With the uptake of cloud computing becoming more common place the use of one username and password to authenticate is becoming the norm. A single username and password can now authorize you to access all sorts of things. Your Google Account for example will allow you to access Google Docs, Calendar, Analytics, Adwords/Adsense, the Android Marketplace and a myriad of other services Google provides. Your Facebook/Twitter email and password is being utilized to do things from post comments to create third party website accounts. No doubt a great way to avoid creating dozens of different accounts on every site you visit – but at what risk?
Apple is at the top of the list for providing mega-accounts. Your Apple email and password allows you to purchase songs, books, apps and login to any Apple service including their new iCloud to syncronize calendars, contacts, email and save files. This great convenience also brings great risk. If a hacker can get into one of these accounts they can cause headaches and even cost you financially if you have a credit card connected to one of these accounts. Not to mention that if you are using iCloud, you could be locked out losing access to important work files.
Apple iTunes is hacked regularly and more often then they want the public to know. With millions of worldwide users and millions of devices – an Apple ID is very lucrative to fraudsters. Just recently I received a charge from the “Apple ITunes Store Luxembourg”. I am very careful with passwords ensuring numbers, uppercase/lowercase letters and characters. Not to mention I have changed it twice in the past three months. Doesn’t matter much if their system is the weakest link.
Read this discussion thread on Apple’s discussion site. Almost 60 pages of comments from people experiencing hacked accounts, unauthorized credit card transactions and drained gift cards. You would think that given the advanced technology found in idevices that it would employ advanced security practises (facial scans, voice authorization, location based security – even a simple private pin could help).
My reccomendations are simple.
The bigger the mega-accounts become, the more they will become a target. We will only hear more and more of these stories as cloud computing grows.