[Examples Gallery Update: 9/4/2014]
With the recent compromise of a number of celebrities iCloud Photo Streams there is, yet again, more focus on passwords, security and how to protect yourself.
In the case of this most recent attack the perpetrators simply attempted to use a number of common passwords along with figuring out the security questions to compromise the accounts in question. Apple has denied that iCloud was hacked by exploiting a hole in the “Find My iPhone” feature and that any exposed issue has been patched.
OK… but now what?
We need to better educate ourselves, our faculty, our students on how to protect themselves and their information as we ask them to do more and more online.
A few tips:
- To start, make sure you have a secure password. It should have a combination of upper and lowercase letters, include numbers and symbols and be greater than 8 characters long. Birth dates, anniversaries, family or pet names should be avoided as they can be easily guessed.
- This may sound simple, but don’t share you password with anyone. In school this is something that we tell our students and faculty upfront. At our school we have ways to solve you technical problems without you having to give us your password and if you school or organization doesn’t have a way to do that be sure to change your password frequently.
- Try using a password with a twist. If you don’t want to have a different password for every site and service you use try adding a prefix of suffix to your password for that particular service. You might use “MyS3cret_facebook” for Facebook and “MyS3cret_gmail” for your Google account.
- Enable two-step or two-factor verification for your accounts. While this will only really protect you against people changing you account information or password it is an added level of security to take when trying to secure your information online.
“Give a man a fish and you feed him for a day; teach a man to “phish” and you feed him all your passwords…”
Phishing, as defined by Wikipedia is “… is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity.”