Apple reenforces iCloud after celebrity debacle

Apple tightens security with two-factor authentication, but only if users turn it on.

Apple has offered two-factor authentication for a while, although its iCloud storage service has remained curiously unprotected. In the wake of some furor surrounding the service's security, Apple's two-factor authentication now applies to iCloud as well — if, and only if, you activate it.

Ars Technica put the new two-factor authentication through its paces. As recently as last week, anyone with an Apple username and password could access a user's iCloud storage, which backs up documents and photos from iPhones and iPads by default. Apple passwords are not terribly difficult to acquire; software like the Elcomsoft Phone Password Breaker (intended for legitimate password recovery) can usually do the trick.

After activating two-factor authentication on iCloud, the Ars Technica researchers found that they received an unspecified HTTP request error when trying to download backups with Elcomsoft. Two-factor authentication will also protect against those who try to access your iCloud account directly — if they've come across your password from a data breach, for example.

In case you've never used two-factor authentication, it's a simple idea that can thwart just about any kind of online account compromise. Instead of logging in with a simple username and password, the service in question will also send a unique code to your phone or another e-mail address. Unless a malefactor also has your phone or email login details in his or her possession, your data remains safely yours.

There's only one problem: as two-factor authentication is an optional process, most iCloud users are still unprotected. Not only does this leave their data potentially unprotected, but also opens up another potential catastrophe: If an unauthorized user activates two-factor authentication, that effectively locks the legitimate owner out of his or her account.

If you use iCloud, consider activating two-factor authentication by following the instructions on Apple's website.Alternatively, back up your data manually rather than automatically syncing it to iCloud. The process is more cumbersome, but also less prone to intrusion.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.