Boost Your iCloud Photo Security
5 simple steps
the news couldn’t have come at a worse time for Apple. A week before its September 9 launch of the iPhone 6, there were reports that hackers accessed over 100 celebrity iCloud accounts, resulting in leaked nude photos of famous women such as actress Jennifer Lawrence and model Kate Upton being posted widely on the web.
Apple quickly responded by saying these were targeted attacks on specific accounts and that hackers hadn’t succeeded in breaching Apple’s systems. Nevertheless, it appeared that Apple had overlooked the need to protect iCloud accounts from brute-force attacks in which software rapidly makes hundreds of guesses until it finds the correct password. Apple quickly released a fix that locks out a user after several failed attempts, but some accounts were still vulnerable.
All of this suggests that you may want to take steps to protect yourself should someone ever try to steal your private photos that you’re storing in the cloud.
Here are 5 steps you can take to boost your iCloud photo security.
1Create a Stronger Password
The best first step to securing your photos is one you’ve likely heard before: create a stronger password. It’s no longer enough just to mix in special characters and numbers. Your password should ideally be at least 14 characters and different for each site you access.
To change your password, go to My Apple ID ( appleid.apple. com). Click on Manage your Apple ID and sign in. Click on Password and Security, then select Change Password.
Apple requires at least 8 characters, but you should go for 14. They also require at least one number and at least one lowercase and one uppercase letter. Don’t use your child’s or spouse’s name, a favorite color, or the word “password,” as many hackers typically try these first. Don’t use common words and then tack on numbers and symbols at the end—scatter them throughout. To make your password easier to remember, Mashable offers the helpful hint of stringing together dictionary words that aren’t normally related, like “grassboxfidget,” such that your final password could be “Grass4*Box!Fidget.”
2Select Proper Security Questions
If you forget your password, you can access your Apple account by answering security questions. That means, of course, that someone else could too, if they knew the answers. Apple offers some 20 questions to choose from, so be sure to select questions that others would be unlikely to know or be able to figure out, such as the least favorite car you’ve owned or the first thing you learned to cook.
3Avoid Phishing Scams
By now you’re probably aware that the bad guys will often send out official-looking emails asking you to log into your account. But they then send you to a bogus page that looks like the real thing and capture your username and password when you log in. Be very wary of such emails. Even when I receive an email that I’m sure is legitimate, such as from PayPal, I still always go to my browser to log into my account rather than clicking on the link in the email.
4Back Up to Your Computer Rather Than iCloud
Some people may decide to take the extraordinary step of not using PhotoStream (iOS 7) or Photo Library (iOS 8) in order to keep their photos out of the cloud. But the hackers who got into the celebrities’ accounts had special software that let them access the person’s backup of their device stored in iCloud. So even if the celebrities hadn’t uploaded the nude photos to the cloud, the hacker was able to get them from the backup. If you use Apple’s iTunes software to back up your device to your computer instead of backing up to the cloud, you’ll be less vulnerable.
5Enable Two-Step Verification
The strongest security measure you can take is two-step verification, which Apple began offering last year. In addition to having you log in with a username and password, two-step verification entails Apple sending a 4-digit security code via text message to your phone. You enter the code to verify your identity and complete your sign-in.
While Apple had activated this feature for iTunes accounts and Apple ID accounts, it wasn’t yet available for iCloud at the time the celebrities’ accounts were hacked. Apple has rolled this out for iCloud as well.
You can secure your iCloud, iTunes, and Apple Store accounts by following these steps to enable two-step verification:
In your Internet browser, go to My Apple ID, click on Manage Your Apple ID, and sign in. Click on Password and Security. Answer your security questions, and then under Two-Step Verification, click Get Started. Apple will email you a verification code, which you will then enter in order to continue.
You will then need to wait three days before you can complete signing up. Apple will send an email letting you know when the waiting period is over. When you receive the email, sign back in at My Apple ID, click on Password and Security, answer your security questions, and then click Get Started under Two-Step Verification.
Enter your phone number. Apple will text you a verification code. Then enter the code and you will be given a 14-character Recovery Key, which you should print and store in a safe place. Then confirm your Recovery Key, check the box, and click Enable Two-Step Verification. From then on, any time you make a purchase or access your account from a new device, Apple will text you a verification code that you must enter in order to complete your sign-in. Jim Karpen, Ph.D, is on faculty at Maharishi University of Management in Fairfield, IA. He has been writing about the revolutionary consequences of computer technology since 1994. His Ph.D dissertation anticipated the Internet revolution. His site, jimkarpen.com, contains selected regular columns written for The Iowa Source. jim_karpen@iphonelife.com.