Passwords (and the problems therein) have been mentioned here before – sadly it doesn’t look like Paris Hilton took much notice of our advice. The talentless bimbo hotel heiress is the proud owner of a Swarovski-encrusted T-Mobile Sidekick, the contents of which have been posted on the net (link NSFW) – topless pics, celebrity phone numbers and all. There’s even a celebratory tshirt…
T-Mobile would presumably like us to believe that it’s a one-off problem, so they’re playing down the possibility that someone with an unhealthy interest in Ms Hilton hacked her account. Instead the finger is being pointed at someone guessing her password.
The solution, it seems, is more prosaic than that. According to a posting on the O’Reilly Network, the problem lay in the answer to the ’secret question’ – which in Paris’ case was her dog’s name. Given that her dog is almost as prominent a ‘celebrity’ as her owner (insert your own comment about the downfall of civilisation here), this turned out to be not such a secret after all.
T-Mobile are partly to blame here – their choice of questions are limited, and asking a leading question like that will result in obvious passwords. But there is a workaround – use the ‘nursery rhyme’ hack for the answer to the secret question as well. In fact it’ll be slightly easier to remember even a complicated password, because you’ll be getting a ‘cue’ from the system as it asks you for your response. And if you’ve got the option to set your own ’secret question’, you can add a discrete reminder that the answer is scrambled – “what’s the FULL name of my dog?” or something along those lines.
And all of this makes a wider point about the safety and security of your data. Paris Hilton would have had a smaller risk of embarrassing revelations if the information had been on the Sidekick itself – you’d have needed physical access to the device to do anything nefarious. The risk would therefore be a function of her negligence if she were to leave it in the back of a taxi, for example. But Sidekick data sits on a T-Mobile server, so you’re reliant on them to maintain the integrity of their systems – and the larger the organisations and more complex the systems, the more difficult this becomes. Complex passwords and best intentions are useless if the attack is from the inside.
