Web Security for the Wary

We’ve all watched the Matt Honan story unravel with dread and fascination. Some smart hackers convinced Apple to reset his iCloud mail password and then used access to his email to wreak havoc on his life.

I suspect this won’t be the last horror story to spawn out of these wild-west days of the cloud. I’m not going to tell you to abandon the Internet but I do think this is a reminder to be careful. The thing that galls us all is that it doesn’t appear Matt did anything wrong. Hopefully Apple tunes up its policies and doesn’t let people play this game in the future.

In the meantime, Lex Friedman wrote an excellent piece about Google and two-factor authentication at Macworld. I’d also recommend looking into Verisign Identity Protection. This free service includes an iPhone app that provides a separate ID code (on a 60 second timer) for logins to sensitive websites. I use it, for instance, on Paypal. To get into my Paypal account, you’ll need my account name, password, AND my unlocked iPhone.

Be careful out there.