Posted on 05/27/2014 10:42:08 AM PDT by Swordmaker
They left off the simplest common sense which is don't use gimmicky crap like:
using the Apple "Find My Device" ability to lock iPhones, iPads, and Mac computers
Live by the sword, die by the sword. If you simply keep track of your physical device, back it up, keep important stuff on a separate stick, then theft will be rare and meaningless other than having to buy a new box and restored from backup.
Furthermore it is not the user's responsbility to use different passwords, but EBay's responsibility to properly salt and hash passwords so there is zero chance of them being stolem when attackers get into their systems. If my services are designed properly I can use the same short password everywhere with no reduction in security whatsoever. The problem is that many sites are poorly designed and I try to stay away from those.
"Find My Device" is not a "gimmicky crap" and in fact is being poorly copied by both Android and Microsoft, and is soon going to be required on all portable devices in some form. It is a very safe, mature technology that permits owners to brick a stolen device and prohibits the thief from using or even resetting it without the pass code, thereby making the device economically worthless to the thief. Police departments around the country have been applauding it.
You think that keeping important data on a stick is secure? That's hilarious. Ask at any moderate sized business's lost and found department how many flash drives they have in inventory? I've got over a dozen in my small office.
One of the reasons Android devices are not acceptable to the Enterprise are their removable memory cards. . . too easy to remove, copy, and replace with no one being the wiser. . . or just steal. . . or just lose! I've got a half dozen of those that were left lying on counters, side tables in waiting rooms, etc., with no way of identifying the owners except by spending time I don't have going through the unencrypted (!) files on them and seeing if there's anything identifiable among gigabytes of data.
If you think that EVERY site in the world that requires passwords has the duty to maintain your SINGLE ONESIZE FITS ALL PASSWORD completely secure from all hackers, you are totally naive, Palmer. Some crooks open legitimate sites purely for the PURPOSE of collecting passwords!
It's YOUR responsibility to keep YOUR security safe. No one else's.
Sounds like you are not very organized. I have exactly one work backup flash drive, one spinning backup at home and one stick with important data. I've got many other sticks of course but all are loseable with no loss to me or gain to anyone else.
Some crooks open legitimate sites purely for the PURPOSE of collecting passwords!
Sounds like those sites don't use salting and hashing. I try to make sure no sites store my password in collectable clear text. Of course salt won't protect my account if I am targeted but it will protect me if I am one of a million accounts.
Again, the anti-Apple people resort to ad hominem. You have a problem with reading comprehension, palmer? You mis-comprehended the entire point of my post. We don't STORE valuable data on sticks or cards at my office. We are not stupid. These are cards and sticks left behind by PATIENTS! They are in our lost and found department.
Sounds like those sites don't use salting and hashing. I try to make sure no sites store my password in collectable clear text. Of course salt won't protect my account if I am targeted but it will protect me if I am one of a million accounts.
Of COURSE they don't use salting and hashing! WHY WOULD THEY? AGAIN you mis-comprehend the point of my post. Try to comprehend this: the whole purpose of them having a "legitimate" site is to mine emails and passwords. . . so they can steal them!
Palmer, there is no way for you to know in advance how or how well any particular site handles the data you entrust with them. One of the major breaches two years ago was a CREDIT CARD company! Another was a major european BANK! This last weekend, AVAST Anti-Virus's Customer Service department User Support Forum was hacked and they got both User emails and PASSWORDs in hashed form which AVAST said could be decrypted. Over 200,000,000 names were involved, but perhaps 400,000 of those were actually stolen. You'd think they would be able to protect THEIR data, wouldn't you?
If you think you're protected, I have several bridges surrounding Manhattan Island for sale.
It is all well and good to ". . . simply keep track of your physical device, etc." but it really is NOT that simple, palmer. Sometimes the choice to keep track of your "physical device" is not left up to you. Open your eyes:
According to the (New York City, NY) city’s police department, thefts of Apple devices like the iPhone and iPad made up more than 18% of all grand larcenies in New York City last year (2013), with 8,465 incidents having been reported. Apple devices are stolen so often that the NYPD now specifically tracks thefts of Apple-branded devices separately from other devices. The Wall Street Journal noted that while Apple devices are indeed the most frequently stolen mobile devices in New York, an NYPD spokesperson said that Apple has also “led the industry in helping customers protect their lost or stolen devices” with its Find My iPhone and Find My iPad apps."—Boy Genius Report — January 13, 2014
So just losing your device is not the only risk, but actually having it snatched out of your hand, being mugged for it, having it stolen from your purse, pocket, car, ripped off your desk, whatever, is one of the most common crimes in the US. . . do you want your device and data stolen?
Apple has come up with a way to protect the data on your device by locking it. . . and making the device itself unsaleable by locking it completely unless one has the pass code known only by the legitimate owner. That is why using a unique password on the iCloud account is important. . . AND also using the pass code on the device. The two fold approach will protect your data and make iDevices less attractive to thieves.
Of course, you probably have an unprotected and un-remote-lockable *Samsung copied a version of Find My iPhone) Android device. No self-respecting thief would be caught dead stealing an Android device. :^)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.