The MacDoctor had mentioned on twitter how we'd seen an increase in hacked and compromised iCloud, email and other online accounts amongst clients new and old. Online security is of increasing importance as we devote more and more of our time, money, energies and details to the big server in the sky. Password security is something we'll come back to in a following post, but we wanted to concentrate on tools Apple provide to secure your iCloud accounts and Apple iD's (ITunes accounts).
More and more online services are rolling out the means to secure your online accounts and Apple is one of the latest, allowing you two add 2-step verification to your iCloud and or Apple ID. Your iCloud account and Apple ID (iTunes account) may be one and the same - email@example.com. Or they might be separate - firstname.lastname@example.org and email@example.com. So you either have one or two accounts to apply 2-step verification to.
Two Step Verification is a security system that relies on... well, two things - something you know and something you have. The something you know is your password. And the something you have is going to be either your mobile phone or iOS device like an iPhone, iPod or iPad. The idea is that the first time you try to access your account from a new device - computer, iOS device, AppleTV or online - the security system will ask for your password followed by a code which the server will send to your nominated devices, probably your phone. Now it becomes simple to see if and when someone is trying to access your account and effectively block them out unless, that is, it's you.
It's fairly simple to set up and Apple's Support Document is a good place to start understanding the implications and requirements. It might seem scary at first but it's fairly straight forward to implement and once done should give you piece of mind. So take the time and protect yourself and your accounts.
Once you've locked down your Apple accounts and feel flushed with success, you can move on to implement 2-step verification for other accounts like Gmail, Evernote, Dropbox etc. There's a further step involved with these services as you need to setup and grant separate apps that tie into those services permission to access the accounts via separately generated passwords. Again, it sounds very confusing but makes a lot more sense once you start to get your hands dirty.
But look, if you like the idea of securing your online world but can't face the headaches involved then we're right here and happy to help, so get in touch.
More security themed blog posts to follow. Stay secure. Best, @themacdoctor.