The Impact of the iCloud Breach on Password Mangement
September 17, 2014
In light of the exposed iCloud hack, it’s an appropriate time to readdress password management online. If you have yet to take password management more seriously since the revelation of the Heartbleed virus and multiple other breaches, it’s about time you take control.
Managing access to online accounts will not ensure total security against malicious hackers, but it’s the first line of defense against intrusions. One roadblock is better than none at all. Let’s quickly revisit creating passwords, storing them, and the other avenues that bypass password access such as security questions.
Create Unfamiliar Passwords
In an earlier post, we touched on the topic of how not to create a password. You should mix letters, numbers and special characters into passwords. Such combinations can often become confusing and leave you forgetful, frustrated and unable to access your bank account online, Facebook profile, or even email.
Unless you’re unable to create passwords with an eclectic combination of characters (certain websites restrict special characters), do it. The more complicated the password proves tougher.
Secondly, all passwords should contain unfamiliar topics, numbers and no personal information. Even if it’s your favorite baseball team, a park you visit often, or other details related to your life, avoid these subjects. The most effective hackers turn to a form of social engineering by targeting social media accounts filled with publicly available information through pictures and posts on Facebook, Twitter, Google+, Instagram, Pinterest and wherever you’re active. Do not look for password inspiration in these places.
Should you let the browser “Remember this Password”?
The only person who should have access to your passwords is you. If you’re as sensitive or skeptical about internet browser password managers, then do not trust Google Chrome, Safari or even Mozilla Firefox. When that prompt says, “Would you like to remember the password for…?”, do not click yes.
Yes, it’s a convenient option, but unsafe. If someone gains access to your computer, whether physically or in another capacity, they have free roam of your saved passwords through the browsers.
If you’re forgetful, then a personal paper notepad may serve the purpose, but otherwise there is no proven method for password storage.
Security Questions give hackers holes into accounts
Apple did recently add two-step verification to iCloud, but that should not prevent you from rethinking how you set up security questions. For online banking, email, student loans, and other important accounts with credit card or personal information, you should reset the answers to those questions.
Security questions are often familiar and easily attainable for hackers. Instead of accessing an account with a password, hit the “Forgot your password” option and go the alternative route. The answers to the questions might be evident when malicious hackers target and review your publicly visible social media accounts, work biography on the company website, or other instances where you share your hobbies, background, and additional information that could provide them hints.
Treat the typical security questions as separate passwords. This may create more confusion when you forget the initial password, but if you’re truly concerned about personal security online, then it may prove a necessary step for security.