Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Everything you need to know about iCloud security

Glenn Fleishman | Oct. 20, 2014
Two-factor authentication (2FA) is the latest thing that hundreds of millions of people will likely be dragged into using for the purposes of securing their private information. It's necessary, and will be irritating to most people, despite their having seen some of the endless reports of sites being cracked and passwords being revealed--whether the passwords were stored in clear text, or using an unsophisticated encryption method that allows crackers to easily test common passwords against the stolen information.

The management tool at the Apple ID site on the Password and Security's View History section lets you revoke these passwords, too: one at a time or all at once. And whenever the main account password is changed, all the app-specific ones die a sudden death, too.

They do bypass the two-factor benefit, however, and that's a concern, email most of all. Apple's 2FA prevents access to its own account information for confirming a password change. But with any single-factor account you had elsewhere for which the registered email is your iCloud one, a third party who gains access to an app-specific password would be able to reset passwords at other services.

Now, the nice part with most of this is that you aren't bugged that often, if ever, after going through the fuss of setting it up, which is what makes it possible for you to help others (family, friends, colleagues, and more), as you won't have an ongoing burden of support. Setting up trusted devices takes a few moments. Generating necessary app-specific passwords, a few more, depending on how many different email clients, calendar apps, and contact managers you use that talk to iCloud.

Most people tend to use a single computer or set of computers, and Apple will let you use 2FA the first time you log into on a given browser, and then just a password when a session times out thereafter.

Two-factor authentication doesn't solve security. There are many points of entry for exploitation, and more being discovered (and patched) all the time. What it does is prevent a butter knife from picking the lock on your front door — and usually preventing a sledgehammer from knocking it down as well.


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.