Can apps steal your passwords? -


Post Top Ad

Post Top Ad

Saturday, 14 October 2017

Can apps steal your passwords?

No system that includes humans is truly safe. We use the same passwords for various services. We write them on our desks at home and at work. And some, they tell their passwords to people who claim to be tech support by phone or email.

Even a bad website with a ridiculous appearance can still trick some people into entering their credentials. Because the passwords are horrible. We have to remember a lot of them . Some policies require us to change them constantly. And we are often asked over and over and over again. It's annoying and tiring.

Therefore, if a phishing email or a direct message asks for our password, or if a fake website requests it, we often simply put it as usual . Out of the reason for the dialogue against a machine and to surrender to the inhumanity of the system .

The same can happen with applications. It has been the subject of industry discussion for a long, long time. Now, it draws attention again thanks to Felix Krause :

" IOS asks the user for their iTunes password for many reasons, the most common of which are newly installed iOS operating system updates or iOS applications that are blocked during installation ."

" As a result, users are prepared to enter their Apple ID password whenever iOS asks them to do so. However, such pop-ups are not only displayed on the lock screen, but also in random applications, for example, when they want to access iCloud, GameCenter, or in-app purchases . "

Even users who know a lot about technology have a hard time detecting that such alerts are phishing attacks .

For a malicious phishing application to work on iOS, it would have to be loaded from an unofficial source, such as a corrupted application store, which can only occur after all Apple iOS security measures are deliberately removed. The app would skip the review controls on the App Store and then enable the malicious code.

First, never disable Apple's iOS security measures or use unsafe application stores. Second, always be careful about where to enter your passwords , whether in messaging, on the web or in applications. Increasingly, messaging applications are becoming platforms and attack targets.

It uses long, strong and unique passwords and a password manager. Use two-factor authentication. Never click on any links you do not trust 100% on the web or through messages.

Only download applications and games from developers you know and trust or are recommended by sites and people I trust. When you see a password request in an application, press the Start button to make sure it persists beyond the application. If in doubt, click Cancel go to Settings or the App Store and see if you really need to log in again.

Do the same for Google, Amazon, and other accounts. The apps could ask for any password to any service and try to fake any dialog to do so. This is not a specific problem with Apple or iOS. It is a general security problem that end users are no more than a part of .

How do you handle the use of passwords? Do you think iOS is a secure system? We look forward to these answers and more in comments.

No comments:

Post a Comment

Post Top Ad