Skip to main content

The 3 best ways to protect your iCloud account

Hackers have obtained working iCloud passwords. Use these methods to make sure yours isn't at risk.
apple-security-keys-fbi-2151.jpg
If you use iCloud, do these steps to protect your information.
Photo by CNET
Despite a daily barrage of hacks, data breaches and malware attacks, millions of internet users still refuse to take some basic security precautions that could make their accounts nearly impervious -- and worry-free.
Consider the current situation with iCloud. A group of hackers calling itself "the Turkish Crime Family" says it has access to hundreds of millions of Apple accounts and passwords, and will begin resetting them as well as remotely wiping iPhones unless Apple pays a ransom of at least $75,000 by April 7.
Has Apple been hacked? Probably not. "The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services," the company said in a statement. Apple also said it is working with law enforcement officials to identify the hackers.
In other words, the more likely story is that the hackers have cross-referenced accounts and passwords from other data breaches, which are widely available in hacker communities. (If you@badsecurity.org used "qwerty1234" on five other sites, you probably used it as your iCloud password, too.)
But that doesn't mean the threat isn't real. ZDNet, CNET's sister site, has verified that the hacker group had at least 54 valid accounts and passwords. Even more troubling: Three of those users insist that their password was unique to iCloud. (Read the full details at ZDNet.)
Have the hackers struck gold? Did those three users simply misremember that they recycled passwords several years ago? Perhaps they once logged in to iCloud from a malware-infected computer. Maybe someone was peeking over their shoulder at Starbucks one day they were logging into iTunes.
Ultimately, the details of the "how" these accounts were stolen, collected or aggregated may never be fully known. The only thing that does matter is that some users' valid passwords are definitely now out in the wild -- and yours could be, too.
But here's what you can do to gain peace of mind with your iCloud account. Or any other online account, for that matter.

Change your password to something new and unique

This is the easiest, quickest and most straightforward course of action. (In fact, Apple actively recommended users change their iCloud passwords back in 2014 when a very similar incident occurred.) But you need to follow some basic security best practices:
  • Use at least 16 characters that contain a combination of numbers, symbols, uppercase letters, lowercase letters and spaces.
  • The password would be free of repetition, dictionary words, usernames, pronouns, IDs and any other predefined number or letter sequences.
  • Do NOT recycle or reuse any passwords you've used in the past.
If all of that seems too complicated, consider using a password manager instead (see the third option, below), which should automatically create good unique passwords for all the services you use.

Turn on two-factor authentication

This is key. Turning on two-factor authentication -- also called 2FA or 2-step verification -- is about as close to being fully locked-down as you can get. If and when your account is accessed from anywhere, the service in question sends a confirmation code to a device you pre-authorize during setup -- your phone, your tablet, your computer or even your smartwatch.
Without that second code, which is randomly generated in real-time, the person attempting to access the account won't be able to get in -- even if they have your username and password. So, not only are the bad guys locked out, you'll get a pop-up or a text message alerting you if and when they're trying to get in.
screen-shot-2017-03-25-at-3-47-47-pm.png
What you'll see on an Apple device with 2FA engaged when a login from a new location is attempted.
Photo by Screenshot by John P. Falcone/CNET
Apple's iCloud supports 2FA, as does Google (Gmail), Facebook, Twitter, Instagram and pretty much any other service that takes security seriously. No, 2FA is not "perfect" or foolproof: App-based codes such as Google Authenticator as well as Authy are more secure than SMS-based ones, and it's assumed that the authorized device is neither compromised nor in the possession of the bad guys, for starters.
But for the average person, 2FA is as close to worry-free online security as you can get.

Use a password manager

The problem with creating strong passwords using the guidelines described above is that they're basically impossible to remember. And the moment you write them down on a Post-It note, phone app or the back of a business card -- well, yeah, you've already destroyed any "security" you gained with that 16-digit string of semi-random characters.That's where a password manager comes in. Password managers create encoded logins for all of the sites you use. They're designed to be impossible to remember -- which is why you need to only remember the single master password to the entire account.
lastpass.jpg
LastPass can help you keep accounts secure, while allowing you to reduce the number of passwords you need to remember.
Photo by Sarah Tew/CNET
Your best starting point is LastPass, which is now free for basic features. Other popular options include 1Password, Dashlane and KeePass.
Of course, the obvious caveat applies: A single password means a single point of failure. Indeed, LastPass suffered a data breach in 2015. But in that incident, the hackers did not get access to the master passwords, which LastPass doesn't even store. (The company advised users to change their master password as a safety measure.)

But it's a good reminder that your master password for a password manager needs to be as strong as possible, and completely unique. Follow all of the best practices cited in the first item, above.
Labels:

Comments

Post a Comment

Popular posts from this blog

ChatGPT comes to Android next week, but you can sign up today

  Two months after   launching for iOS , ChatGPT is available to “pre-order” for Android users who want to take   the ubiquitous chatbot  on the go. If it’s anywhere as popular as the iPhone version, expect to see some big numbers over the next few weeks. Of course any mobile user can access ChatGPT or other OpenAI tools via the web interface, but the superior experience of a dedicated app has proven extremely compelling, to put it lightly. iPhone users downloaded it half a million times in the first week, impressing everyone  until Threads came along and blew it out of the water . The ChatGPT app on Android  looks to be more or less identical to the iOS one in functionality, meaning it gets most if not all of the web-based version’s features. You should be able to sync your conversations and preferences across devices, too — so if you’re iPhone at home and Android at work, no worries. Of course it won’t be completely identical, since the two mobile operating systems differ in many way
Post a Comment
Read more

Tinubu Ministerial Nominies and thier state of Origin.

  The President of the Senate,  Senator   Godswill Akpabio has received 28 ministerial nominee s from President  Bola Tinubu with no state of origin attached, Vanguard has gathered. The list was delivered  by the former Speaker,  House of  Representatives  and Chief  of Staff to President  Tinubu, Femi  Gbajiabiamila who entered  the hallowed  Chamber  at 1.18 pm and delivered  the letter at 1.19 pm The letter was addressed to the President of the  Senate,  Senator  Godswill  Akpabio.  The 28 Ministerial  Nominees are Abubakar Momoh; Amb. Yusuf Maitama Tuggar;  Architect Hammad  Dangiwa; Hanatu Musawa;  Chief Uche Nnaji; Beta Edu; Doris Aniche;; David Umahi ; Nyesom Wike; Mohamed Badaru Abubakar  and Nasir El- Rufai.   Others are Ekperikpe Ekpo; Nkiru onyejiocha; Olubumi Ojo;  Stella Okotekpe;  Uju Kennedy; Bello Mohammed Goroyo; Dele Alake; Lateef Fagbemi and  Mohammed Idris. Others are Edu Muhi; Waheed Adebayo; Imma  Suleiman; Ali pate;  Joseph Utsev from Benue; Abubakar kyari; John
Post a Comment
Read more

UK scholarships for international students 2023-2024

Black Future Leader Award at Imperial College Business School 2023 Imperial College Business School is proud to be a global organisation with students from all over the world. Currently, students from Black or mixed black backgrounds are underrepresented in our student cohort and we're working to improve this. To encourage this further, we are offering scholars Deadline: March 24, 2024 Posted: Yesterday BU Sport Scholarship 2023 The BU Sport Scholarship is available to high-level sporting athletes coming to study at either undergraduate or postgraduate level at BU. The scholarship is designed to provide you with the funding you need to develop your sporting abilities and take them to the next level. You can apply for up Deadline: August 31, 2023 Posted: Yesterday University of Birmingham School of Mathematics - School Scholarships 2023 The School of Mathematics is keen to attract well-motivated and able students to engage in research mathematics and invite applications for scholars
Post a Comment
Read more