I write for Bristol 24/7 (again)
On Thursday last week, Bristol 247 published the item below penned by your ‘umble scribe in the wake of the Jennifer Lawrence nude pictures scandal under the title “Staying safe online: How not to become the next Jennifer Lawrence“.
In recent days actress Jennifer Lawrence, best known for her role in 2012’s The Hunger Games, and other celebrities had their private pictures leaked online when their Apple iCloud account passwords were hacked and their intimate snaps snaffled.
However, it is unlikely that any blame can be attached to Apple for the security break. It’s far more likely to be the users’ lack of care in setting up their user names and passwords as the images were stolen by an unknown person using specialist software.
As regards passwords, hackers have 2 main methods for harvesting them – the dictionary attack and the brute force attack.
A dictionary attack is a technique for defeating an authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary. Dictionary attacks succeed because many people tend to choose simple passwords which are short (7 characters or fewer), such as single words found in dictionaries or simple, easily predicted variations on words, such as appending a digit. However, dictionary attacks are easy to defeat. Adding a single random character in the middle can make dictionary attacks untenable.
A brute force attack consists of systematically checking all possible keys or passwords until the correct one is found. Due to the number of possible combinations of letters, numbers, and symbols, a brute force attack can take a long time to complete.
Both dictionary and brute force attacks can be automated, speeding up the process considerably. For instance, it can take under a minute to crack a password with a dictionary attack if the password is weak and insecure.
If you don’t want to end up in the same embarrassing predicament as Jennifer and her fellow victims, there are a few simple steps you can take.
Cloud computing may be all the rage at present, but the simplest security measure you could take to safeguard your data would be not to use the cloud at all. In my professional work as a linguist, all my jobs involve confidential or private information, so I wouldn’t use cloud storage for the simple reason of that information being subject to the security – or lack of it – implemented by a third party.
However, if you do use cloud storage, then don’t use it to store sensitive and/or privileged information, such as pictures displaying your rude bits or any other confidential stuff you wouldn’t want anyone else to see or access.
There are a few more simple steps mainly involving passwords that you can take to improve your security:
- Don’t use a simple password! According to password management company SplashData, the top three passwords of 2013 were “123456”, “password” and “12345678”;
- Use a strong password. This is a password that’s alphanumeric, comprising both letters and numbers;
- For additional security, use punctuation in your passwords too. Including punctuation in a mixed case alphanumeric password generally creates a more secure password, which would be exponentially harder to discover using either a dictionary or brute force password discovery method;
- Use a long password. Most password crackers have no problem working out passwords up to 15 characters in length;
- Don’t use the same password for all logins. I know this can be tedious and inconvenient, but it is worth it! If you have difficulty remembering passwords, note the details of your various accounts and the related passwords in a spreadsheet, but do remember to use yet another password to safeguard the spreadsheet itself! Alternatively, use password management software (such as KeePass) instead of a spreadsheet;
- As with passwords, try using a non-obvious user name for logins.
Devising secure passwords is not something everyone can do, but there’s help available here too. Symantec provides a Secure Password Generator, which will generate passwords between 8 and 64 characters in length and allows the use of lower and upper case characters, numbers and punctuation.