gives you access to the full functionality of the mobile apps, which are available for Android and iOS.
1Password [which is more prevalent for Mac users] is a one time purchase [$39.99]. I like 1Password because it stays on your computer and not loaded in a cloud [although you have option to upload to your dropbox]. I back up and keep multiple copies just in case. And sync with my two devices regularly. Here's a comparison of the two apps: 1Password wins http://www.40tech.com/2011/05/16/las...s-more-secure/ http://www.techerator.com/2011/03/wh...for-1password/ Lastpass wins http://fusiongrokker.com/post/my-exp...rd-to-lastpass Bottom line - you can't go wrong with either, YMMV! :) |
| All times are GMT -6. The time now is 10:03 am. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.