With high-profile data hacks regularly hitting the headlines, you might be wondering what you can do to keep your own data safe. The answer, as it turns out, is quite a lot. We’ve previously covered how to protect your Facebook, Google, and other accounts. Now it’s Apple’s turn.
If you’re an Apple fan, you probably have an iCloud account and several devices filled with your personal information. Here’s how to protect that data as securely as possible.
Apple security basics
You should be putting up strong barriers at every door into your Apple world. That means a long, unique password on your MacBook, a lengthy PIN or fingerprint protection on your iPhone, and a long, unique password for your iCloud account. Passwords should contain a mix of lowercase and uppercase letters, plus special characters and numbers, to make them as difficult to crack as possible. (And no, “Passw0rd!” isn’t good enough.) Don’t base your passwords on your address, birthday, or pet’s name—a savvy attacker might research this information in order to get past your defenses.
Avoid using the same password for both your local Mac and iCloud. That way, even if one gets cracked, the other still has some protection in place. In fact, Apple now prevents users from setting up matching passwords on both macOS Sierra and iCloud, forcing you to use two different ones for this very reason.
One of your best defenses is using common sense. Hackers often trick people into revealing their login details, rather than running any sophisticated brute force attack. Be suspicious of links in emails and on social media that immediately ask you to log in with your Apple ID credentials.
When it comes to security, Apple is your best ally. The company continues to take security very seriously (though that’s not a reason to get complacent). Both macOS and iOS encrypt data by default, which means nothing can be pulled from your iPhone or MacBook without the right password or PIN code.
Add two-factor protection
Apple accounts can now be better protected with two-factor authentication. This feature, which most major online accounts offer, means that entering your account will require an extra code, besides your username and password.
In the case of Apple’s two-factor authentication, attempting to log in will trigger a message to your phone number or a code to display on another device associated with your Apple ID. For example, if you’re setting up a new iPhone, you’ll see the code displayed on your existing MacBook.
To turn on two-factor authentication in iOS, tap your name at the top of the front screen in Settings, then choose Password & Security to find the two-factor authentication option. On macOS, head to System Preferences from the Apple menu, then click iCloud Account Details and Security to find the feature.
Once you’ve logged into a device with your Apple ID, password, and two-factor code, that device is marked as trusted, which means you won’t need to log in using two-factor again. It’s therefore important that you do have passwords, PIN codes, and fingerprint protection on your computers and phones to prevent unauthorized access.
Manage Apple security in your web browser
To configure the different parts of your security setup, open your Apple ID account page in a web browser. Make sure your registered email addresses and your trusted phone numbers are up to date and secure, because you might need them if you should ever lose access to your account.
Under the Devices heading, you can see the iPhones, iPads, and computers associated with your account. Use this opportunity to remove any devices you no longer use or don’t recognize. It’s a good idea to check through this list fairly regularly, just in case your account has been compromised or you’ve been signed in somewhere you shouldn’t be.
Any web browser on any computer will also let you access the iCloud suite of web apps and services. If you’re on a public computer or a machine you share with others, just be sure to sign out after you’ve finished. Some browsers may ask to remember your password. You can allow this on your personal computer, but in that case, make sure that something else will prevent a guest from accessing the browser. For example, you can set up a user account password for getting into the operating system.
Head to Settings on iCloud.com, and you can reach the same Apple ID account page we looked at earlier to get another overview of the devices linked with your Apple ID. At the foot of the page is an option to sign out of all browsers. Click on this to make sure no one’s using iCloud with any other web browser except the one you have open.
Other security tips
The app stores that Apple has built into iOS and macOS do a very good job of keeping you safe from dangerous software and viruses. On your phone, you shouldn’t have to install anything from outside the iOS App Store. On your computer, however, you may need to venture outside the walls of the macOS App Store every now and again. If you do, read user reviews and web write-ups to double-check on any program you install.
When it comes to security, you definitely want to hope for the best but plan for the worst. So take the time now to consider what you’ll do if, despite all your precautions, your devices get exposed. We recommend turning on the Find My iPhone feature on your phone (tap your name then iCloud in Settings to find it). This lets you locate and remotely wipe your iPhone or iPad from the web if it falls into the wrong hands.
Macs have a similar option, accessible via iCloud in System Preferences. Log into iCloud on the web, and you can see where your Mac computer is, as well as lock or erase it remotely. If you’ve simply lost your devices, then this feature can also get them to play a sound.
Meanwhile, if you’ve gone all in with your Apple products and got yourself an Apple Watch, you can use this as a secure way to unlock macOS, saving you the trouble of typing out a password each time. To set up the feature, head to the General tab under Security & Privacy in the System Preferences on your Mac.
Online security has never been more important. For more information, check out our guide to protecting all your accounts.