When you finish using an Adobe CC product such as Photoshop CC or Lightroom Classic CC in my case, on closing the desktop application you remain signed in to your Adobe account. There is no prompt to give you the option of signing out of all active Adobe applications and there is no warning that you are still signed in to your Adobe account and remain exposed.
If, say, your Windows based computer is then stolen, unfortunately it is very easy for the Windows account login to be bypassed by the third party.
Since you are still signed in to your Adobe account, this means the third party has immediate access to your private information held under your personal Adobe account.
This immediate access is achieved without the third party having to go to any lengths to, say, decrypt a password obtained from a pwned account and without having to complete a two-factor authentication process if enabled.
Many users will not be aware of this Adobe security vulnerability.
To mitigate the vulnerability, before you shut down your operating system it is necessary to ensure you pro-actively sign out of your Adobe account each time you have finished using Adobe products.
The Adobe Creative Cloud app is running in the background and when signing out of this you are actually discouraged from doing so by Adobe by the prompt that appears “Are you sure you want to sign out? Signing out will deactivate Creative Cloud applications you’ve installed, stop active file syncing, and disable fonts you’ve activated from Adobe Fonts”.
The unhelpful wording of this prompt will worry some users, but you must ignore it and ensure you do sign out completely before closing your operating system. You will be able to sign in again when you next use an Adobe Creative Cloud app and carry on without penalty.
With an increasing level of security problems developing throughout the industry, you are advised to implement two factor authentication when available to protect your online accounts. Adobe provides this option and when you sign back in using the Adobe Creative Cloud app, you are correctly prompted to complete the two-factor authentication process.
However be aware that if the first thing you do is start your CC product (such as Adobe Photoshop) when you have not signed in to the Creative Cloud app, then the requirement for two-factor authentication that you have set on your account does not work. This means that by using a CC app on any computer, a third party can go straight through to your private information without the use of two factor authentication.
To do this the third party would need to have gained access to a decrypted form of your account password. You are thinking there is no chance of this - what is all the fuss? However there are frequent reports of large volumes of user account data being pwned with clarification that encrypted passwords are being decrypted with ease.
In fact my personal Adobe account data was pwned in October 2013 making my sensitive private information public to the malicious community. You are able to check some of the known breaches at https://haveibeenpwned.com/
You may like to check the email addresses that you have been using.
As reported on this forum, at the time a class action that was pursued against Adobe for “shoddy security practices” succeeded.
https://www.theregister.co.uk/2015/08/17/adobe_settles_claims_for_data_breach/
Adobe products are the most expensive software I use. Yet Adobe is certainly not best in class when it comes to security and clearly needs to address the responsibility of providing much smarter protection of their user’s personal information.
For CC products, at the very least by ensuring that by default the user needs to sign in to their Adobe account when the operating system is restarted and much better user orientation needs to be provided for the prompts and instructions relating to account security. Yes and ‘Stay signed in’ needs to be disabled by default throughout.
3
Replies
AdChoices