Apple - What stops fake password prompts?

Is there anything which can make this process safer?

Yes. The user.

90% of hacking is social engineering. It's not what people think it is; some bleary eyed geek sitting in a dark basement surrounded by high caffeine content energy drinks and a seeming endless supply of Hot Pockets tapping out cryptic code on a keyboard as they somehow overcome whatever defenses you thought you had.

There are the vulnerabilities and the exploits that hackers do take advantage of and some of them are really cool (for instance, I can take control of a domain connected Windows machine simply by making the on screen keyboard launch command prompt as an admin, but that's another story for another day). However most of the hacking is how we can get people to give up the goods.

Where this applies is to be cognizant about what you're doing. The "knee-jerk reaction" to seeing a dialog box with a password is to do exactly what you are thinking right now: type in your password. What you need to do is get the habit of doing is taking a pause and asking yourself why.

  • If you're doing what you've always done and suddenly out of the blue you get a password request...ask why it's showing up now.

  • If you're installing something, ask why does it needs admin rights - it's probably legitimate, but a quick pause to mentally verify is always good (I do this when shopping too..."do I really need this thing?")

  • If you're on a website and you see a pop-up, ask why would they need that?

The key here is to take a moment and rationalize why you're entering your credentials. *You can always hit "cancel," you won't break anything, if you're not sure.

Something to consider...

Remember, most hacking is social engineering. Hackers know that most people don't want to go through the hassle of remembering different passwords for different accounts. If they can get your email address by examining cookies and then trick you into revealing a password, they now can try virtually every service (Facebook, Gmail, Twitter, etc.) to see what can be compromised.

Something more to consider...

Hacking is not about taking complete control of your system to make the mouse do crazy things or move files and folders. It's about lateral jumps, or in layman's terms: what access can I get on computer A that will give me access to computer B or system C? Hosing up your system only alerts you to their pretense which means you'll likely shut the door. They don't want that.

Tags:

Macos

Security

Related

Apple - Problem cloning the startup disk of a MacBook Pro running OS X 10.11.6 El Capitan Apple - Can I safely uncheck the Optimise Mac Storage check box on the Apple ID - iCloud page? Apple - Activity Monitor columns missing Apple - Is it safe to stack Mac minis on top of each other? Apple - How to remove Skype menu bar icon from macOS? Apple - Mail showing incorrect number of flagged emails Apple - Esc button from touchbar has disappeared Apple - iPhone X has a green line on the screen. What is damaged? Apple - Is OpenGL deprecated or removed in macOS Catalina 10.15? Apple - How do I install Xcode if I'm getting this message "Xcode can’t be installed on “Mac HD” because macOS version 10.14.4"? Apple - Are my macOS man pages outdated? Apple - Is there an Ubuntu documented build to run on 2018 MacBook Pro?

Recent Posts