“Wired writer Mat Honan fell victim to a brutal hack over the weekend. Through misplaced ingenuity and a smidgen of social engineering, hackers gained access to his iCloud account and wiped his iPhone, iPad, and Mac drives clean. The actual attack involved breaking into Honan’s Amazon account, and then using information found there to break into his iCloud account. Things only got worse from there,” Lex Friedman reports for Macworld.
“Amazon and Apple clearly need to institute security policy changes to better protect their users. And Honan made mistakes of his own, most notably not backing up his Mac regularly. But the hackers’ initial entry point into Honan’s digital life was through, of all things, the ‘forgot password’ functionality offered by Gmail,” Friedman reports. “When they first plunked Honan’s email address into that form, Gmail displayed a redacted version of Honan’s MobileMe account: m••••n@me.com. Honan has plenty of ‘if only’s’ on his mind, but one biggie—to quote Honan’s story for Wired, is this: If he ‘had used two-factor authentication for Gmail, everything would have stopped here.'”
How to configure Google’s two-step authentication (and who to fix everything Google’s two-step authentication breaks) in the full article here.
See also, Adrian Covert’s “9 Things You Absolutely Must Do to Keep Your Online Identity Secure” via Gizmodo here.
Related article:
Apple responds to iCloud hack: Our internal policies were not followed completely – August 7, 2012
The link to the “full article” just links back to this one:
MDN wrote: and who to fix everything… Yes, I’d sure like to know who to fix everything. Oh, right, Who’s on first
I can’t believe MDN allowed the G word: “via Gizmodo here.”
The G word has 2 step authentication … as is now pushing it via web page notifications to its users. This is a good thing … and it’s causing many people like myself to review their passwords in other prominent places and change the passwords.
G have made it easy to not have the same email password – at least for Gmail on two different client programs. My desktop and my iPhone now have separate Gmail passwords. And the tipper is I don’t even need and shouldn’t know them.
Here is my 2 step for Google…
1. Up
2. Yours
What’s it like being Google’s Bitch?
Google’s 2 step authentication works great.
If you are on Google I highly recommend enabling it.
Google’s 2 step thing isn’t two steps. For every non-google device or program, you have to create a special password. So instead of one password, you could end up with one for your mail app on your computer, one for your phone, one for your ipad, one for youtube app, etc. Pain in the butt.