The biggest tip from my setup is I have a dedicated email address for iCloud thatís separate from my iTunes account. This sort of happened by accident, but over the years Iíve come to appreciate the advantages.
One big problem with iCloud security is itís difficult to have a long and complex password on mobile devices. While TouchID makes big strides here, itís still a real pain to keep typing in a quality password. And you do need a quality password for an account holding important things such as your device backup, phone location data, calendars, device kill switch, and of course photo stream. Certainly it would suck if someone got my AppleID, but Iíve got protection from my credit card on fraud. No one has my back on the iCloud stuff. So by having a separate, dedicated, and secret email for iCloud not only does it make it more difficult for someone to get my login info, but I can secure it with a proper password and not be a major inconvenience.
The key here is you donít want to link your iCloud and AppleID as a backups. Also, you want to make sure this is a dedicated email address so no one can scrape it or phish it from you. Donít email anyone with this account and donít use it for a login anywhere else. I highly recommend 1Password for password management and keep the account in there. You can just cut/paste when you do need to use it.
The other stuff is pretty obvious, I think. Utilize 2-step verification. Your password is only as strong as the recovery system, and this is a good counter-measure. Also use 2-step verification on whatever email system youíre using for youíre iCloud account. Also, make use of the Notification Email Address. Send it to a work address or some other address not tied to your Apple accounts. This will at least alert you if someone makes changes to your account. And use the pin lock on your phone and keep track of your phone. Another thing to consider is avoiding free public WiFi, but thatís a tough one, so Iíd say stick with the trusted hotspots and ensure youíre connecting to the correct network.
Beyond that, youíll want to limit what is stored in the cloud. The cloud is super convenient, so one way to deal with privacy and cloud storage is to utilize encrypted disk images. iCloud doesnít support this now, but it looks to with iOS 8 and Yosemite. OS Xís Disk Utility can create sparse bundle images with 256-bit keys that are very convenient and easy to use. In general, you donít want to depend on a cloudís encrypted system because if their security is compromised, an intruder may also have compromised their encryption system. But ultimately, how you use the cloud directly correlates to your risks.
Lastly, Apple can do better. On a recent podcast we talked about the idea Apple needs the ability to see what devices are active on the account. And then have the ability to revoke access via the AppleID system. Dropbox works similar to this. Not only does it give an overview of which devices currently has access, but lets users control that access.
- Bendgate helps Apple?
- Consumer Reports takes on iPhone bending
- A look at making launch day iPhone cases
- Podcast: Thoughts on iPhone 6/6+, Hot Thighs and Tights Pants, What's Wrong with iPhone Lines
- How to get photos on to iOS 8 iCloud Photo Library with PhotoSync
- iPhone launch weekend sees 10 million sold
- Thoughts on iPhone sizes
- Apple TV and HomeKit
- iPhone lines and the black market
- Podcast - iPhone pre-orders, iOS 8, Tim Cook Interview + More
- 1Password 5 now available for iOS w/ extensions, touch ID support
- iCloud data gets 2-step verification, new app-specifc passwords
- Apple posts Android switcher guide
- Charlie Rose Tim Cook Interview
- 4 million iPhone orders in first day, up from 2 million for iPhone 5
- Podcast: iPhone 6, Watch, Apple Pay, etc, etc
- New iCloud storage plans rolling out
- Macworld Magazine ends, continues online
- Apple Watch
- The iPhone 6 and 6 Plus
- Apple Pay
- Podcast: iCloud security tips, TheFappening, Apple Event, plus more
- Wired on how iCloud accounts may have been hacked
- My iCloud security tips
- Podcast: Brown M&M, Apple event, wearable, tattoos, Dropbox vs iCloud + More
Browse and search for more articles