security and privacy
Calculate how much space you and your family will need, and how much it’ll cost you
Apple explains, at bit.ly/ mficsecov, the levels of security that apply to iCloud data. It makes a distinction between ‘encryption’ and ‘end-to-end encryption’. The latter means your information can be accessed ‘only on devices where you’re signed into iCloud. No one else, not even Apple’ can read it. Even if a court ordered Apple to decrypt your data, it couldn’t.
The list of information stored using end-to-end encryption is short: Messages, your iCloud Keychain (which syncs all your saved passwords and logins), payment details, Home and Health data, Siri records and a few more bits and bobs. Still, everything else – including your photos, backups, and everything in iCloud Drive (Files) – is encrypted in transit and on the server, so it should be safe if someone hacked Apple’s servers or intercepted traffic between you and Apple. Apple just doesn’t promise it has no way to decrypt this data itself.
This should probably satisfy anyone not anticipating the authorities going
after their data through the legal system. Apple discusses, at bit.ly/mfapsecpriv, how often this actually happens – a few hundred times a year in the UK – and how it’s handled.
The exception to all of this is Mail: your email traffic is encrypted in transit, but not on Apple’s IMAP servers. Email is insecure by nature. You could always encrypt files yourself by some other means before emailing them (or indeed storing them in iCloud).
Two-factor authentication
Two-factor authentication improves security for your Apple ID compared to the previous ‘two-step verification’. It means you’ll need to receive a code as well as entering your password when logging in on a new device. The code normally comes via an existing trusted device, but you’re also asked for one or more phone numbers that can receive codes. Any phone will do, even a landline. To maintain security, use hard-to-guess passcodes on all your devices and macOS user accounts.
Two-factor authentication really isn’t any hassle, because it only kicks in when you buy a new device, erase one or switch it between Apple IDs. It can only go wrong if you forget your Apple ID password and lose access to all your trusted devices and phone numbers at once, and there’s an account recovery process for that, although it can take a few days.