Security experts blame password protection for Jennifer Lawrence nude photo hack
- 25 September, 2014 09:37
IT security experts have blamed password protection and not Apple's iCloud security for the recent 4chan nude photo hack.
The 4Chan scandal, which broke at the start of the month, saw intimate images of stars including actress Jennifer Lawrence and model Kate Upton posted anonymously on the 4Chan website after allegedly being hacked from online storage services such as iCloud.
Apple protests that its iCloud systems weren’t compromised, suggesting that hackers managed to gain illegal access to the images by figuring out passwords and the answers to personal security questions.
Centrify regional manager, Derek Morwood, has backed Apple's claim and said the security breach was just the latest proof that passwords were past their used by date.
“Passwords no longer provide the protection we need for an online world,” he said.
“The nub of the problem with password-based protection is that a memorable password is easier to hack.
"When we require dozens, if not hundreds, of passwords to protect our identities online, the questionable effectiveness of passwords becomes completely degraded.
He said the obvious solution was to get rid of most passwords.
"We’ve known how to do this for a long time through Identity Management systems.”
He said single sign-on technologies such as SAML, openId or oAuth enabled users to reduce greatly the number of passwords they needed.
“Done right, Identity Management really is a no-brainer,” he said.
“At the heart of Identity Management are services such as Centrify’s Identity-as-a-Service ( IDaaS) platform, which provides single sign-on for the cloud through an online authentication infrastructure.
He said it was much simpler to use than relying on multiple rotating passwords and that it was a much stronger defence for keeping your online identity secure.
“The beauty of IDaaS is its simplicity: For the organisation, it requires no additional infrastructure, no new tools and no extra servers or devices," he said.
"For the individual, it provides high levels of online protection without requiring mnemonic gymnastics.”
Earlier this month Centrify announced an enhanced partnership with Samsung Electronics, embedding Centrify’s IDaaS technology in the Samsung KNOX offering.