Is iCloud Safe?

There has been a lot of press lately about iCloud and the alleged 'hacking' of celebrity iCloud accounts - where nude photos of these celebrities were stolen and published.

This has caused many people to worry that iCloud may not be safe, and may be easily hacked.

Is this the case - should you be worried about using iCloud to sync your data and backup your iPad and iPhone?

The answer is - it depends!

The security of your information in any Cloud-based solution is only as good as the password you use, the security questions/answers you choose, and the level of security that you apply to the account.  

Additionally, if someone was to steal your iPhone, iPad or computer, the security of your online accounts is very dependent on whether you have password protection on that device.

Here are some hints for ensuring that your online data is protected - especially if you store those nude selfies in the cloud, something I would never recommend!

---

1. Choose strong passwords and use different passwords for each online account

Consider your password as the key protecting your information assets - just like your house key protects your physical assets. 

Using an obvious password is similar to leaving your key in an obvious location (e.g. under your doormat).  

If you then use the same key for your home, your car, your office, your holiday house, etc, then all of these assets will be at risk if someone gets hold of your key (and knows your addresses).   Most online accounts have the same address (i.e. your email address), making them easy to access once someone knows your email address and password combination.

There are many ways that someone could get hold of your password for a particular online account - through a Phishing email, perhaps if you use public WiFi to access an account in a manner that is not secure, perhaps if a site at which you have that email address/password combination registered is itself hacked and your details stolen (as has happened for eBay and other sites recently).

If you use different passwords for different online accounts, you minimise the potential impact of any theft of your login credentials for another online account.

How easy is it to crack into an Apple iCloud account? We tried to find out - The Guardian (blog)

2. Try to choose more obscure security questions and answers

Sometimes, the security questions and answers that you set up to deal with forgotten passwords are just too easy to guess if the person illegally accessing your account knows anything about you.

For the celebrities whose data was illegally accessed in the past week, this is most likely what happened.  Given that these people are in the public limelight, answers to their 'secret' questions were probably not as secret as would apply to the average person.

If you are given a list of questions/answers to choose from, choose those that would be really difficult for anyone else to guess.

Apple celebrity nude photo hack shows risk in security questions | theage.com.au

3. Consider turning on 2-step verification for your Apple ID/s

This is something that has been covered in earlier articles, in relation to improving the security of your Gmail and Outlook/Live/Hotmail accounts.

Apple provides the same additional security setting for your Apple ID.  If this is enabled, if a device is not listed as a 'trusted' device is used to access your Apple account, a four-digit verification code will be sent to your mobile phone - this could would need to be entered on that other device before access to your account is granted.

This would tell you if an un-authorised person is trying to access your account, and would prevent any such person from getting access to your account and its data.

Check out the below article 'Scooped' on theiTandCoffee Scoop.it page, to find out how to set up this 2-step verification.

How to set up two-factor authentication for your Apple ID

Apple has acknowledged a deficiency in its notifications for iCloud

While Apple's iCloud security was not actually compromised or the cause of the celebrity account hackings, Apple has acknowledged that there was a gap in their notification processes.

There was no notification sent to those celebrities of the fact that their accounts had been installed on, or restored to new devices (ie. the devices of the hackers).

This has now been rectified, so that you will in future receive a notification whenever your iCloud is installed on, or restored to a new device.

iCloud Login: Apple to Tighten Online Security After Hacking