Menu
How Apple and you can improve iCloud security

How Apple and you can improve iCloud security

Apple's iCloud attack is in the spotlight, but it's nothing compared to the attacks you can expect. Apple and every user must take immediate action to protect your digital lives. Here is what you can do.

Apple's iCloud attack is nothing in comparison with the kind of attacks every tech firm must prepare for, as they offer payment and connected solutions for home, health and car. Here's some ways for you to protect yourself and for Apple to improve its own security.

What happened?

Brief version: Apple's statement and information from elsewhere suggests hackers targeted individuals using a combination of research (finding place and date of birth and other information used in Apple's password protection) and brute force attacks to hack the accounts of known individuals. These excellent reports illustrate this. Using these methods hackers got hold of complete iPhone backups.

Protection now

There are steps everyone should immediately take to improve iCloud account security:

Use a strong account password: iCloud customers should change their Apple ID to a new, strong password at My Apple ID immediately, using extra characters and punctuation marks. Change the password regularly.

Enable two-step verification: Apple offers two-step verification as an option. Two-step verification requires you verify your identity using one of your devices before you can make changes to your account information or purchase digital goods using an unknown device. Enable it.

Change your security questions: Apple uses security questions to help you identify yourself online or when contacting Apple Support. These are personal questions, such as where you had your first kiss. If you are in the public eye, it makes sense to use memorable lies rather than give true answers, as iCloud hackers apparently researched such answers when hacking into the accounts. The answers just need to be memorable, not accurate.

Use iTunes backups: Many backup devices to iCloud. Given it's possible iCloud backups were used to access personal data, it makes sense to switch to using iTunes backups, pending new security protections being put in place. (Settings>iCloud>Storage & Backup and toggle the iCloud backup switch off.)

Replace credit cards regularly: Your credit card details travel with every purchase you make. Be paranoid.

How can Apple improve security?

A few suggestions Apple might follow to improve iCloud security:

Default

Apple should make two-step verification defaultas soon as possible.

Geofencing

Given mobile devices and Macs know where they are (if permitted), it makes sense to use location as security: users could tell iCloud to only permit certain actions (such as downloading backups) if the device is situated in a defined country, city, region or street. Travelling iCloud customers should easily be able to let the service adapt to their plans.

The user should be alerted and the task prevented if attempts are made from devices outside this customer-defined geofence. This kind of geofencing will significantly impair hackers. Customers could be permitted to disallow account access using a computer or device that does not reveal, or appears to mask, its location.

TouchID

When a customer attempts to access their iCloud account from a device authorized to their account equipped with TouchID, a successful fingerprint scan may be required as part of the login process.

Face recognition

Apple's iPhoto already recognizes faces. Why not apply this feature within security protection? Most computers have webcams; most devices have cameras. This isn't impossible.

Signature

Apple's Preview app can take a picture of your signature. Most systems have cameras -- to access your account a signature match could be required.

The truth about online security on any platform is that every form of security can in some way be undermined, but technology firms must maintain the dialog of regularly introducing new protection. It's the equivalent of showing your home is occupied to deter against burglary. No platform is immune and vigilance is required.

Also read:

Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic's Kool Aid Corner community and join the conversation as we pursue the spirit of the New Model Apple?

Got a story? Drop me a line via Twitter  or in comments below and let me know. I'd like it if you chose to follow me on Twitter so I can let you know when fresh items are published here first on Computerworld.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags iPadcloud securitycloud computingsmartphonesinternettabletsAppleiPhoneiTuneshardware systemsconsumer electronicsios 7OS X MavericksEnableiOS 8

More about AppleCustomersGoogleMacsNSA

Show Comments
[]