Monday, September 1, 2014

How to Enable Two-Factor Authentication for iCloud (And Why You Should)

This past weekend was not a good one for at least twenty or so celebrities, as well as Apple's iCloud service. According to a number of reports, a large number of female celebrities had personal photos released from their private iCloud accounts after a hacker was able to gain access to them. While we don't know all the details yet, it is likely that a combination of social engineering, weak passwords, and publicly available security question answers merged to allow the attacker access. In light of these events, it's a great idea to review the security of your account to avoid any accidental exposure of your private information.

Two-Factor Authentication

One of the easiest ways to secure your iCloud account is to use two-factor authentication. With this feature enabled, an attacker will not be able to log into your account unless he or she also has access to your phone. To set it up, first head over to your Apple ID security page here:

Make sure that two-factor authentication is setup. If it is not, begin the process by clicking the link. You will be asked for several pieces of information, including a phone number and answers to your security questions. You will also be asked to provide the code texted to you as well as given a very long reset code which should be treated as if it is your password (in other words, don't write it down some place that will be lost, and don't save it on your desktop).

Once you enter all this information, two-factor authentication will be setup. Congratulations, you've just made your iCloud account ten thousand times more secure!

iCloud Two-Factor Authentication

Security Questions

For most accounts, the only thing that stands between a hacker resetting your password and maintaining your security is a strong set of password security questions. What good are these questions if an attacker can find the answers on Facebook? This is a good time to check your questions and make sure they are hacker-proof. Here are some tips:

  1. Security questions should be simple for you to remember but complex for anyone else
  2. The answers to your questions should not be something an attacker can find on Facebook, Twitter, your blog, or on your abandoned MySpace page.
  3. Be very specific in your answers. If the question asks where you met your significant other (a common question), don't use "Los Angeles" as the answer. Instead, provide a specific street name, a friend's name who introduced you, etc.).
  4. Don't choose simple questions. "What is your favorite color?" and "Where were you born?" are ridiculously simple questions for attackers. Choose more complex questions that ask for information not found in your online profiles.
Securing iCloud is relatively simple and doing so can go a long way in securing your personal photos and documents. Unfortunately, leaks like the one that happened this weekend are going to occur. But by following these guidelines, at least you can make the hacker's efforts less rewarding, and in most cases, stop them entirely.

1 comment:

  1. I completely agree that people need to be using two-factor across all accounts (when possible), but Apple's two-step verification for iCloud is not only not well promoted to users, the process of setting it up is wrought with user friction. When I went to set it up, I was first required to change my password, causing problems across all of my devices. Then Apple mandated a 3-day waiting period to actually enable the two step verification to ensure I was actually the 'account owner.' It's faster to buy a gun in Texas than to set up two-step verification for iCloud. Way to go Apple.