Caleb Cushing's blog

Celebrity nude scandal, on security, an analogy

Though I won’t say they aren’t victims of a crime… What the victims did is fundamentally the equivalent of using skeleton keys in the modern day. What apple did or rather didn’t do, is prevent that. Apple could have used a tool like cracklib, and said at the time of password creation, this is too short, this is not random enough, we are refusing to allow you to put this skeleton key lock on your front door. So while I think that the perp should be prosecuted to the full extend of the law, it should be like a Breaking & Entering where the door was left unlocked. Apple should be sued for not requiring secure passwords. Imagine if your lock company installed them wrong, and because of that you got broken into, they didn’t do their job correctly. Would people just stand for that? No, I don’t think so. Somehow physical locks are seen as easier to understand, and all this computer mumbo jumbo is hard, event though I suspect most people can’t tell you why a deadbolt is a better lock. People should realize Skeleton keys are no longer secure, even if they look cool, and are easy to use, it’s better to use a password manager (lastpass is what I use) with a randomly generated password for all other sites (I’d say 16 characters, though I think 12 is the current suggested). Fundamentally this setup is a deadbolt with a different key required for each door, but one keychain. You can also do multifactor, which is like a key with a chip in it that will refuse to start your car if it’s the wrong chip, so making a physical copy of the key (password) isn’t enough.


comments powered by Disqus