SECURITY & PRIVACY
Calculate how much space you and your family will need, and the cost
Apple explains, At bit.ly/mficsecov, the levels of security that apply to iCloud data. It makes a distinction between “encryption” and “end–to–end encryption”. The latter means your information can be accessed “only on devices where you’re signed into iCloud. No one else, not even Apple” can read it. Even if a court ordered Apple to decrypt your data, it couldn’t.
The list of information stored using end–to–end encryption is short: Messages, your iCloud Keychain (which syncs all your saved passwords and logins), payment details, Home and Health data, Siri records and a few more things. Still, everything else — including your photos, backups, and everything in iCloud Drive (Files) — is encrypted
in transit and on the server, so it should be safe if someone hacked Apple’s servers or intercepted traffic between you and Apple. Apple just doesn’t promise it has no way to decrypt this data itself.
This should probably satisfy anyone not anticipating the authorities going after their data via the legal system. Apple discusses, at bit.ly/mfapsecpriv, how often this happens and how it’s handled.
The exception to this is Mail: your email traffic is encrypted in transit, but not on Apple’s IMAP servers. Email is insecure by nature. You could always encrypt files yourself by some other means before emailing them (or store them in iCloud).
TWO–FACTOR AUTHENTICATION
Two–factor authentication improves security for your Apple ID compared to the previous “two-step verification”. It means you’ll need to receive a code as well as entering your password when logging in on a new device. The code normally comes via an existing trusted device, but you’re also asked for one or more phone numbers that can receive codes. Any phone will do, even a landline. To maintain security, you should obviously use hard–to–guess passcodes on all your devices and macOS user accounts.
Two–factor authentication really isn’t any hassle, because it only kicks in when you buy a new device, erase one, or switch it between Apple IDs. It can only go wrong if you forget your Apple ID password and lose access to all your trusted devices and phone numbers at once, and there’s an account recovery process for that, although it can take a few days.