How to . . . secure your iCloud account

Apple has rubbished claims that hackers can access your account, but it’s still good to tighten your security

Reusing the same password on multiple accounts is a big no-no when it comes to security. Photograph: iStock

Reusing the same password on multiple accounts is a big no-no when it comes to security. Photograph: iStock


Have you heard the claims from a hacking group that they have details of more than 200 million iCloud accounts?

If they don’t get a ransom within a few days, the story goes, they’ll wipe the iCloud accounts, and possibly the Apple devices associated with them.

It’s not clear how true the claims are. Apple has already rubbished reports that its service has been in any way compromised, but that doesn’t mean you shouldn’t take precautions. In fact, now is a good time to have a look at your account’s security and make a few changes.

Check your password strength:

Consider changing your password. The basic logic for choosing one is: easy for you to remember, hard for others to guess. Steer clear of obvious passwords, such as your date of birth, your child’s name, and so on.

If you use the bare minimum for passwords using all lowercase letters, you are putting your information at risk. The longer and more complex your password is, the harder it is to guess. You could use a sentence or phrase as a password, and swap some letters out for numbers, add a capital letter and a symbol.

Most online services will force you to have a password that is a mix of numbers and letters; others take it a step further and insist on a capital letter or two, or possibly a symbol.

You could also use a password manager such as Dashlane, or 1Password to help create strong passwords and also give you somewhere to store them. That comes with its own risks – storing all your passwords with one service – but at the very least it will help you get in the habit of creating stronger passwords to protect yourself.

And while we’re at it, reusing the same password on multiple accounts is a big no-no when it comes to security. If your details for one site are compromised, the rest of your services are at risk.

Enable two-factor authentication:

The easiest way to keep someone out of your accounts is to bring in an extra layer of security through two-factor authentication. Apple brought two-factor authentication in to iOS 9 and El Capitan in 2015; prior to that it offered two-step verification, a slightly older technology, in use since 2013.

Two-step verification uses four-digit codes sent to your trusted numbers and has a recovery key that you need to note down and keep safe in case you get locked out of your accounts. Two-factor authentication is recommended for those who have iOS devices running iOS 9 or later, or OS X El Capitan or later; two-step verification is good for devices that are earlier than this and cannot be upgraded.

Regardless of the method, once you’ve enabled two-factor security, you’ll have to have access to your nominated mobile number or device, or you’ll be unable to log into your account.

How it works: once you enable two-factor authentication, you’ll have to provide a code to log in to your account for the first time on new devices. On new browsers, you can opt not be asked for the code after the initial log in, but that’s not recommended if you share a device, or use a public PC. No code means no access, keeping unauthorised users out.

To enable two-factor authentication through your iPhone or iPad running iOS 9 or later:

Open Settings>iCloud and select your Apple ID at the top of the screen. Select Password and security. Tap Two-factor authentication to turn it on. You’ll be prompted to set a password.

To enable it on your Mac with OS X El Capitan or later:

Go to Apple menu >System Preferences >iCloud >Account Details. Click Security, then turn on Two-Factor Authentication.