Hack
A new hacker tool called iDict proves two points: Apple's security system isn't perfect, and users need to buff up their passwords. Reuters

If your password is simple -- like Password1 or Passw0rd -- now's the time to change it, as a new brute-force hacking tool called iDict made its way around the Internet Friday. iDict exploited a hole in Apple's security system that's supposed to kick users off after too many log-in attempts. The tool bypasses this and tries every phrase in a 500-word list of common passwords, Gizmodo reported.

If yours matches, a hacker could get into your account. If your password isn't a dictionary word on the list, you don't have to worry.

iDict's list of vulnerable passwords includes:

  • P@ssw0rd
  • Princess1
  • Iloveyou1
  • Pa55word
  • Sunshine1
  • Blessed1
  • Password2
  • Spongebob1
  • Computer1
  • Metallica1
  • Whatever1
  • Gangsta1
  • Tiger123
  • Yankees1
  • Pickes1
  • Password1!
  • Taylor13
  • Jesus1st
  • Bigdaddy1

"This bug is painfully obvious and was only a matter of time before it was privately used for malicious or nefarious activities," iDict creator Pr0x13 wrote on GitHub. "I publicly disclosed it so Apple will patch it."

9to5Mac reported that Apple should be able to fix the issue soon, but iDict's release serves as another reminder that people's passwords should be complex and secret. Also recommended is two-factor verification, which requires users to not only produce a password but also enter an authentication code often texted to their cell phone.

iCloud security has come under scrutiny in recent months after hundreds of celebrity photos were posted online in a massive hack termed "The Fappening." Actress Jennifer Lawrence, Olympic gymnast McKayla Maroney and model Kate Upton were among iCloud account-holders who had private content -- in some cases, nude pictures -- leaked online.

Here are tips for keeping your content safe:

  • Use a different password for every one of your accounts, Google recommends, and change them often.
  • Include numbers, uppercase letters, lowercase letters and symbols in your passwords.
  • Don't include personal information, and don't use anything simple or sequential. This means "Password1" or "letmein" are out.
  • The longer you make it, the better. Microsoft recommends having a password that's at least eight characters long.
  • Substitute misspellings for real words. "I love soccer" is strengthened by becoming "1LuvSoCC3r!1," Business Insider reported.
RELATED STORIES