For Celebs, iCloud was Hacked. You? Chances are you just use stupid passwords.

Have you joined my incredibly non-annoying, once-in-a-while email newsletter?


3pm Monday Update: It occurs to me I should mention that I don’t in any way condone these images being posted, nor do I condone the photos being passed around online like they are. 

1:07pm Monday UPDATE: I’ve updated the headline to focus on the fact that “being hacked” and “using “puppy” as your password” aren’t the same thing. While in this case there was a definite iCloud vulnerability that was exploited, in the end, we all need to be smarter – Including turning off auto-cloud-backup when we take photos like this.

Jennifer Lawrence. Kirsten Dunst. Kate Upton… What do they all have in common? As of Sunday afternoon, nude photos of all of them and many other celebs were posted online in an event being termed “The Fappening.” While a play on words, the implications of what happened (and is continuing to happen) aren’t.

Let’s take it down to the level of us mere mortals – i.e., when our Twitter stream gets taken over, or when our emails stop coming from us and start coming from someone in Nigeria – Again: This isn’t “hacking.”

Hacking technically means “using a computer to gain unauthorized access to another computer or a system.” I.e., “they hacked into Target and stole credit card info.” While there are rumors floating around that a computer geek used a vulnerability on iCloud to steal the photos, I find that hard to believe, since several of the celebs use Android phones. So let’s assume it was bad passwords:

What happens when someone takes over your Twitter account, or yes, even publishes nude photos of Jennifer Lawrence is not hacking. It’s simply figuring out an insecure password, and an on-ramp to use that password.

In this case, the photos were taken off of backup servers – For those iPhone users out there – Did you know that every photo you take is most likely backed up to iCloud automatically? So to get them from you, all I need to know is your apple ID (usually your email,) and your password. And because we like to keep our passwords easy to remember, that means they’re also easy to guess. Android does the same thing with Google Drive.

So… If you’re a celebrity, or if you simply want to downplay the chance of your photos being ripped from your phone and shared with the world, for starters, turn off the default cloud sharing option on your phone. Make your phone more of a hard drive and less of a server, and you’ve fixed a lot of the problem. Here’s how to fix the rest of the problem:

In the effort of ease of use, passwords have become almost pointless. If I know what questions to ask, figuring out the average person’s password shouldn’t take more than five minutes.

So – here’s a quick primer on how to not be the average person – How to make it a lot easier to keep private what you want private.

1) Stop thinking about passwords as “words.” The name “Password” is a misnomer – It shouldn’t be a word. Words are easy to guess. Sentences, with spaces, punctuation, numbers, and upper and lowercase letters are not. “Fluffy” might be an easy password to remember, since it’s your dog’s name, but don’t you think that’s the first thing I’ll try? However, “Fluffy is my dog, I got her 6 years ago and she’s SO CUTE!” is much harder, if not impossible to break. See? Letters, numbers, spaces, punctuation, and upper and lower case. Focus on the word “Passphrase,” not “password.”

2) Almost every site that matters uses two-step authentication. If you’re not using it, get off the Internet. Go to settings, security, and turn on “two step authentication.” This has the service you’re using (dropbox, Gmail, Twitter, Facebook, etc.) send a code to your mobile phone that you then have to enter as a secondary authentication step before you can get into your files or email. If someone’s picked your email password, chances are slim that they also stole your mobile phone.

3 If you do have some of those sexy photos on your phone, at LEAST shut off the auto-backup function. Anything connected as a cloud service is probably backing up your photos – Dropbox, Google Drive, iCloud, even Verizon’s crappy cloud service. So if you have some stuff on your phone you don’t want your mom to see, make sure you’re not backing them up.

4) Finally, consider using a service like LastPass. For $9 a year, LastPass will have you remember one really hard passphrase, and that’s it – Every other password, from Facebook to email to banking, will be, at minimum, 25 characters, have letters, numbers and weird symbols, and you’ll never have to remember them. You just remember one really hard passphrase – (But again – Something that makes perfect sense to you – like Fluffy’s passphrase above,) and the rest is done for you. Even more? I use LastPass in combination with YubiKey – A device I keep with me – If my laptop is stolen, no one can use LastPass without the YubiKey. Total cost? One time, $50, then $9 a year for LastPass. (I have no relationship to LastPass or YubiKey other than using them and liking them.)

So – Let’s be a little smarter – As our phones become more and more an extension of our brain, we’re obviously not going to stop putting sensitive material on them, so at the very least, let’s make it tougher for the wrong people to get access to it.

Leave a Reply