Initially it was though that hackers had been able to exploit an iCloud vulnerability, but Apple released the following statement a few days after the breach:
After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.
Passwords. Twenty years ago, the worst thing you could do with your password was write it down. And many did, in diaries, on post it notes stuck to monitors (actually, I’m thinking of a place I used to work where this is still done. I should call them.) Why? At the risk of stating the obvious, passwords are hard to remember. For most of us, brain bandwidth maxes out at 3 or 4 passwords. And now we seem to need or have more passwords than we ever did before, so people solve that memory crisis by using the same password over and over (and over) again. Yeah. You know you’re doing it. I know you’re doing it. Until I joined Paragon I did it too. But you have to stop. Really.
People. The world is out to get you. And that’s a direct quote from Philip. You MUST have better passwords.
So here’s some advice, from me and some experts on the internet, to you.
P.W. Singer, director of the Center for 21st Century Security and Intelligence at the Brookings Institution gave out some solid, easy to implement tips on Fresh Air earlier this year. In case you missed them:
1) Don’t use the same password for all of your different accounts. (See? It’s not just me banging this drum.)
2) Don’t use a common password. What’s a common password? Here’s a list of common, and by common we mean worst, passwords collected by SplashData from 2013. Raise your hand if you’ve used any of these:
3) Often it’s not the password itself, it’s the secondary question that can lead to an account being breached. (See Apple’s statement above.) Many of the questions they ask are common across sites (What’s your mother’s maiden name, anyone?) and some of these answers can be found through a little online sleuthing. Singer’s advice? Pick an an unconventional answer to a familiar question – like your favorite food becomes the answer to the maiden name question. Who’s going to guess pizza?! (Now – don’t use pizza!)
Worn out by requests for 8 characters with at leastoneuppercaselowercasenumberblablabla requirements sites throw at you? Good news. YOU don’t have to build a better password, because honestly, statistically it’s unlikely that you will. Get a Password Manager. Something we use a lot around here is Lastpass.com. You remember ONE password to get into your vault, and Lastpass remembers AND generates every other password (hard, long, random passwords) you’ll ever need. And if you have a weak password in your collection, Lastpass will helpfully suggest you change it. Installation is a bit of a bear, but stick with it, it’s great and free. You’ll need to go to the premium version ($12) to use it with mobile.
Be safe out there, people.