If they're storing passwords correctly, how would they know that?
They wouldn’t have to know the exact deets to know that a password was only 5 characters (grandfathered in from old rules), all alpha, no caps, etc. they have systems know set up to check for required elements and for a while were ‘strongly encouraging’ folks to create better passwords. Around the time of this event they started analyzing passwords and forcing folks to switch them to stronger ones.
[doublepost=1551540565][/doublepost]
Why is it that some of you on this site have such a hard time admitting that this was indeed a hack?
[doublepost=1551539377][/doublepost]The definition of a hack is to use a computer to gain unauthorized access to data in a system. HACK!
While you are correct that that is the general definition, over time the term ‘hack’ has been more precisely defined via movies, tv shows and the media to mean access via digital means. In other words, looking for and utilizing weak spots in coding, creating viruses etc. and it’s that more specific definition that is so ingrained in most folks that it’s now the only definition they recognize. And this whole ‘celebgate’ or ‘fapgate’ as many reddit users called it, was not a ‘hack’ under that definition but access via social engineering.
To me, who gets the definition you are using, would say the issue isn’t the word ‘hack’ but rather the media incorrectly defining who or what was hacked. It wasn’t Apple, iCloud, Google Drive that were hacked, it was users of these services. Because the access was via using the social engineering technique of phishing get users to give up their log ins. The fake emails were the computer (because it’s a digital form of communication) and the users brains were the system accessed for the data of their logins. Which then allowed for access to the various accounts.
[doublepost=1551541179][/doublepost]
Glad he is going to prison. I am also glad that Apple initiated 2FA to help people be more secure with their account.
Except that Apple doesn’t require it across the board unless you are using certain features like Apple Pay Cash etc. there are tons of folks that still don’t have 2FA set up just like they don’t have passcodes on their devices. And they are often just the kind of users that would fall for phishing emails.
I also wonder what effect mandatory 2FA would have on Apple handing over iCloud account data to law enforcement would be. If that system could be set up to encrypt user data in iCloud regardless of backup or syncing modes. After all when you have 2FA your device passcode appears to be linked particular data like your iCloud Keychain. If you don’t put in the right passcode you have to reset that data. Imagine that being across the board. Even if it’s just an option you can turn on. Perhaps even set individual passcodes that don’t have to be the same as any device code.