8/10/12

MacMost Now 746: Securing Your iCloud Account

A few simple techniques can help you secure your iCloud account and prevent someone else from gaining access to it. Use secure passwords, set up better security questions and answers, make sure your linked accounts are also secure, and be sure to back up your Mac!

Video Transcript (Click to Expand)
Hi, this is Gary with MacMost Now. On today's episode let's look at ways that you can better secure your iCloud account. So recent news has highlighted the need for securing your iCloud account. There are several very simple things that you could do to improve security. Let's take a look at some tips. First, there is a need for strong passwords. Now in this particular story, the wired reporter having their iCloud account hacked, password strength wasn't a factor. But it is in a lot of different breaking into different accounts. So you want to make sure you have a strong password. For more information about what a strong password is and how to create one go to my special guide that has been there for a while, the MacMost Guide to Online Password Security and check that out there. Now the way the reporter's iCloud account was hacked was that the hacker had the last four digits of his credit card and then used those to confirm ID over the phone to Apple and get the account changed. Now Apple has plugged that hole but what you can do now, of course, is to use security questions. Security questions are things like, for instance, the name of your hometown, or what did you study in college, or what was your first job. These are really easy to guess. Think about how brute force password attacks work. Just the most commonly used passwords are used and applied to all sorts of different accounts. Well, there are tons of dictionary words that can be used in a brute force password attack. But much fewer that can be used to answer these questions. Like, what is your lucky number. How many people have seven or eight or three or something as their lucky number. What is the name of your hometown. Very common hometowns of course are used. So using any of these questions and answering it is NOT a very secure way to protect your account. What is better is to use the What is your secret word question or simply write your own security question, something similar to what is your secret word, and then the answer has completely random words, a completely random phrase. Pick some words out at random from a book for instance and come up with something like "purple bench lamppost" and then put that as your answer. Now no one is going to be able to guess that. The problem with this technique, of course, is that you might forget it as well. So it is important to put it in a secure place like some sort of program like One Password that will securely store those types of passwords or simple write it down on a piece of paper and put it somewhere in your house where you know you can find it but it is not easy for anybody else to find. That way in the future, like three years from now, if you forget your iCloud password you can dig out that piece of paper, know what your secret question is, and use that to restore your account. But no hacker is going to be able to guess it. Now iCloud also let's you set an alternate email address. An email outside of iCloud that you can use if you loose your password. That way they can send a password reset to that other email account. So it is important to realize that your iCloud account is only as secure as that alternate account is. So if that alternate account is an email address on another service, and that password is easily guessable or you have weak security questions there, well then your iCloud account can be compromised just as easily as that other account. So make sure that the other account is very secure as well with good strong passwords and strong security questions and answers. Now if you are using gmail as an alternate account, gmail has a great system called Two Factor Authentication. You turn that on in the account and it makes it much harder for that account to be broken in to. So, using iCloud as your main account, and then having your alternate address as a gmail account, and then the gmail account protected by the Two Factor Authentication makes a good way to set it up. Another important thing, of course, is to have a backup. For the reporter that had a problem, if he had had a backup he could have avoided a lot of grief. So make sure you have a backup. It's not just good for this type of situation, it's also good if your hard drive fails or if your machine gets stolen. All sorts of things. Make sure you have a backup. It is the most important thing. So there you go. To run it down you have to have strong passwords for your iCloud account. You need to have strong security questions and answers. Not just the default ones with common hometown names and favorite color things like that. You need to make sure that any email accounts linked as an alternate email to your iCloud account have similar strong measures, strong passwords, strong security questions, and you want to make sure you have a backup. Hope you found this useful. Until next time this is Gary with MacMost Now.

8 Responses to “MacMost Now 746: Securing Your iCloud Account”

  1. Antrim says:

    Great and valuable tips. The whole security thing is getting much more complicated.

  2. Tony Biegler says:

    After three unsuccessful log-on attempts, websites should block access for 24 hours. It would be difficult for a hacker to guess the right password and security question in just three attempts, and what hacker would want to try day after day after day!

    • True. But you are assuming that it is one hacker trying to access one account from one computer. In reality, a malicious hacker would try accessing thousands of accounts, using thousands of password, from thousands of different computers (zombie bots). If they break into only a few of those, that’s a success. You just want to make sure your account isn’t one of those few.

    • Donald Keys says:

      Tony, that method could also be used against you! A malicious person could know your email address and ON PURPOSE try to enter 3 bad passwords and LOCK YOUR ACCOUNT day after day after day…

      • Typically that only locks out the account from that IP address. So it is something that should be in place. But you shouldn’t rely on it. It is no substitute for a strong password or something like the 2-factor authentication that Google uses.

  3. Dan says:

    I am running Snow Leopard and I do have the choice of creating my own security question. Is this option only in Lion?

    In Snow Leopard I have a choice of maybe 6 different questions to choose from.

    • It shouldn’t matter which OS you are using. Maybe you are looking in the wrong area? Either way, you can always use any question and still give a random set of words as an answer.

  4. Dan says:

    TYPO… Last post. It should read: I do NOT the choice of creating my own…..

Comments Closed.