FIGURE 6-6. Password complexity requirement of six characters, inclusive of one letter and one number
Tesla’s increased password complexity requirements and lockout policy may deter some
attackers, but this is not enough to stop determined attackers, who can still employ traditional
tactics such as phishing to obtain a victim’s password. All they would have to do is set up a
website that looks like the legitimate Tesla website and lure car owners to submit their creden-
tials. This type of attack is relatively easy to carry out, and thousands of individuals fall prey to
phishing attacks on a daily basis. In 2011, a phishing attack compromised the cryptographic
keys of the RSA SecureID product, ultimately leading to the compromise of data from
Lockheed Martin, one of the largest military contractors. In 2013, a phishing attack led to the
compromise of 110 million customer records and credit cards at Target.
THE TESLA MODEL S 175