September 2nd 2014
By Mike Flaminio
The biggest tip from my setup is I have a dedicated email address for iCloud that's separate from my iTunes account. This sort of happened by accident, but over the years I've come to appreciate the advantages.
One big problem with iCloud security is it's difficult to have a long and complex password on mobile devices. While TouchID makes big strides here, it's still a real pain to keep typing in a quality password. And you do need a quality password for an account holding important things such as your device backup, phone location data, calendars, device kill switch, and of course photo stream. Certainly it would suck if someone got my AppleID, but I've got protection from my credit card on fraud. No one has my back on the iCloud stuff. So by having a separate, dedicated, and secret email for iCloud not only does it make it more difficult for someone to get my login info, but I can secure it with a proper password and not be a major inconvenience.
The key here is you don't want to link your iCloud and AppleID as a backups. Also, you want to make sure this is a dedicated email address so no one can scrape it or phish it from you. Don't email anyone with this account and don't use it for a login anywhere else. I highly recommend 1Password for password management and keep the account in there. You can just cut/paste when you do need to use it.
The other stuff is pretty obvious, I think. Utilize 2-step verification. Your password is only as strong as the recovery system, and this is a good counter-measure. Also use 2-step verification on whatever email system you're using for you're iCloud account. Also, make use of the Notification Email Address. Send it to a work address or some other address not tied to your Apple accounts. This will at least alert you if someone makes changes to your account. And use the pin lock on your phone and keep track of your phone. Another thing to consider is avoiding free public WiFi, but that's a tough one, so I'd say stick with the trusted hotspots and ensure you're connecting to the correct network.
Beyond that, you'll want to limit what is stored in the cloud. The cloud is super convenient, so one way to deal with privacy and cloud storage is to utilize encrypted disk images. iCloud doesn't support this now, but it looks to with iOS 8 and Yosemite. OS X's Disk Utility can create sparse bundle images with 256-bit keys that are very convenient and easy to use. In general, you don't want to depend on a cloud's encrypted system because if their security is compromised, an intruder may also have compromised their encryption system. But ultimately, how you use the cloud directly correlates to your risks.
Lastly, Apple can do better. On a recent podcast we talked about the idea Apple needs the ability to see what devices are active on the account. And then have the ability to revoke access via the AppleID system. Dropbox works similar to this. Not only does it give an overview of which devices currently has access, but lets users control that access.