Saturdays with Stephen: Horrific iCloud Password Hack

This is a discussion thread for the "Saturdays with Stephen: Horrific iCloud Password Hack" story posted on the front page.

I have one cryptically secure password I use for dropbox. In dropbox I have an innocuously named password file (Weight Loss Goals.txt for example) where ALL my passwords, pins, etc are stored. I use http://strongpasswordgenerator.com/ to create secure passwords and rotate them every three months or so. Just a thought/ suggestion for those out there as paranoid as myself.

Hmm wow, having everything controlled remotely is really a problem

Really paranoid people would change it weekly and not store them in a text file (or anywhere else, really). You're better off with a one year old password you can remember than a three month old password you have to look up, in my opinion.

Especially when you store it on Dropbox. Once hackers got access to your Dropbox account they'll find that password file and you're screwed.

Oh and on the other hand I'd say there we have the problem with being able to remotely wipe anything. Sure it's good when you lost your product but it can be quite dangerous as shown here.

That is actually quite unsafe! If you are as paranoid as me, you would rotate all your passwords at least monthly! I can give you a small tip: DON'T save them in a .txt file that any swab can grab if they access your dropbox (say you forget to log out, or you got a keylogger virus on your comp. what you should do is encrypt them, I personally use a software called "TrueCrypt" it offers free military grade encryption, even the FBI had trouble hacking into it!

Oh and on the other hand I'd say there we have the problem with being able to remotely wipe anything. Sure it's good when you lost your product but it can be quite dangerous as shown here.[/quote]

Yeah, I don't need remote wipe as an option as my iPod Touch, Mobile Phone and SIM Card all have different PIN's so a hacker couldn't get into any way, after 10 attempts I have them set to wipe themselfs which for me is better than having it remote wiped via a computer.

As for me I have a laptop that doesn't have a remote wipe option (as far as I know) but you'd have to be pretty stupid to loose a laptop any way.

I am seeing alot of "cloud based network" hacks this week, it's only going to get worse as people have more personal information in the cloud than on any e-mail account these days; maybe it is better to have backups on a USB/Mountable HDD instead...but that is alot of effort lol.

Apple should have realised what might happen if an unknown is to gain access to somebodies iCloud account. As shown here, it is worse than thought of originally. With all your devices connected, and your E-Mails, and everything, it feels safe in the hands of iCloud. If your iPhone gets stolen, you can have it back, if you need to get E-Mails online, you can do so. It is ironic in a sense, that iCloud was created to make sure your devices are safe, but this shows what can happen when this kind of a safeguard is used against you.

This is why I stay away from Cloud services.

Apple should use phone pin verification like google and hotmail/msn does for any important changes made to the account. You can always get access to your emails with the pin verification sent to your iphone...unless they have your phone as well...then you might be totally f***ed up. But then you can always call (use another phone of course) you mobile company to freeze your sim in any case its lost.

This is a good wake up call to crApple... and to the rest of us... ;]