Ride the Lightning

Password Lessons from Apple's Celebgate

September 9, 2014

I'm not going to pretend I know exactly what happened in Apple's now notorious Celebgate, where so many photos of nude celebrities were released on the Internet. Certainly it was stupid that Apple allowed users to guess passwords endlessly without being locked out.

But many people believe that the celebrities' passwords, in this case, were discovered by guessing the answers to their security questions. David Pogue wrote a fun post about all this which was followed by another fun (but very thought-provoking) post from my friend Jim Calloway.

The unlikely name of the post was "My Mother's Maiden Name was XK37B_PWRD!" Its basic message was that your answers to password security questions should be bogus. That way it would be pretty darn hard to guess at the answers, especially if you take the precautions that Jim lists in the post. One thing I liked is that the answers, being false, won't change – and Jim gives you tips to remember them too.

In a world where companies like Apple tend to err on the side of user friendliness over security, this is a great way to foil intruders.

On the other hand, does anyone really want to post naked photos of you? The answer may diminish your enthusiasm for taking extreme security measures.

My guess is that many of the celebs had no idea that they were syncing all those photos to the iCloud. A hard lesson for many – and there were probably some difficult conversations with their mothers explaining how those photos came to be taken.

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq