My iCloud Password is “iCloud”

Active Directory | September 4, 2014 | 2 min read

I guess the editor at MCP Magazine who fired me for talking about passphrases and ways to secure your passwords is looking rather foolish at this point. Years and years ago, I wrote an article on securing passwords – only to be told that I was out of touch with reality when I suggested that everyone needed to use more secure passwords. With the latest attack on the iCloud due to weak and pathetic passwords, you’d think that the attack’s victims would have appreciated learning the password strategies I was advocating 10 years ago!

Apple now is saying that it is not their fault that the nude pictures of so many celebrities were obtained from their cloud storage. Does that mean that the weak questions for iCloud password recovery aren’t their responsibility either? I truly hope that this latest attack on the iCloud opens the eyes of everyone who uses social media, social networking, centralized cloud storage, and other online resources. I also hope that corporations realize that their private and valuable data within the confines of their own data centers is also ripe for attack.

Apparently, the attacks used common and easy to find information about the celebrities in order to hack their accounts. If you just go to the www.icloud.com site you can click on an option that says “I forgot my password.” Next, you’re asked to either receive an email or answer security questions. Questions like “What is your birthday?” “What was your high school mascot?”,“What is the first name of your best friend in high school?” “What was the model of your first car?” Where was your favorite job?”

It is fun to share your most inner and secret information on the Internet, until someone uses it against you. Creating secure, nearly unhackable, nearly un-guessable passwords is not hard! Actually, it is rather easy. To be honest, it is much easier than a simple password, which you forget and need to use the “I forgot my password” utility on Internet web sites. In fact, I just wrote a blog post about this last month, “My Mom Said My Password Was Important.”

I am sure that little ol’ me will not get everyone to use secure passwords. However, I hope that everyone who reads my blog posts will share them with their friends, and they share with their friends, and so on and so forth. Pay it forward, as they say. I hope I am not writing another blog post regarding passwords in the next month, but based on the pattern we are in, there is a good chance I will.

Enforce custom strong password policies for enterprise users. Try ADSelfService Plus | Download Free Trial