Blogography Logo
spacer

  Home  

Security!

Posted on Tuesday, September 9th, 2014

Dave!And so Apple released their long-rumored watch and long-leaked iPhone 6 today.

We'll get to that next entry. I've got bigger fish to fry first.

As you may have already heard, several celebrities... including Jennifer Lawrence, Kate Upton, and Kirsten Dunst... had their personal (and often revealing) photos stolen and posted publicly without their consent or knowledge. Despite what the assholes at FOX "News" say, victim blaming is not the way to respond to this. You should be able to take whatever the hell photos you want and not have to worry about some criminal violating your privacy by stealing and posting them. And while it's nice to think that these criminals can be tracked down and made to pay for their crimes, the global reach of the internet makes this unlikely or impractical. The criminal would have to be located here in the US for US law to really be of any use. Even then, cyber crimes are persecuted so wildly that there's no guarantee a criminal will get a suitable punishment.

So what to do? Let's see...

In a press release Apple says "Hey, don't blame us" because the theft wasn't caused by a breach of their network. Instead, it was a targeted attack on specific accounts where the criminal broke in by guessing passwords (probably with the help of brute-force hacking software). At the end of the release, apple closes with this...

To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.

To which I say... bullshit.

Not because it's bad advice, but because Apple itself makes taking their advice far too difficult.

My Macintosh and my iPhone and my iPad are password protected. In order to get to any information on them, you have to get past the login screen first. I use a rather strong password that's a pain in the ass to type, but protecting my information makes it worthwhile. But here's the thing... once you've unlocked your device, Apple continues to pester you for passwords all the goddamn time. And, yes, I've checked "remember my password." It doesn't do any good. I am FOREVER having to enter my password. Just this morning I opened iTunes so I could listen to some tracks by The 1975. For reasons unknown, all my iTunes Match songs stored in the cloud were inaccessible. In order to play them, Apple wants my password...

iTunes Match NOT AVAILABLE!

ENTER YOUR FUCKING PASSWORD!

Now, I've already typed a password to unlock my machine, so having to type the password AGAIN makes no damn sense. But at least with my Mac I have a physical keyboard available. What about my iPhone? That damn thing asks for my password several times a day. Want to buy an app? Even a FREE app? Type your damn password. Then type it again. And again. And again. And again. And here's where having that strong password that Apple recommends falls apart. Who wants to type "&7pbik9jbkQos$HB" on the shitty, incomplete, tiny keyboard that's on your iPhone over and over? Anybody? No? That's what I thought.

Which is why people tend to create simple, easily-hackable passwords.

So when Apple says "It's your fault, Jennifer Lawrence, you should have had a stronger password!" I want to say "Bullshit, Apple, it's all YOUR fault for making stronger passwords too difficult to use by making people type them too many damn times!"

Apple's answer to that would probably be "You should buy a new iPhone that has Touch ID... then you don't have to type a password, you can just use your fingerprint!" Well, okay. But that's no help for the millions of people who can't afford to upgrade their phones every damn time Apple comes up with a new technology.

So, Apple, please... seriously please... stop being so clueless when it comes to security. It's one thing to offer the advice of using strong passwords... it's another thing entirely to make strong passwords practical to use. Which you absolutely do not. You need to allow the user an option to NOT require passwords once a device has been unlocked. Then, instead of forcing users to create easy-to-type/easy-to-hack passwords they have to enter constantly, you can instead get a strong, worthwhile password they only have to type once...

ENTER YOUR FUCKING PASSWORD!

Today Tim Cook said that Apple excels at solving problems like this.

Time to prove it, because your current "solution" isn't working.

Tags: , ,
Categories: Apple Stuff 2014Click To It: Permalink
   

Comments

  1. A-freakin’-men! What’s the point in me having a 32 character passphrase that will keep my stuff secure, if I have to enter it a billion times a day. And it’s not just Apple. All security-related companies need to pay attention to that.

  2. Marc says:

    Trying hard not to be victim blaming, I’d still strongly recommend to keep things that you really want to keep private under all circumstances away from the Internet and The Cloud. Juicy pictures are much, much safer on a physical storage card.

  3. martymankins says:

    I agree. Apple needs to step this up a lot, especially after their announcement for Apple Pay yesterday. Talk about needing better security. And even though they use measures to mask your credit card digits, there still needs to be some confidence built in users before they go scanning all of their financial data into their phone.

    And regardless of suggestions to keep sensitive photos out of the cloud, it’s not the logical solution to an overall problem.

  4. You nailed it. Having a stronger password is great advice when you have a password manager like lastpass or 1password helping you out. But having to type a stronger password 9 times on your phone is completely unreasonable – and no wonder people choose easy to type passwords.

Add a Comment

Blankatar!

   
I love comments! However, all comments are moderated, and won't appear until approved. Are you an abusive troll with nothing to contribute? Don't bother. Selling something? Don't bother. Spam linking? Don't bother.
PLEASE NOTE: My comment-spam protection requires JavaScript... if you have it turned off or are using a mobile device without JavaScript, commenting won't work. Sorry.




   


   


   
   
   
Your personal information is optional. Email addresses are never shown, and are only used by me if a public reply would be too personal or inappropriate here. The URL link to your web site or blog will be provided, so only fill this in if you want people to visit!



   

  Home  

spacer
Welcome:
Blogography is a place to learn and grow by exposing yourself to the mind of David Simmer II, a brilliant commentator on world events and popular culture (or so he claims).
Dave FAQ:
Frequently Asked Questions
Dave Flickr Gallery:
Dave Contact:
dave@blogography.com
Blogography Webfeeds:
Entries Feed
Comments Feed
Dave Social:
Blogography Tumblr
Blogography Instagram
Blogography on Pinterest
translate me
lost & found
Search Blogography:
thrice fiction
Thrice Fiction Magazine - March, 2011 - THE END
I'm co-founder of Thrice Fiction magazine. Come check us out!
free iphone app
Ask Dave iPhone App
Put Dave in your pocket with this FREE app for iPhone and iPod Touch. All life's answers await you with the Ask Dave app!
hard rock moment
Visit DaveCafe for my Hard Rock Cafe travel journal!
travel picto-gram
Visit my travel map to see where I have been in this world!
badgemania
Blogography Badge
Atom Syndicate Badge
Comments Syndicate Badge
Apple Safari Badge
Pirate's Booty Badge
Macintosh Badge
license
All content copyright ©2003-2017
by David Simmer II
   
Creative Commons License
This weblog is licensed under
a Creative Commons License.
ssl security
Comodo SSL