Stay­ing safe in the cloud

When you up­load stuff to the cloud, you need to know it’s pro­tected

Mac Format - - CLOUD SYNCING -

When you send any­thing over a net­work con­nec­tion you no longer tech­ni­cally have con­trol over it, but that doesn’t mean it’s nec­es­sar­ily in any dan­ger. Any tech­nol­ogy company stakes its rep­u­ta­tion on the se­cu­rity of your data, and this be­comes even more im­por­tant when we’re en­cour­aged to store an in­creas­ing amount of items in the cloud, be it doc­u­ments, pho­tos, pass­words or other sen­si­tive per­sonal data. Although Ap­ple do a great job of hid­ing the nuts and bolts of how this all works from the end user to en­sure a bet­ter ex­pe­ri­ence, there’s ac­tu­ally a lot go­ing on be­hind the scenes to en­sure that all your iCloud data is pro­tected, and other cloud providers do much the same with any­thing you up­load.

Keep it se­cret, keep it safe

Re­mem­ber: all your iCloud data and files you store in other cloud ser­vices is en­crypted. Ap­ple uses a min­i­mum of 128-bit AES en­cryp­tion for all iCloud data whether it’s in tran­sit or stored on their servers. That’s the same level of se­cu­rity used by big fi­nan­cial in­sti­tu­tions, and it never pro­vides the en­cryp­tion keys to third par­ties. For iCloud Key­chain, even Ap­ple can’t ac­cess the keys used to en­crypt your pass­words; they’re cre­ated on your de­vice, and only en­crypted key­chain data passes through Ap­ple’s servers.

You can even choose to dis­able key­chain re­cov­ery, which means that the en­crypted data isn’t even stored with Ap­ple, though the flip­side is that if you some­how lose all your de­vices, the keys can’t be re­cov­ered. Only trusted de­vices that you al­low can ac­cess your iCloud Key­chain. All your ses­sions at are also en­crypted with SSL, an in­dus­try-stan­dard se­cu­rity pro­to­col that al­lows data to be sent be­tween a browser and a server in a fully en­crypted for­mat so that can’t be in­ter­cepted by any­one with ma­li­cious in­tent. When you use Ap­ple’s own apps like Mail, Con­tacts and Cal­en­dar on iOS and OS X, au­then­ti­ca­tion takes place us­ing se­cure to­kens, elim­i­nat­ing the need to store your iCloud pass­word lo­cally. Web tech­nol­ogy is so com­mon­place th­ese days that this kind of en­cryp­tion is a part of all ma­jor web­sites, and helps to keep you safe on­line.

The weak­est point in any sys­tem is un­for­tu­nately the end user, and when there have been fail­ures in cloud sys­tems, they’ve almost al­ways been a re­sult of hack­ers guess­ing peo­ple’s pass­words, or ‘phish­ing’ at­tacks that trick peo­ple into vis­it­ing fraud­u­lent web­sites that pur­port to be of­fi­cial and get­ting peo­ple to en­ter their real de­tails, which are then promptly stolen. You may well have seen spam emails claim­ing to be from Ap­ple or PayPal, but you should never click on the links they con­tain. If in doubt, go through the real web­site to find out if there’s re­ally a prob­lem. Fake emails can of­ten be iden­ti­fied by poor spell­ing or a fail­ure to in­clude your real name, be­gin­ning with some­thing such as “dear cus­tomer” or sim­i­lar ap­proaches.


Tech com­pa­nies recog­nise that peo­ple are fal­li­ble and in re­cent years have been forc­ing users to em­ploy more se­cure pass­words. You can’t stop some­one choos­ing their pet’s name, but you can at least make them in­clude an up­per-case let­ter, a num­ber and a non­al­phanu­meric character. Ap­ple re­quires a min­i­mum of 8 char­ac­ters, a num­ber, an up­per­case let­ter, and a low­er­case let­ter and Sa­fari can sug­gest ran­dom pass­words for you if you use iCloud Key­chain.

The Key­chain Ac­cess app on your Mac has a pass­word gen­er­a­tor that can come up with strong pass­words. The rea­son a string of ran­dom char­ac­ters is so se­cure is firstly that it can’t be guessed, and also it’s resistant to ‘brute force’

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.