And so Apple released their long-rumored watch and long-leaked iPhone 6 today.
We'll get to that next entry. I've got bigger fish to fry first.
As you may have already heard, several celebrities... including Jennifer Lawrence, Kate Upton, and Kirsten Dunst... had their personal (and often revealing) photos stolen and posted publicly without their consent or knowledge. Despite what the assholes at FOX "News" say, victim blaming is not the way to respond to this. You should be able to take whatever the hell photos you want and not have to worry about some criminal violating your privacy by stealing and posting them. And while it's nice to think that these criminals can be tracked down and made to pay for their crimes, the global reach of the internet makes this unlikely or impractical. The criminal would have to be located here in the US for US law to really be of any use. Even then, cyber crimes are persecuted so wildly that there's no guarantee a criminal will get a suitable punishment.
So what to do? Let's see...
In a press release Apple says "Hey, don't blame us" because the theft wasn't caused by a breach of their network. Instead, it was a targeted attack on specific accounts where the criminal broke in by guessing passwords (probably with the help of brute-force hacking software). At the end of the release, apple closes with this...
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.
To which I say... bullshit.
Not because it's bad advice, but because Apple itself makes taking their advice far too difficult.
My Macintosh and my iPhone and my iPad are password protected. In order to get to any information on them, you have to get past the login screen first. I use a rather strong password that's a pain in the ass to type, but protecting my information makes it worthwhile. But here's the thing... once you've unlocked your device, Apple continues to pester you for passwords all the goddamn time. And, yes, I've checked "remember my password." It doesn't do any good. I am FOREVER having to enter my password. Just this morning I opened iTunes so I could listen to some tracks by The 1975. For reasons unknown, all my iTunes Match songs stored in the cloud were inaccessible. In order to play them, Apple wants my password...
Now, I've already typed a password to unlock my machine, so having to type the password AGAIN makes no damn sense. But at least with my Mac I have a physical keyboard available. What about my iPhone? That damn thing asks for my password several times a day. Want to buy an app? Even a FREE app? Type your damn password. Then type it again. And again. And again. And again. And here's where having that strong password that Apple recommends falls apart. Who wants to type "&7pbik9jbkQos$HB" on the shitty, incomplete, tiny keyboard that's on your iPhone over and over? Anybody? No? That's what I thought.
Which is why people tend to create simple, easily-hackable passwords.
So when Apple says "It's your fault, Jennifer Lawrence, you should have had a stronger password!" I want to say "Bullshit, Apple, it's all YOUR fault for making stronger passwords too difficult to use by making people type them too many damn times!"
Apple's answer to that would probably be "You should buy a new iPhone that has Touch ID... then you don't have to type a password, you can just use your fingerprint!" Well, okay. But that's no help for the millions of people who can't afford to upgrade their phones every damn time Apple comes up with a new technology.
So, Apple, please... seriously please... stop being so clueless when it comes to security. It's one thing to offer the advice of using strong passwords... it's another thing entirely to make strong passwords practical to use. Which you absolutely do not. You need to allow the user an option to NOT require passwords once a device has been unlocked. Then, instead of forcing users to create easy-to-type/easy-to-hack passwords they have to enter constantly, you can instead get a strong, worthwhile password they only have to type once...
Today Tim Cook said that Apple excels at solving problems like this.
Time to prove it, because your current "solution" isn't working.
I love comments! However, all comments are moderated, and won't appear until approved. Are you an abusive troll with nothing to contribute? Don't bother. Selling something? Don't bother. Spam linking? Don't bother.
PLEASE NOTE: My comment-spam protection requires JavaScript... if you have it turned off or are using a mobile device without JavaScript, commenting won't work. Sorry.
A-freakin’-men! What’s the point in me having a 32 character passphrase that will keep my stuff secure, if I have to enter it a billion times a day. And it’s not just Apple. All security-related companies need to pay attention to that.
Trying hard not to be victim blaming, I’d still strongly recommend to keep things that you really want to keep private under all circumstances away from the Internet and The Cloud. Juicy pictures are much, much safer on a physical storage card.
I agree. Apple needs to step this up a lot, especially after their announcement for Apple Pay yesterday. Talk about needing better security. And even though they use measures to mask your credit card digits, there still needs to be some confidence built in users before they go scanning all of their financial data into their phone.
And regardless of suggestions to keep sensitive photos out of the cloud, it’s not the logical solution to an overall problem.
You nailed it. Having a stronger password is great advice when you have a password manager like lastpass or 1password helping you out. But having to type a stronger password 9 times on your phone is completely unreasonable – and no wonder people choose easy to type passwords.