Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

One more time: Use two-factor authentication on iCloud, even if there's a waiting period

Susie Ochs | Sept. 3, 2014
Once more unto the password breach, dear friends, once more. Two-factor authentication might not have necessarily saved Jennifer Lawrence from getting hacked, but using it is still a good idea.

icloud authentication blurred

Celebrities probably aren't used to proving they are who they say they are. People recognize them wherever they go. Your online accounts should not treat you like a celebrity.

Forget about remembering you from last time--even just giving your username and password shouldn't be enough to get you through the door. Two-factor authentication is the way to go, especially for cloud storage services, where you might be storing all kind of private data you don't want hackers to find.

Two-factor authentication adds another layer of security: First, you have your username and password, something you know. But since it's possible for someone else to crack your password, the second layer of two-factor authentication hinges on something you own, typically your smartphone. Once you log in, you're sent a single-use security code, often as a text message, and you have to enter that too, to access your account. So if someone tries to log in with your password, but they don't also have physical access to your phone to get that second security code, they can't log in.

We've already covered how--and why--to set up two-factor authentication for Dropbox, Facebook, Google, Microsoft (which includes your SkyDrive and webmail), PayPal, and Twitter. I just double-checked, and all those instructions still work as written.

iCloud headaches
But Jennifer Lawrence, Kate Upton, Kirsten Dunst, and the other affected celebrities had their iCloud accounts hacked. iCloud has two-factor authentication, but it's buried in an obscure part of settings--this guide can walk you through the whole process. Apple says the hack wasn't the result of a general iCloud vulnerability, but rather a targeted attack where hackers sniff out user names, passwords, and the answers to those dumb security questions.

Besides helping you create and remember strong passwords, a good password manager like F-Secure Key, KeePass, Dashlane, and 1Password can also help you strengthen the answers to those security questions too. That's an amazing idea, since as TUAW uncovered, iCloud's two-factor authentication isn't automatically triggered by someone logging into your account from a new machine.

And that's not the only problem with iCloud--Apple might subject you to a waiting period to turn on two-factor authentication in the first place. When I tried to turn on two-factor authentication on my iCloud account this morning, I was first prompted to change my password. (My current password was a mnemonic device that consisted of upper- and lower-case letters and some punctuation, but Apple wanted me to add some numbers in there, too.) So I changed it, because I couldn't continue without doing so. Then when I continued in my quest to enable two-factor authentication, I ran into a three-day waiting period... because, as this FAQ explains, I'd recently changed my password. OK, then.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.