Nude photo leak shows that passwords are passé

Passwords are no longer sufficient security protection for today’s online world and need to be replaced with a more effective method, according to Centrify.

In a blog post, Centrify Regional Manager of ANZ and India Derek Morwood said recent incidents including the iCloud celebrity nude photo leak show that passwords are a flawed security method.

Dozens of private nude photos of various celebrities were uploaded to sites like Reddit and 4chan in August.

“Apple protests that its iCloud systems weren’t compromised, suggesting that hackers managed to gain illegal access by figuring out passwords and the answers to personal security questions. That sounds like a compromise to me,” Morwood said.

This would mesh with the scenario described by Felix Dixit, a political science student who wrote a thesis on 4chan, which stipulates that there was never one hacker or one leak. The images instead came from a private group of hackers who have been using the deep web to trade illicitly obtained celebrity nude photos and videos for years, Dixit said, citing a 4chan post.

Morwood said there is a critical problem with basing protection on passwords. “Using a password that is readily memorable means it is also more easily hackable. When we require dozens, if not hundreds, of passwords to protect our identities online, the questionable effectiveness of passwords becomes completely degraded,” he said.

The “obvious solution” is to get rid of most passwords and adopt an identity management system based on single sign-on, Morwood said. A cheaper but less flexible alternative is to make use of password managers.

Image courtesy of Ron Bennetts under CC