Even if the most risqué photo on your iPhone is a cat cleaning itself the recent theft of nude photos from 100 of Hollywood’s hottest stars will affect you and your iCloud account.
The initial report suggested that iCloud had in fact been hacked but Apple has since announced that the attack was “specific” and “targeted” and not a breach of iCloud security. But the measures they took to make sure it cannot happen again will affect you and that photo of the obsessively clean cat.
But more about that later.
As part of iCloud, Apple introduced Photostream, a service that automatically syncs your photos between your iPad, your iPhone and your desktop via the Internet. A very convenient way of keeping your albums in sync but at the time people were cautious and a little unnerved that their iPhone (which often lends itself to “those kinds of photos” was posting these into the cloud. It was argued that while security was one thing, these photos quietly appearing on your desktop Mac for your mum to find was a bit of a worry.
But as time moved on people accepted, and even wished for, this service to keep their snaps in check and for those that enjoyed taking nude selfies- a little more care needed and often exercised.
For my part I will continue to use iCloud as I don’t believe it is any less secure than google drive, one drive or Dropbox but the attack has exposed the fact that Apple did allow you to try your password over and over again before giving up and having it reset.
It was this policy that allowed the hacker to perform a brute force attack on these specific accounts until the weak password was guessed.
Indeed it is worth noting it was the weakness of the password and NOT iCloud security that allowed this theft to take place.
However, in the light of this recent attack Apple have changed this policy and from now on you’ll get three goes and then you’ll be locked out.
This is where we come in.
I see clients struggle with their iCloud password a dozen times a week and so this latest change has brought into sharp focus two things. First, the need for a good password and second, a sure fire way to remember it and recall it.
If you believe your password needs to be changed to something a little more secure you can do it using this method.
Your iCloud password should be more than 8 characters long, contain numbers and a capital letter. I think it is a good idea to add a dash between words or letters as well. For example: Saw-odd-has-p00 is pretty good.
I would also recommend that you set up 2 step verification to protect you even further.
As for recording and recalling it, I think our old friend 1password is the only way to do this properly.
1 comment
Rennie
Thanks for injecting a little bit of sanity and calm into this issue.
Best
Rog