> Even if the leaks result from one at a time social engineering, it still really calls into question the practical security of the cloud. I doubt it's much harder to steal, e.g. confidential business documents from executives' cloud accounts than it is to steal pictures from celebrities' cloud accounts.
> If I were a big organization with confidential information, I'd really be thinking hard about my cloud policies and my BYOD policies right now. The policy at my previous employer (we handled a lot of extremely sensitive information), was pretty draconian: data never leaves a company desktop, laptop, or blackberry.
The fact that the users may be the biggest security leak is more alarming than it is relieving. Software bugs can be fixed. Getting users to follow proper security practices is much harder. And frankly, it doesn't help that the industry is actively user hostile. I gmail my passwords to myself because every site has different password rules and force me to change my passwords too often.
I agree with you about the wider industry problem, but for your own personal use just start using a password manager. Just do it.
I have all my two-factor reset keys in KeePassX at home and all normal passwords in last pass.
I actually lost a two factor code for Linode when I lost my phone with the Google authenticator app on it and having those reset codes in KeePassX was a life saver.
If KeePass purposefully injected a vulnerability, it would just be that dev/project that would fail. If 1Password were to do the same, that company and all the people that work for it would go down. I'd personally see this as more of a reason to trust 1Password over KeePass.
The primary argument is that the code is open and you can audit it, but in reality that doesn't really happen unless there is a real drive to do it (like we saw recently with TrueCrypt).
I trust/distrust both about the same amount. But 1Password has more resources behind it so they are doing more to try and secure the data within the encrypted store.
Free allows much more organic adoption - I can recommend a friend to use KeePass without worrying a bit that he doesn't think 1Password is a good investment. I can mandate it for my team at work without having to get it expensed.
> this seems to be an area where it's really worth investing money in getting the more reliable solution.
You're stating that "Free as in Beer" == "Less Reliable" and the fact that something costs money implies with 100% accuracy that it is reliable. Neither of these are true. Arguing that I'm bringing up a strawman because I said "Free vs. Millions of Dollars" instead of "Free vs. $50" is beside the point.
And I never even came close to saying that "something costs money implies with 100% accuracy that it is reliable". You are once again making up words to put in my mouth.
The fact is, a lot of people still believe the "open source == more eyeballs" myth, even though that is a myth. Open source does not equate to reliability. And when it comes to software that requires this much trust, a company built around a product is more inherently trustworthy than open source, as the entire company is on the line with their product (and the livelihood of all their employees), whereas with the open source product only the reputation of the author(s) is at stake.
Please note that, once again, I am not saying this is a "100% accurate" indicator of reliability. There are many factors at play. One important factor would be whether the software in question has ever undergone a security audit. Another would be whether there's proper documentation on the encryption (i.e. 1Password's file format is completely documented, both so third party software can use it if need be, and so the security of the file format can be vetted). A third would be the involvement of anyone who is already previously known to be an expert in the field. Etc.
Edit: Come on guys, please stop drive-by downvoting. If you disagree, comment!
Edit: And hates being told they hate it. How meta. If you disagree, please leave a comment. Drive-by downvoting does not help anyone.
On the other hand, AgileBits (makers of 1Password) is a company, with actual money on the line (in addition to reputation) serving as an assurance that the product will not only continue to be developed, but will remain secure.
If KeePass screws up, some reputation is lost, people may switch to another product, and the developer(s) can just move on to working on other software if KeePass can't be salvaged. If AgileBits screws up, not only is reputation lost, but so are paying customers, depending on the severity the entire company might go belly-up (e.g. if 1Password is compromised heavily enough that it can't be trusted anymore), a lot of people are suddenly out of a job, etc. Basically, there's a lot more at stake for AgileBits, which makes it much easier to trust that not only are they going to do their job right, but they're also going to have processes in place to ensure a build never gets released externally that doesn't pass QA, etc.
And don't forget that as a paying customer of AgileBits, I can get support from them for any problem I might be having. Open source projects don't typically employ support personnel, and generally rely on the community to try and provide whatever support they can.
Ultimately, this comes down to the fact that this is a specialized class of software, where one breach can mean irreparable damage as the attacker now has access to your passwords for everything. For that kind of software, I really want the backing of a company, with a significant amount to lose, rather than just some unknown collection of open source developers.
Which is to say, for nearly any other class of software, I'm much more inclined to judge it based on its merits, and open source has a lot of advantages. But this isn't any other class of software.
I might be a strange case, but I just have this feeling "real" companies spend their $$$ on meetings in Bahamas and Ferraris, while FOSS/OSS would be more open to security audits/etc.
A company with money on the line can (also) easily be shut down or aquired. I imagine a FOSS/OSS team would be demanding more guarantees for the future of the project, while "in it for the money" companies would take the check and not give a damn if it was shut down the same day.
"Real" companies often seem to push releases/features (prematurely?) to attract new customers. That the new features pass review/QA doesn't necessarily mean they are implemented right (goto fail?). In addition FOSS/OSS have public bug trackers, I'd rather know there are x number of bugs labeled "security" in my os, than not beeing told at all.
Support can (should?) be where open source make money, there are lots of FOSS/OSS projects out there offering paid support/installations/sass.
And the unknown collection of open source developers _may_ be a much better collection of security specialists/coders than in the "real" company. As most of FOSS/OSS is done voluntarily you don't have to pay huge paychecks for top of the line expertise.
Bottom line, I trust Debian (& co) and Mozilla. I don't trust Microsoft, Apple and Google.
This is 100% biased as to what I think. I understand that this is a two sided issue, and fully understand people who think like you sketched out. I'm just not one of those people :P
They even have an export function to dump the passwords (unencrypted) into a plain text or CSV file, so you can easily migrate the data to a new manager if needed.
To add to this all syncing on 1Password is done using 3rd party vendors.
You can use dropbox, iCloud, Google Drive, etc to do the actual syncing of the encrypted files.
I can spend $40-80 and buy a bunch of 1Password license packages, or I can use KeePass and place the database in my Dropbox folder. Yes, 1Password has a more aesthetic interface, but otherwise it basically does the exact same thing.
Point being the sync is platform agnostic. The etcetera covers BT Sync.
Just keep a copy on a local computer with Dropbox if need be.
The sync folder is encrypted—is there some risk I'm not seeing?
For you, I would just keep a copy elsewhere (friends computer etc.) or just get an additional device (mobile or otherwise).
A brief visit to their website later and I remembered: 1Password doesn't have Linux support. It's a shame; it looks really nice and I don't mind paying for good software.
I checked the 1Password site and it seems like a bit of a bait and switch. Download links without any mention of a price or trial anywhere on the product pages until you create a vault and see a License link in the menus. Then $50+ and another $10 for the mobile app.
I'm sure it's worth it, but I'd much rather they spell out their pricing up front.
The only thing holding me back has been not having great mobile access (as far as I can tell) on Safari on iOS. Looks like iOS 8 will change that.
IMO it's not far off the equivalent of how tourist trap restaurants in Europe put out bread on the table (something provided for free in many restaurants) and then charge you if you touch any. FWIW, that's considered pretty slimy behaviour.
There's browser add-ons you can use to auto-populate your login details that work well for most login forms with mostly no or minimal configuration required. It can get a little annoying when the login form has a CAPTCHA or some other non-standard requirement, but generally all that means is a few extra clicks. When creating new account details, configurable (e.g. length, allowed characters, etc.) password generation is built in.
You can keep your encrypted data store file on a cloud service for syncing between devices, should you wish. Which brings me to the 1Password mobile apps, which allow you to take your details mobile.
Probably the greatest friction point I've encountered has been when I'm on a foreign computer that doesn't have any of my 1Password support tools installed on it. In this case I usually just pull out my phone, navigate to the login details I need and enter them manually. But I take this as a small price to pay for markedly greater peace of mind.
I really can't recommend using a password manager enough. If 1Password is not it for you, then use some other password manager. But just use one.
It's not my favorite manager by any dimension, except for portability... but portability is just killer for it.
Password managers only protect against certain kinds of attack. Many cloud services do not or can not properly encrypt their users' data, so having a strong password won't help in the event that your cloud provider's datacenter gets rooted.
And you can use stronger passwords (if the service permits), thus if they only lost the passwords datbased (assuming it's hashed) you are still safe.
Most providers don't erase disks properly. Takes too much time.
Of course there are limits to any measure of security, but 1password does a great job in helping people manage themselves.
Personally, it's helped me a lot in just keeping my various usernames/user accounts organized (I sign up for just about anything).
What I'd really like is a password manager hardware dongle of some kind, like the Bitcoin Trezor wallet.
: The rebuttal for this will be signing every request with details of it with a hardware dongle, but would you want to do this for every action in your email client? If the answer is "no", you're owned. Ultimate security is unusable, and doesn't really solve anything outside of the most astute of professional users. Just writing this post I would need 4 signatures, one to log in, one to post, one to fix a typo, and yet another to add this footnote. Would I be able to handle that? No way, I'm far too lazy for that.
: The issue is that perfect compromise is impossible to detect. I can be reasonably confident on a heavily sandboxed device like an iPhone that there's little in the way of malware that would affect me. The downside being that I have no tools or methods of analysis if I thought it was compromised. There's no such confidence on the computers I use on a daily basis. I've always thought we have confirmation bias with malicious software. We only notice the dumb stuff while the smart goes unnoticed.
For Bitcoin hardware wallets like Trezor, IIRC they either do or will support BIP-70 "Payment Protocol" payment requests that are signed with an X.509 cert, allowing you to verify the request on the dongle's screen.
I don't think signed addresses will be particularly effective. With the sort of key stores we have now, it seems pretty plausible that a bad actor to get a certificate that would pass on the Trezor device. It raises the barrier of entry a little though.
It'll basically push specialized requirements to the hardware dongle (ie deciding whether it's enough to confirm user registration/authorization with the touch of a buttom, or whether it needs to be with a 4 digit pin, or even with biometrics like voice or fingerprint or iris scan). The test device in the following presentation video only uses a button press to confirm user intent, but it could have arbitrary requirements, making the protocol usable for both trivial website logins to online banking to eventually perhaps even a replacement for defense department CACs.
Here's a good fairly in-depth video presentation of what the FIDO Alliance is working on (there are functional test devices, and a functional test branch of Chrome that works with them):
By day two of using 1Password I had 70 entries, and was blown away at how much peace of mind I had. There were seventy things I never needed to _worry_ about forgetting. It was like my brain was holding onto each of those and now I felt more able to just focus on working, it's insane how since I didn't know any better I waited years to finally try it.
Second thing I did, buy a copy for my cousin for his birthday! Hope he has a great year with more brainspace for ideas and less spent trying not to forget things :)
You didn't get screwed by a password manager, you got screwed by a bad backup policy..
Sorry to be pedantic - and I feel your pain for losing your data - but there you go..
It also _probably_ means having these online somewhere. You're relying on strong crypto (and a really good base password) to protect you here.
If there was key-logging software on your machine, you're pooched any way you slice it (since such malware can just snarf decrypted keystores out of memory anyhow). However, with LastPass you can use Google Authenticator or a Yubikey or similar to enforce second-factor logins, so that even if you have malware on your machine, there is a drastically-smaller window in which to attack you.
On the upside, you get phishing protection (LP won't fill passwords for sites that don't actually match the site that you've saved passwords against), password duplication detection and strength auditing, notifications of when your passwords may have been compromised by major breaches, secure transport of passwords to other people, and transparent synchronization across devices. It's quite good.
Personal infosec hasn't evolved quick enough to match the technology it depends on. Sure we're comfortable with 12 character, 3 month rotation passwords, but the average 'civilian'? Probably doesn't even have a passcode on their phone despite the massive personal security risk they're carrying around with them.
We need to educate and/or provide easier authentication.
(Most of mine are markedly longer.)
Though I'll admit to being a tad less aggressive on the rotation than I ought to be.
Other sites silently break if you use characters outside A-Za-z0-9. e.g. you set a password with } or @ in it, then can't log back in again.
Paypal requires that you enter a credit card number to change the password, so rotating it is tricky if you don't have the card on hand. I'm undecided if this is good or bad, since this sort of 2 factor makes it harder for someone to hijack your account.
There are a lot of ways that sites try and make life hard if you are doing things the right way and using a pw manager. It feels like there's this big conspiracy driving us to use the same "Monkey123" password everywhere.
I use a password generator. My defaults are _long_. But the nice thing is that I can pass it most constraint rules reasonably readily to create a valid password if I need to fit another use-case.
I don't use Ebay, but that sounds particularly annoying. Conversation on G+ suggests that the copy/paste defeat is to combat copy/paste exploits elsewhere, though by that point you might as well declare game over anyhow.
I'm definitely _not_ using "Monkey123" everywhere. But a lot of sites get a perfectly cromulent password ... and a mailinator.com email address (also randomly generated). I never use the same tokens twice (mostly registration-required but no real utility / long-term state storage).
I had been slowly working on a system which would store pseudo-randomly generated salts and store one for each individual domain. It would detect which site I was entering my password into, take the relevant salt and digest it against the password I had entered - sending a stupidly long, digested passwords to the sites which would allow for it. The password itself would never leave my computer. Progress was slow, though, and other projects took priority.
With Mitro, I've done a similar thing by pseudo-randomly generating 64-character base64 strings to store as the passwords for my accounts.
If you're still interested in this type of system, PasswordMaker has been around for quite a while and does essentially the same thing:
Then whenever I change that file I backup the truecypt container to Spideroak so I'm not hosed if I my stick gets lost/broken/stolen.
As someone who consistently needs my passwords on the go, a password manager is really the best way to go.
Your comment is a really lame excuse for not using a password manager and is quite a bit of FUD; there is no technical solution to a social engineering attack, so it's a clever way out as an excuse to avoid doing something difficult. You are not the first person to try it on me. You also sound like you're making the case for social engineering control of their machine, at which point what does the password manager matter? You have physical. Game over.
I have this conversation regarding self-signed certificates and MD5 hashing as well. "But they don't authenticate," or "but MD5 is insecure!" Yep, I know. Do you understand the threat vector for my usage of either? You sure?
Just use one. Seriously.
The tricks I'm thinking of involve fooling the user into thinking a site is something it's not or guessing some sort of personal information. But with a separate application the former seems unlikely and the latter is stopped if you use a scheme such as diceware (https://en.wikipedia.org/wiki/Diceware). I understand that naive, theoretical musings on security are no match for experience, so how would you break that set up?
Not that I'm into this sort of thing, but I've had a few people attempt to co-opt me into criminal activity in the past so I wouldn't be at all surprised to read about such attacks.
I have my master password written on a piece of paper that is stored in a safe location, mostly so my wife can access my information if anything ever happened to me, but it also works as a backup if I ever forget my master password for some reason.
That's not all that draconian. Data never leaves the servers, full stop. (Other than for back-up purposes and those had better be encrypted.)
I'd really be thinking hard about my cloud policies
Don't most enterprise cloud offerings dispense with things like that, because users can visit a helpdesk in person?
Really? And how do these devices inter-communicate if data never leaves from anywhere to anywhere?
Burying a laptop to the ground would make it safe enough to keep out the bad guys.
That will just drive the bad guys underground.
I would like to propose a purely thought experiment:
The hacker reported sold the nude photos of Jennifer lawrence for a mere sum of $130 using bitcoin.
If we apply game theory here, these kind of data is very difficult to monetize. If you sell one copy of the data, it is then immediately distributed online for free. Although, nude photos of celebs are arguably very valuable.
The question is: What is the ideal path for these people to maximize profits?
I think the better alternative would have been a kick starter type model where the attacker will only release photos if reaches a funding goal (let's say $50k). The attacker might release less revealing photos to build interests in the goal funding.
I often hear about decentralized kickstarter models with bitcoin (mutlsig; or ANYONE_CAN_PAY hash type). But I always thought of them as gimmicky. This is actually a use case for it.
So going beyond, celeb photo breach, this similar model should be applied to many more scenarios. ie.
1. you have a valuable asset,
2. but it loses value immediately after the first distribution
3. so you must capture all of the value at distribution
Anyone can pay: https://bitcoin.org/en/developer-guide#term-sighash-anyoneca...
You overwrite each pixel of each photo with black. You assign every photo a bitcoin address and perhaps give a name describing its content (something kinky, obviously). Each photo has a set amount the person is asking for its release. As bitcoin is sent to each photo's address, more and more pixels are revealed, as a percentage of the remaining bitcoin price.
You can go further by making the first few photos far cheaper the next (potentially more sultry) photos, creating an exponential pricing system that will likely benefit the hacker. Trust is increased as a low cost photos are revealed, demand for more revealing photos increases as trust increases.
1. The asset takes requires a significant amount of resources.
2. The asset will require all resources in order to distribute.
3. No further resources are required after distribution.
Music, books, art, and even software that does not require updates would fall into this category.
I was originally thinking of something more along the lines of Radiohead's In Rainbows, released online for a donation, but may combined with a kickstarter-like fundraising effort to pay the upfront costs.
However, how many people do you think can answer the above questions??
It's like when someone steals a huge pile of jewelery. He steals it, but he needs the mob to sell it... Otherwise he can't monetize.
No, the harder problem is knowing the "encrypted" data is something other than a directory of the sellers favorite goat-porn. A cut and choose proof could be used, but non-interactive ones require a lot of samples to have good security... and revealing a lot of sample images is something the seller doesn't want to do here.
To put that in concrete terms: Say I claim have a million nudes of Elmo which you'd like to purchase. I give you an encrypted copy of them. You pick some number at random, and I reveal the keys. You decrypt and get find all of them to be fine examples of the promised images of Elmo in all Elmo's glory. You are now convinced that it is likely that the rest of the images are similar— since your selection was uniform you can use simple combinitorics to how likely I would have been to get away with various levels of fraud. "That tickles"
To make this protocol non-interactive with a fiat-shamir transform— I hash the encrypted pictures and use the hash to select which ones I reveal. This requires many more examples to achieve security because I could have been secretly grinding one of the images until the hash picked the few passing examples I had. (There are, however, ways too boost the security by inserting an expensive process— like giving away Bitcoins— into the inner loop).
It's likely not reasonable for a collection of just a few dozen images, even with strengthening, however.
For machine decidable things— say a DRM master key— other approaches are possible (https://en.bitcoin.it/wiki/Zero_Knowledge_Contingent_Payment) but since no one is likely to turn up a program that decides nudes of one celebrity vs another, about the best you could do is a non-interactive cut and choose selective reveal over _pixels_, and use compressed sensing techniques to build low res images to decide if the rest of the pixels are worth paying for. If you're happy with that, then at least theoretically, the ZKCP approach lets you pay for the keys for the rest of the pixels with no risk of being stood up and no third parties.
Why? Because freaking iPhone asks for that when I want to download something from App Store. How do you guys handle that?
You have a physical device in your possession. Apple don't seem to have heard about two factor auth. If the only company on the planet that obsessively ties consumer hardware and software into a single cohesive product can't get their shit together the future worries me.
It should be the default (with an opt out for access from non-apple devices) for every Apple service to authenticate with the device as well as the password. Anyone who steals your Apple login but not your phone should have zero chance of accessing your data.
"this is a really dumb password" is probably actually a really good password. ;-)
And also, your "problem" is simply your decision to trade security for convenience.
You need to weigh the risks vs. reward and make the choice for yourself. If something goes wrong, at least you'll know why.
The only good passwords are ones that stay well away from dictionary words..
In fact, the Schneier method for generating passwords is probably worse than the xkcd method because a significant percentage of the people who try to use his method will choose a password with low entropy such as "wtpotusio2fampu" (We The People of he United States...) or "igmhaohcr" (I'm gonna make him an offer he can't refuse).
All I have to do is crawl the internet and calculate, say, the top 5 million n-grams. The resulting 5 million candidate passwords would be far more likely to match a typical Schneier-based password than a corresponding list of 5 million candidate passwords designed to match an xkcd-based password.
The simple rule is this: Don't let users choose a password. They suck at it.
Six words chosen from this list http://world.std.com/~reinhold/diceware.wordlist.asc truly at random gives you almost 80 bits of entropy. And six random words are easier to remember than 16 totally random letters.
EDIT seriously, 221073919720733357899776 is a really big search space. If you have a computer that can search a billion per second, it's going to take 1000 computers 1000 years to catalog just 14% of the search space.
Against an attacker who knows exactly how you chose your password, it's (roughly) the same level of security as a 14-digit numeric code, or an 8 letter case-sensitive alphanumeric code. It's just supposed to be easier to remember.
How many people use this kind of approach, I don't know. Schneier seems to focus on "three random letters" kind of attacker.
There are archives of know passwords -- millions of them. These should be rejected on any online service.
There are tools for guessing passwords. Any password which falls into any of he likely-to-be-guessed divisions should _also_ be rejected.
Dictionary words _could_ work in a sufficiently large namespace. But that's pretty iffy.
This goes for Game Center as well. You can use a different one for your mean, nasty, trash talking Gamer persona.
Apple doesn't always make this clear, and I see a lot of people confused about this, but this is an option.
Another login that can use a different Apple ID is Find My iDevice.
If you want to use this for your App Store account, go into Settings then "iTunes & App Store", and sign out of the previous account. Log in using then different (new) Apple ID.
If you want to use this for your iCloud account, go into your iDevice's Settings, then iCloud, then "Delete Account". It will delete the iCloud data on your phone, but it should still be available on iCloud servers, and any other device hooked up to that account. I haven't looked into how to transfer data from one iCloud into another.
I also have my phone set up for iOS not to ask for the password for 5 or 15 minutes (can't remember the exact option) after I entered it.
So, I never had a chance to just hold my thumb on the home button and go my way.
1. open the App store but don't click on anything
2. hit home button
3. launch keepass client
4. navigate to apple account entry
5. copy password
6. double tap home button to bring up multitasking menu
7. tap app store
8. click install
9. paste password
It feels really stupid doing it, but you can get pretty quick at it. I can't wait for my next iPhone upgrade with touchid.
If you can manage to memorize one, you can memorize two.
I use 1P on my laptop most of the time so it's not a huge deal. Everything else on the iPhone just remembers credentials.
I know I can force myself to use a great password for iCloud but my point is that most of the time, I'd go for an idiot password rather than forcing myself. Just like most people.
for example, pass2'word would only require you to hit the alt-keyboard switch once.
I once resisted signing up to Viber because it required that I upload my entire address book. However, I found out how many of my friends are already on Viber, which means the likelihood that Viber didn't already have someone's contact information was very low. It also meant Viber already had all of my contact information.
Another scenario is Facebook's tagging. Even if I don't confirm all (or any) of my friends' tags on my face, the fact that they manually tagged the face as mine likely counts a lot for FB, so that battle is already lost.
When you realize that celebrity nudes are only the tip ("just the tip") of this iceberg, the real implications start sinking in.
The groups trading in info were also targeting exes and other associates, possibly businesspeople, politicians, and others, and the information in question isn't merely skin pics but _anything_ that was on those accounts.
I really dislike this trend of "personal questions" to reset your password. The first car I owned or where I'd like to retire is easily obtained information. When are websites going to stop doing this?
I answer these questions using passwords generated from 1Password. So basically I have 4+ passwords per sites that use these questions. Very annoying.
Answer could be: Ford
Instead it is Enqc or droF or Gpse
If true, interesting that such a layered economic structure can exist without much press or public comment -- until something like this happens.
Fascinating. Makes you wonder what percent of the total activity these 100+ celebrity invasions represent.
Anyway, you summed up the take-away from the article perfectly. Since this seems to be going on for some time, I wonder how the whole ecosystem kept coordinating this well so far, that it's the first time we hear about such big (but still lousy one) defection.
 - https://news.ycombinator.com/item?id=8260233
If JenLaw's photos were worth $130 or so, that means that any photos that any of us have are associated with a market value. And it ain't that much.
As far as selling it, the price cannot be very high, because nobody has that much to gain from being the first with the pictures. It's illegal material after all, so magazines can get in trouble for buying it. Put it in a shady, for-pay site, and with it being illegal material and all, it'd be in a torrent in minutes, so how many times will you really sell it?
If it was, say, a presidential candidate doing hard drugs and cheating on his wife with a man, then maybe you could say that the opposition would be willing to pay for the pictures to be released, regardless of how they were obtained: There'd be millions at stake. A naked actress? not so much.
"Resetting your password via email? Ok, you also have to answer these security questions that you entered 'akjhdhksdfsdf' into when you made your account!"
"You've logged in from a new computer! Please try to remember what you thought your favorite band was 4 years ago. You have 3 tries remaining."
Shit people, if you want me to write this stuff down, at least tell me when I'm creating my account that you basically expect me to have 4 passwords.
We no longer support security questions as a way to access your account.
"After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone."
Hopefully the idiots who call themselves security experts will stop making me answer "what's my mother's maiden name".
If they really want to make it safe, one easy option would be to make the question arbitrary. Of course then average people will have no idea what to put it there.
Of course, don't put "What is Love?" with the trivial answer...
This is done by developers, not security experts. If security experts had their way, it would be equally bad but for the right reasons, ie client-side certificates or smart cards.
Calling them idiots is also wrong. Its a bad solution to a hard problem, but it works and scales and users have been trained to expect it.
Silly "security" questions about mothers, dogs and favorite teachers seems to be cultural to the US (and maybe Canada), why is that?
Then again, you are talking about a country where the only thing people need to steal your identity is your ... social security number. Brilliant.
To reiterate what the main bugs are that are being exploited here, roughly in order of popularity / effectiveness:
Password reset (secret questions / answers)
Password recovery (email account hacked)
Social engineering / RAT install / authentication keys
Note: Not weak passwords.
This is only half of my password; the first part is a password I can remember easily with numbers and letters, the second is the generated key.
This means that even I don't really know my password and if someone found my Yubikey then it's useless to them without the other half that only I know.
(I do have a printout in a safe place of the key and also a backup Yubikey)
I use this password for my computer as well as my 1password vault which is generally filled with randomly generated keys for each website.
Might sound a bit overkill but if you can; why not?
I like 2FA on LastPass but the UX is better on 1Password
For files like my Tiddlywiki http://tiddlywiki.com/, I like Minilock https://minilock.io/ with BTsync https://github.com/tuxpoldo/btsync-deb
i admit i'm lazy and have less secure login creds in my Tiddlywiki but at least it has some crypto https://crypto.stanford.edu/sjcl/
My biggest problem with the Apple's password policy is that I'm required to enter it periodically on an ipad or iphone - meaning I can't keep it lastpass and that complex alphanumeric passwords are even harder to enter.
Most of my website passwords are generated keys; each different - all stored within 1password, should there be an issue at any point (doubtful) I can always go through the "forgot password" features on any given website to reset it to something temporarily that I can use easily.
I also run software on my MacBook Pro so that when I pull the Yubikey it automatically engages the screensaver which in turn requires the password to disable.
Google around for the actual steps.
I only came across this because my daughter's new laptop with an HD screen made Chrome look awful and I didn't understand why since it looked good everywhere else.
What is interesting is that the perception among normal people I heard speak about this is that all of iCloud has been breached, i.e. everyone's photos are in the hands of hackers and they only released the pics of celebs.
The reality is of course likely that an attacker was able to hack one phone which among photos hosted contacts and mail addresses of other celebs and from there on they got their hand on more accounts to directly target.
Anyway, my point is that to average consumers it does not mean that they need to use stronger security or that they would understand about targeted attacks. They will believe Apple has been breached and they will think more before creating private selfies or putting health data onto their until now so trusted companions.
> 6. iCloud is the most popular target because Picture Roll backups are enabled
> by default and iPhone is a popular platform. Windows Phone backups are
> available on all devices but are disabled by default (it is frequently enabled,
> although I couldn’t find a statistic) while Android backup is provided by
> third party applications (some of which are targets).
Not really, of course. The big win (shared by Windows Phone) is simply not turning on the security-sensitive cloud service by default. That being said, it is worth noting that enabling/encouraging third-party service competition can create an extra hurdle by discouraging cloud-service monocultures.
Either way, I don't even remember if the iCloud upload was default or not. When it was introduced I took an interest to find out how to deactivate that in case it was enabled by default. Don't remember if it was. All I know is, it is disabled on my device and it'll stay that way because I really didn't want to use this.
When you sign into Google+ or Dropbox (among others), you are presented with a screen where you can enable photo uploads to those cloud accounts.
In which the mods write: "On another note: please use other hosting sites besides imgur.com. We have a large list of whitelisted domains listed here that you should be uploading to besides imgur. Do not put all of your eggs in one basket."
To head off the probable route this discussion will take, linking to Google or Reddit as a whole does not incur the same culpability as those sites do by linking directly to the material, as finding the offending link requires additional knowledge. If you linked to Reddit along with instructions like "go to <subreddit> and click the third-highest link for the week" then it would incur culpability as it's functionally identical to linking to the content directly.
Imgur revealed earlier this year that they have similar image detection built into their back end. Despite the ease with which they could use this to automatically sweep 99.9% of the Jennifer Lawrence photos off of their site the instant they're uploaded and shadowban the uploaders, and despite the fact that every one of their 12+ employees knew about this leak the instant it happened and also knew that their own site would probably be one of the two most actively used to spread the images around the world, half of the Jennifer Lawrence albums I checked there still have all images intact. One album has over 30,000 views and has existed for two days. Why haven't they activated their similar image detection algorithm in this case? At best, this is neglect bordering on malice.
The damage Imgur does by actually hosting these stolen images and dragging their feet for as long as possible when responding to DMCA takedown requests has nothing whatsoever to do with a text-only discussion thread on reddit. The author should correct this accusation and lay the blame where it belongs.
The text also repeatedly clumps reddit together with 4chan and anon-ib, with the implication being that they are all sites capable of accepting direct image uploads.
What allegation do you feel I've made?
One problem with this is VPNs. I regularly VPN (both to my house and via a service like Private Internet Access) so my location can change quit a bit.