Staying safe in the cloud
When you upload stuff to the cloud, you need to know it’s protected
When you send anything over a network connection you no longer technically have control over it, but that doesn’t mean it’s necessarily in any danger. Any technology company stakes its reputation on the security of your data, and this becomes even more important when we’re encouraged to store an increasing amount of items in the cloud, be it documents, photos, passwords or other sensitive personal data. Although Apple do a great job of hiding the nuts and bolts of how this all works from the end user to ensure a better experience, there’s actually a lot going on behind the scenes to ensure that all your iCloud data is protected, and other cloud providers do much the same with anything you upload.
Keep it secret, keep it safe
Remember: all your iCloud data and files you store in other cloud services is encrypted. Apple uses a minimum of 128-bit AES encryption for all iCloud data whether it’s in transit or stored on their servers. That’s the same level of security used by big financial institutions, and it never provides the encryption keys to third parties. For iCloud Keychain, even Apple can’t access the keys used to encrypt your passwords; they’re created on your device, and only encrypted keychain data passes through Apple’s servers.
You can even choose to disable keychain recovery, which means that the encrypted data isn’t even stored with Apple, though the flipside is that if you somehow lose all your devices, the keys can’t be recovered. Only trusted devices that you allow can access your iCloud Keychain. All your sessions at icloud.com are also encrypted with SSL, an industry-standard security protocol that allows data to be sent between a browser and a server in a fully encrypted format so that can’t be intercepted by anyone with malicious intent. When you use Apple’s own apps like Mail, Contacts and Calendar on iOS and OS X, authentication takes place using secure tokens, eliminating the need to store your iCloud password locally. Web technology is so commonplace these days that this kind of encryption is a part of all major websites, and helps to keep you safe online.
The weakest point in any system is unfortunately the end user, and when there have been failures in cloud systems, they’ve almost always been a result of hackers guessing people’s passwords, or ‘phishing’ attacks that trick people into visiting fraudulent websites that purport to be official and getting people to enter their real details, which are then promptly stolen. You may well have seen spam emails claiming to be from Apple or PayPal, but you should never click on the links they contain. If in doubt, go through the real website to find out if there’s really a problem. Fake emails can often be identified by poor spelling or a failure to include your real name, beginning with something such as “dear customer” or similar approaches.
Tech companies recognise that people are fallible and in recent years have been forcing users to employ more secure passwords. You can’t stop someone choosing their pet’s name, but you can at least make them include an upper-case letter, a number and a nonalphanumeric character. Apple requires a minimum of 8 characters, a number, an uppercase letter, and a lowercase letter and Safari can suggest random passwords for you if you use iCloud Keychain.
The Keychain Access app on your Mac has a password generator that can come up with strong passwords. The reason a string of random characters is so secure is firstly that it can’t be guessed, and also it’s resistant to ‘brute force’