With the recent spate of high-profile hacks, and yet another report of nude celebrity photographs being leaked online, it’s worth posing the question, “Are celebrities any worse at choosing their passwords, or are we all as bad as each other?”
As more and more pictures are released online, the question “How has this happened?” is a growing concern. While the exact method used remains unknown, it has been suggested that brute force methods were used alongside more targeted phishing attacks in order to steal personal photographs from celebrity accounts.
A “brute force” attack relies on malicious, automated software to repeatedly guess large numbers of passwords in an attempt to discover the correct one. Now, passwords are not a new concept, and using word and character sequences for authentication purposes is common practice. We all have passwords that we use on a daily basis, with numerous accounts and information to memorize. Chances are, the more passwords you have (and most users have many), the more you’re likely to forget them, use the same one over and over again, or resort to writing them down, which in turn will increase the chance of a potential security breach.
When it comes to physical security, there is no question that high profile figures and celebrities will trump the everyday Tom, Dick and Harry having bodyguards, home intrusion prevention systems, armoured cars and so on. But just like us, choosing passwords for personal accounts is no doubt just a standard process they follow. Hopefully, the password must contain “x” amount of digits, must contain at least one number, one special character, etc. We have all been there and tried to follow the step-by-step instructions to ensure our personal information remains personal.
However, for a hacker, it can take just minutes to run though tens of thousands of possible combinations, and if they can hack one account, the chances are they will access others, particularly if the same password is used across more than one site. I am sure like the rest of us, celebrities have so many passwords to remember that at some point or another they will write them down or reuse the same one. So how do you ensure you remain secure and keep track of them? How do you make sure that the password isn’t just strong enough; but that it’s unique?
If you are a public figure, it is of course important that your password and security questions don’t relate to something that is likely to be common knowledge. As someone in the public eye, information such as pet names, schools, etc., can no doubt be researched and will have been made public at some point in time, so using them as a password will be even less secure than you or I doing so.
Many systems now have two-factor authentication, meaning that before you can access an account, you must login with a password and provide a unique code, and there is often a limit to the number of failed login attempts before the process is halted and you are prompted with security questions. Apple had not implemented these processes, and thus the doors were wide open to hackers.
Without question we need a better way of being able to convey our identity to a server. Single Sign-On (SSO) permits a user to enter one name and password in order to access multiple applications. The process eliminates the need for ongoing prompts for passwords and login credentials every time you want to access an application/resource. It will authenticate the user for all the applications they have been given rights to access.
SSO simplifies the end user experience and enhances IT security and control. Users only have to remember one username and password to access all of their applications whether in the cloud, on-premises, or via mobile devices.
The real question is not about whether or not celebrities are worse at choosing their passwords, but more about the password processes they have in place. We can all fall foul of hackers by using weak and unoriginal passwords, but for businesses, having Identity Management processes, password policies and extra security such as multi-factor authentication in place, are vital parts of the defence for keeping identities secure.