Amazon, you see, revealed the last four digits of one of Honan’s credit cards to the hacker, who pretended to be Honan on the phone. This allow the hacker to then call AppleCare with the information needed to change his iCloud password, and thus gain access to a dizzying array of accounts and devices. Honan’s iPhone, iPad, and MacBook Air were all remotely wiped. Gmail access gave the hacker access to his Twitter account, and that of Gizmodo, Honan’s former employer. As you would expect, havok ensued. And now much of the technology journalism world — yours truly included — is using Honan’s experience as a warning to beef up your passwords.
Honan’s story is well worth the read. But if you come out of it having learned anything, it should be this: Your password is not the biggest problem with computer security. People are.
Yes, weak passwords are a massive trouble spot. More than 20 years after the invention of the World Wide Web, people are still using phrases like “password” or “123456″ as the key to their online lives. In fact, it’s laughably easy-to-guess passwords like these that are used most often. And anyone who employs such foolishness has nothing and no one but themselves to blame when their accounts get hijacked.
But when you talk to computer security experts, foolish passwords are not considered the weakest door in the vault.
“The weakest point in any computer system is between the seat and the keyboard.” This phrase or its equivalent is something I have heard repeatedly while speaking with cybersecurity experts over the years, and Honan’s experience proves its truth. As our lives become increasingly digitized and more information about ourselves gets stored on computer systems operated by either businesses or the government, it becomes a point we all need to take seriously.
So remember this: No matter how good your password or how secure a system, there is always a weak point in every system due to the sad fact that humans are so often imperfect, malicious, and dumb.