“Accessing someone’s Apple account requires only three things: their email address, their date of birth, and the answers to two out of three security questions,” Nick Evershed and Paul Farrell report for The Guardian. “This is assuming they don’t have two-step verification enabled.”
“If you have all these, you’re able to reset their Apple ID password to one that only you know and then access their iTunes and iCloud accounts,” Evershed and Farrell report. “You don’t require access to their email. Once you have access to their Apple ID, you can access recent photos and back-ups if they have these features enabled.”
“While we don’t know the exact method people used to access celebrities’ accounts, Apple did release a statement which appears to confirm that a method similar to that described above was used,” Evershed and Farrell report. “To see how difficult it is to crack someone’s account, we’re going to try and access each other’s accounts and see how far we get.”
See how far they got in the full article here.
MacDailyNews Note: Use two-step verification for Apple ID to keep your personal information as secure as possible. More info here.
Always use unique passwords, do not reuse passwords for different services, and use Apple’s Keychain Access and iCloud Keychain to create and manage them. When used properly, this system works like a dream.
if a site doesn’t allow me to make up my own security questions and asks simple standard ones like Name of High School:
I either make a fake name or put an attachment like 242424 or AXAXAX to the name. Like Glendale High becomes Glendale HighAXAXAX.
I use the same attachment for various things so I remember it but don’t tell anyone about it.
(in similar vein you can add your dog’s etc name to every question. Glendale High becomes GlendaleSnoopy High.)
Not perfect but it makes it way harder to break before too many tries creates a lock out.
to clarify:
I use this method because security questions are normally activated when you FORGET your password. So having a weird name like 73856bxwto as a security question answer defeats the purpose as I’ll probably forget that too.
I just updated my password. A series of strings is easier to remember like: Iwent2sleep.
The security questions maybe somewhat simple, like ‘what high school..’ and the first thing you think is what high school did I. But the answer you give doesn’t have to be about a high school. Come on people, think ‘outside the box’. Using the above question, give an answer like the second car you ever owned, or where you had your first accident. You don’t need a question to tell you what answers to give, you need the answers that you think will protect yourselves.
So when Apple says use 2 factor identification the general public hears something that sounds a lot like the teacher from a Charlie Brown cartoon.
And that sound is, AFAICT, a muted trombone.
Why does it have to be a real name at all? Why couldn’t it be:
Edin23804Wsdi3590eDs
Or something like that?
Right. I never use real information for those questions, and I’m not even a celebrity! Well, other than in my own mind, of course. Anyway, I just put the nonsense answers in the notes section of my password manager.
Can we keep beating this dead horse!?
There wasn’t this much coverage when Target’s servers were ACTUALLY hacked and had credit card data stolen!
That is because, to my knowledge, naked pics were not involved in the Target breach; just boring Credit Card info and such.
@Michael…
But these are CELEBRITIES…the most important people in the world ever. Haven’t you seen all the television shows and magazines devoted to tracking their every move?
Yeah, because all the droid, slamdrunk users buy that mess…
So they both proved iCloud is secure as neither one of them got in. Stop blaming Apple when Apple’s got it right and this just proved there point.
Just as easy to break in to any other service on the internet at least when you do log in and change a password an email is sent to all devices and a notification to your iPhone saying that it was done. If you get one of those messages check you account and change the password.
I like Apple’s two step verification thingamajig system. Works great for me. I think Apple is ready for some serious payment handling stuff.
Let’s see: no numbers for you, you’re a word’s man. What man are you? You’re weak, a man of temptations… Opulent fellow, so what’s your pleasure? Salty snack? No, yours is a sweetie. Always return to your dark master: the cocoa bean. Ovomaltine? Hershey? BOSCO !!!