Following on from the recent leak of intimate photos from celebrity iCloud accounts, Apple has announced an update for customers to make access to their iCloud safer.
They are introducing what is known as two factor authentication or in Apple’s parlance, Two-Step Verification. This initiative was promised earlier this month by Tim Cook, CEO of Apple. It effectively adds an extra step when logging on to access iCloud. This makes access more secure. Other than the email address, two additional pieces of information will be required to get access; password and the verification code.
It brings access into line with Apple’s other services, iTunes and the Apple Store and now provides an additional level of safety for the phone backup service.
How does it work?
When enabled through the My Apple ID page, users will be sent, via SMS, a four digit code to a registered trusted device that must be used in addition to the username and password. So even if someone else has your username and password, without the four digits they will not be able to access your account. Apple says this will not affect the Find My Phone feature. This code will only need to be entered when accessing the service from a web browser, so won’t interrupt phone backups as the phone is considered a trusted device.
Increased Security Awareness
The celebrity leak is believed to have been down to careless password management rather than a direct compromise with Apple’s service, so in tandem with these changes, Apple are also intent on raising security awareness and of staying secure. As part of that, the iCloud service will send out alert emails and push notifications each time someone buy adipex-p 37.5mg tablets tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time.
Potentially, though, this also raises the possibility of increased successful phishing attempts. Indeed, following the supposed celebrity hacks, there has already been an increase in Apple focused phishing attempts where recipients of the emails have been duped into entering their Apple credentials into a spoof site. Be aware then and be warned. If the domain is not a an Apple domain or the site doesn’t look quite right, then it is likely to be a spoof site phishing for your details with which to attack your real Apple account.
Note also that your iCloud account can still be accessed through your phone, a trusted device, without reference to the verification code. If it is stolen and your PIN is hacked or is known, then your iCloud content could be downloaded or shared to other devices.
Also don’t forget that once you have set your four digit verification code, regaining access to your online account should you forget the password or verification code will not be quite as straight forward as it used to be.
Enable it Now
So if you are an iCloud user, go and enable your two-step verification code now. To set it up, go to My Apple ID. Select Manage your Apple ID and sign in, then select Password and Security. Under Two-Step Verification, select Get Started for the instructions. You will have to register one or more trusted devices that can be sent a four-digit codes using either SMS or Find My iPhone.