>

Freddy Krueger wants your iCloud password

The Mat Honan Wired story about his entire digital life being destroyed by hackers scared a lot of people.  It's frightening to think that our favorite technology companies collectively may have all the pieces of the puzzle needed to access your email, your photos and your finances.  

But there is something much darker and much more terrifying that Mat and Wired never addressed.

Transient

Imagine your worst nightmare watching you, able to find you anywhere, and you don't even know they're watching.   With access to your iCloud password, they get access to more than just your data.  They would know where you live and when you are not home.  Freddy Krueger doesn't need to sneak into your dreams.  He just needs your iCloud password.

Hopefully I've scared you off this page onto your relevant password reset pages, where you're busy hardening your passwords.  The good news is there's a lot you can do to inform yourself, protect yourself and your family.  Read up on security for yourself, make a decision to become an expert on it.   In the meantime, here are a few starter resources on security:

  • Wired published a good security basics primer, essentially called how not to end up like Mat.
  • David Sparks published an excellent blog post Good Luck Social Engineering My Security Question Answers
  • If someone claiming to be from AppleCare support asks you to log in using your password, then change it to the password they give you, stop.  Yes, that is their current security policy following the Wired magazine article.  But that doesn't mean you should trust the caller.  Get their contact information, all of it, then call them.  No one should ever ask you to change your own password for them.  That's not good IT, period.  It's up to you to authenticate the person you're talking with.  Be careful.
  • The same security issue applies to any "Find Me" technology, not just iCloud's find your iPhone or Mac.

Happy Halloween everyone.  Be safe out there tonight.