Sign in / up

back to article Apple promises iCloud security alerts, better 2FA after, er, NAKED Internet of Thingies flap

Apple plans to roll out new iCloud security alerts as well as extending its two-step authentication technology in the wake of this week's privacy flap over nude selfies of Jennifer Lawrence, Kate Upton and other celebs. Private pictures of disrobed (female) celebrities including Oscar winner Lawrence and swimwear model Upton …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Mothers maiden name ?

    Does *anyone* actually use the truth here ?

    I had a brief wtf moment recently, talking to our Head of HR. I casually mentioned that the answer to most security questions is my car reg number, so good luck with anyone trying to use my mums maiden name in a hack.

    She honestly thought that there must be a database of peoples mums maiden names, and that you had to put the correct answer, or it wouldn't work.

    Head of HR. Not quite a director, but probably will be one.

    3 0 Reply
    1. Mtech25
      Reply Icon
      Joke

      Re: Mothers maiden name ?

      What don't you know about the big database of Mums Maiden names and School people have attend, what do you think all this big data stuff is about.

      0 0 Reply
    2. Dave Pickles
      Reply Icon

      Re: Mothers maiden name ?

      "She honestly thought that there must be a database of peoples mums maiden names..."

      The problem in the UK is that there IS such a list, and it can be searched from sites such as ancestry.com, given your full name and approximate date of birth.

      2 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Mothers maiden name ?

        Yes, even for non-celebs, if you know the person and have a little internet savvy, there's a decent chance you can figure out their mother's maiden name, where they graduated high school, the street they grew up on etc. If you really want to get into their stuff buy them a few drinks and turn the discussion towards childhood pets and what not and you can find out the rest of the answers if you're determined.

        I suspect most people answer those questions honestly. Not because their a dimwit HR person who thinks the answers are being checked, but because they don't really understand the consequences and how "security questions" make everyone less secure by providing a much easier to guess "password".

        0 0 Reply
    3. Old Handle
      Reply Icon

      Re: Mothers maiden name ?

      Not to mention many women don't change their names when they marry anymore. Or heaven forbid, your mother might never have married at all.

      0 0 Reply
    4. chivo243 Silver badge
      Reply Icon

      Re: Mothers maiden name ?

      Most people probably do, as they probably can't remember the lie they told in the first place.... That's the problem with lying... hard to remember which lie you used where, kind of like passwords eh?

      I think a better system of authentication is needed.

      1 0 Reply
  2. It'sa Mea... Mario

    'Apple bashing, a favoured sport amongst infosec geeks'

    And The Register, Fandroids, Commentards, etc..

    0 3 Reply
    1. Velv
      Reply Icon
      Trollface

      Re: 'Apple bashing, a favoured sport amongst infosec geeks'

      No smoke without fire ...

      4 0 Reply
  3. dotdavid

    "Apple will alert users via email and push notifications when someone tries to ... restore iCloud data to a new device"

    Probably better than nothing, but won't this just mean that the fanbois get alerted that their private data is now in someone else's hands but not actually prevent the data actually falling into someone else's hands?

    1 0 Reply
  4. simmondp

    Quick soluution

    Just use the Google authenticator app......

    0 0 Reply
    1. Peter 26
      Reply Icon

      Re: Quick soluution

      You can't restore your device if the authenticator app was on the device... Which is why they didn't require a 2nd level authentication for backups... This was their flawed thought process.

      The solution posted in this very article says to use email as the 2nd level authentication for backups which should be accessible even if your device isn't.

      0 0 Reply
  5. Dan 55 Silver badge
    Facepalm

    Moar security!

    Slap it on there, cover up the cracks... We're not hastily bodging this together or anything...

    If the iPhone 6 fingerprint authenticator connected to an Apple ID with yoghurt pots and elastic bands is going to be used to manage card payments, I look forward to the headlines a year or two from now.

    1 0 Reply
  6. Fungus Bob
    Trollface

    NAKED Internet of Thingies flap

    Surely more like "NAKED Thingies of the Internet" fapfapfapfapfapfap

    1 0 Reply
  7. NotWorkAdmin

    I must be holding it wrong

    I haven't got any naked pictures of myself stored in the cloud. Must be something wrong with me.

    1 0 Reply
  8. Destroy All Monsters Silver badge
    Trollface

    "Jennifer Lawrence, Kate Upton and other celebs."

    I still haven't heard who those lesser celebrities behind the Goddess of Hunger Games and KUP are, so I suppose they must be busy committing seppukku in shame.

    0 0 Reply
  9. Jin

    Two caveats

    (1) The two-factor authentication could be reliable only when it comes with a reliable password.

    2 is larger than 1 on paper, but two weak boys in the real world may well be far weaker than a toughened guy. Physical tokens and phones are easily lost, stolen and abused. Then the password would be the last resort. It should be strongly emphasized that a truly reliable 2-factor solution requires the use of the most reliable password.

    (2) Biometrics, whether static or behavioral or electromagnetic, cannot be claimed to be an alternative to passwords UNTIL it stops relying on a password for self-rescue against the false rejection altogether while retaining the near-zero false acceptance in the real outdoor environment. A dog which depends on a man cannot be an alternative to the man.

    I wonder how many people are aware that biometrics operated with a password in the OR/disjunction way (as in the case of iPhone) offers a lower security than when only the password is used. Biometrics industries should let this fact be known to the public lest consumers should be misguided,

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like