How secure is your iCloud account? The recent iCloud cyberattack that leaked nude photos of more than 100 celebrities — Jennifer Lawrence, Kate Upton, Ariana Grande and Victoria Justice, to name a few — has rocked both Hollywood and the tech world, putting into question the safety of the personal data users keep on Apple's cloud storage service.
While you may not be worried about naked pictures being leaked and sold online, the security exploit puts anyone who uses iCloud at risk. From confidential business documents to files containing sensitive customer information, anything you back up on iCloud can be easily compromised. To make sure your data is safe, here are four ways to keep your iCloud account secure.
1. Create a secure password
This particular cyberattack wasn't an iCloud breach per se. Rather, hackers used brute force attacks that exploited a security hole on the iCloud service Find My iPhone. This exploit gave hackers access to celebrities' usernames and passwords, allowing the hackers to test one password after another until they got it right. [How to Create a Strong Password]
So just as with any other online account, creating strong, unique passwords and making them secure is key to keeping your iCloud account safe.
To that end, Apple requires that passwords:
- Have at least eight characters, including at least one number and an uppercase and lowercase letter
- Not repeat any characters more than three times consecutively
- Not be the same as the account name
- Be uncommon and new (haven't been used within the past year for the same account)
Additionally, Apple recommends the following best practices to keep iCloud passwords secure:
- Make passwords stronger by adding unique characters and punctuation marks.
- Don't use the same password for your email, social media and other online accounts.
- Don't keep the same password forever. Change passwords regularly and never recycle.
- Don't share your password with anyone.
- Don't send passwords or other sensitive account information by email.
2. Turn on two-step verification
Two-step verification adds another layer of security to iCloud by requiring users to enter both a password and an additional form of verification using one of their devices. By asking for a physical form of ID, two-step verification prevents unauthorized users from accessing and making changes to iCloud accounts even if the password has been compromised. This also keeps hackers from making purchases on your account at the iTunes Store, App Store or iBooks.
To use two-step verification, you'll need to register a trusted, SMS-enabled device. When two-step verification is turned on, Apple will send that device a four-digit verification code that you'll need to enter with your password in order to gain access to iCloud.
To turn on two-step verification, visit My Apple ID and click on "Manage your Apple ID." Choose Password and Security, then click on Get Started under Two-Step Verification.
3. Disable My Photo Stream
When you take or save photos and other images on an iPhone, they are automatically uploaded onto iCloud using a feature called My Photo Stream. This makes the images available to anyone with access to both your iCloud account and iCloud-enabled devices.
Although automatically pushing photos and images to iCloud is useful when you want to be able to access them on any of your devices, it may not be the best option if they contain sensitive information.
To keep photos and other images strictly on your device and out of iCloud, you can completely turn off My Photo Stream for any or all of your devices. From the Settings menu, go to iCloud, select Photos and switch My Photo Stream to off.
4. Mind your email addresses
Your iCloud account relies heavily on your email address. When you need to register, log in or reset your password, your email address is your key to securing your iCloud account. Because of this, iCloud users need to make sure they always remember and have access to the email address associated with iCloud. They should also keep that account safe from cyberattacks.
First, Apple recommends keeping your Apple ID current at all times. For instance, if you end up no longer accessing the email address you used when you registered, make sure to update your Apple ID account with an email address that you currently do use. The same applies to places that reissue email addresses, such as Internet providers, mobile carriers and employers. That way, you'll always have access to any emails and alerts from Apple, which is especially important if you've forgotten or need to reset your password.
Apple also suggests adding a "rescue email address" to your Apple ID account. In the event that your primary email address (the one you used to register your Apple ID) is compromised, the rescue email address is your key to resetting your password, changing your contact information and protecting your account.
Lastly, Apple advises users to always make sure they follow email best practices to secure their inboxes and online accounts against hackers. This includes dodging phishing scams by not opening emails from unknown senders, never clicking on suspicious links and avoiding providing personal information to unfamiliar websites.
For more information on how to keep your iCloud account safe, check out Apple's iCloud security and privacy overview.
Originally published on Business News Daily