iCloud, privacy and security
Worried about the safety of cloud services? Keep your account and data safe as houses
Social engineering could enable someone to get past security questions if they know enough about you
Security and privacy are major concerns when utilising any
cloud-based service. With worrying regularity, news reports reveal yet another high-profile industry giant has been hacked, passwords and user data unceremoniously hurled into an internet backwater. And, ultimately, any data that’s online could in theory be accessed by someone other than you. Fortunately, though, Apple makes it extremely tough for anyone to break into your account, through a mix of technology and recommendations.
Apple states iCloud “uses a minimum of 128-bit AES encryption – the same level of security employed by major financial institutions – and never provides encryption keys to any third parties”. Apple adds that encryption keys for the likes of iCloud Keychain (which syncs Safari usernames and passwords, payment card info, and Wi-Fi network details) are created on your devices, and Apple can’t access the keys, nor can it see or access your data. When setting up, devices require approval from another, already authorised device to ensure nothing dodgy is going on.
But when it comes to simply signing into iCloud Drive and other services or content that use your Apple ID, they are by default protected only by your username and password. The former is an email address and may be easy to guess; therefore, ensure your password very much isn’t. Similarly, when asked to input answers to security questions, there’s scope for obfuscation. Social engineering could enable someone to blaze through such a thin barrier if they know enough about you, but not if rather than entering your mother’s actual maiden name, you instead use a string of symbols that you note down somewhere safe so you yourself can later refer to them.
Under lock and key
To further secure your account, turn on two-factor authentication. This can be started in System Preferences’ iCloud pane: click Account Details, then the Security tab. Turn on two-factor authentication and run through the process. Once done, when you sign in to Apple services using your Apple ID you’ll be asked to verify your identity with a six-digit code sent to another device or a phone number you trust.
When it comes to privacy in general, it’s also worth noting that Apple talks about the subject a lot, including at its high-profile events. Apple wears high standards when it comes to privacy like a badge of honour, because it wants you to trust the company and sell you more hardware and services. You’re not the product in the relationship – which isn’t the case to the same extent with some of Apple’s competition.
To read more about Apple’s stance on iCloud security and privacy, read its tech note at apple.co/2ezyxUN. The company also offers a specific note regarding security and iCloud at apple.co/2ezyxUN.