In the wake of the recent celebrity hacking scandal, there’s a lot of worry about whether or not iCloud is secure. That’s yet to be determined, but for now, here’s how you can make your iCloud backups more secure.
It’s not yet entirely confirmed that yesterday’s attack was a direct iCloud attack; we only have the word of the original hackers when it comes to that, and pretty much by definition they’re not exactly trustworthy folks.
Still, the current leading theory isn’t some massive gaping hole in iCloud itself, but instead a brute force attack on the Find My iPhone feature, which also lets you reset your password. Apple has reportedly patched a hole that allowed as many attempts at password guessing as the hackers would like, which should help matters.
I’ve talked before about securing browser passwords with password managers previously, but this is only part of the best way to secure your Apple account.
You’ve also got the capability to change and set your security questions. The security gap here is that if you choose your mother’s maiden name, or the name of your dog, these are factors that you might have put up on social media, or be listed on a register somewhere.
You’ve got two choices here; either better questions, or answers that don’t relate to the question in a way that a nefarious type might guess. I used the example in a radio interview this morning that if the default question was “What is your favourite colour”, then “Blue” would be a poor answer, but “Bert Newton” would be fine. iCloud won’t care about whether the answer makes sense, after all.
Mind you, don’t just use “Bert Newton” as your answer for everything. Come up with something else ridiculous but memorable.
The other way to secure your account is to request two-factor authentication. You do this by signing into your Apple ID online (here’s a link), going to “Manage my Apple ID”, Choosing “Password and Security” and choosing the Two Step Verification option.
Two step verification makes you register a trusted device — typically your smartphone — which will then be sent a four digit code every time a new device tries to access your iCloud account. You’re also given a 14-digit recovery code; store this away from your trusted device so that if it takes an unwanted tumble, or is stolen or lost, you can still recover your account. Obviously it too is a key, so store it well.
Two factor authentication helps in two ways; firstly it locks down your account to a device you’ve got on you, and secondly it’ll alert you if someone was to try to hack your account, because you’ll receive a notification code on your phone the moment someone tries to access your account.
Can’t I just switch iCloud off?
You certainly can.
From an iOS device, head to settings>iCloud, and you’ll find all the toggles for each part of iCloud. I’d suggest keeping Find my iPhone enabled — it can have genuine utility — but you can otherwise enable or disable features as you see fit.
Just remember that you should still be backing up your photos somewhere, because it’s not as though you can travel back in time and take them again if your unsecured iPhone is lost or stolen.
How Do I? covers the basics, because we’ve all got to start somewhere.