Security Update: How to Protect Yourself Against Personal Cloud Attacks

By Samuel Oder | | No Comments

IT Security Update: iCloud Hacking Attacks and How to Avoid Them

Family, friends, and customers have voiced their concern about the potential threat to their personal cloud accounts as a result of the latest hacks into celebrity iCloud accounts. While the latest incidents are still under investigation we do recommend three easy ways you can protect yourself from this kind of hacking. 

What Happened:

At this point it appears the celebrity hack was most likely a brute force attack. This kind of attack uses lists of commonly used passwords and words found in dictionaries or common name lists, like baby or pet name lists. 

Once a cloud password is discovered ALL cloud resources to which the account has access are vulnerable. This can happen to ANYONE and is more likely than people realize. Hackers use automated systems to scan and look for weaknesses – you don’t need to be a celebrity to be a likely target for phone or cloud hacking.

What You Can Do:

Thankfully, there are 3 EASY ways to help protect yourself from this kind of hacking.

  1. The first step is to choose a password that is NOT in any dictionary or name list. This can be a word you have made up or perhaps an odd word from a sci-fi novel.
  2. Secondly, choose several ADDITIONAL words and make a PHRASE. The phrase can be short; 12 characters or longer will work (but passwords with 16 characters or more are the best). HINT: The more unique words in the phrase the better. You can even misspell a word on purpose as long as it is not a common misspelling.
  3. Lastly, replace a few characters in the phrase with numbers and symbols and you are set. You now have a super strong password! Example: BalrogGarthmogEats2Dwarve$.

Updating and Changing Your Passwords


Phrases are VERY hard to crack when made this way and also easy to remember! You don’t need to change them often. In fact, you only need to change a passphrase when you suspect someone may have found it out.

You have probably been advised to use unique passwords for each system you use. You likely don’t because this is hard to do! Since phrases are so powerful, you might use them to help you make unique passwords which you CAN remember for each service.

Work out a SIMPLE system that lets you make a modified phrase for each system you use.

Example: Use the NEXT letter down for the first two letters in the name of service you are using and add them to the pass phrase.

Yahoo password:  BalrogGarthmogEats2Dwarve$ZB

Apple password:  BalrogGarthmogEats2Dwarve$BQ

You should make up a unique system which is easy for you to remember but contains at least a couple of words that will not be found in a dictionary or common speech. If someone learns your Yahoo password it should be configured in a way in which they are not likely to use the compromised password to figure out other passwords you use.

 

We know you are a sophisticated audience and this may not be “news” to you. But we all get busy and don’t always take the time to do what we know is best. So, if you already know these best practices, just consider this a friendly reminder to stick with them and forward the advice on to family and friends. And of course, do not use the examples in this email!

 

Special thanks to Tim O’Connor, MAX Sr. Technical Instructor, IT Security & Architecture, for the content and tips in this email.

Leave a comment

Your email address will not be published.

Loading ...