“Apple Inc. said it plans additional steps to keep hackers out of user accounts, but denied that a lax attitude toward security had allowed intruders to post nude photos of celebrities on the Internet,” Daisuke Wakabayashi reports for The Wall Street Journal. “In his first interview on the subject, Apple Chief Executive Tim Cook said celebrities’ iCloud accounts were compromised when hackers correctly answered security questions to obtain their passwords, or when they were victimized by a phishing scam to obtain user IDs and passwords. He said none of the Apple IDs and passwords leaked from the company’s servers. To make such leaks less likely, Mr. Cook said Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time. Until now, users got an email when someone tried to change a password or log in for the first time from an unknown Apple device; there were no notifications for restoring iCloud data.”
“He said Apple could have done more to make people aware of the dangers of hackers trying to target their accounts or the importance of creating stronger and safer passwords,” Wakabayashi reports. “‘When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,’ he said. ‘I think we have a responsibility to ratchet that up. That’s not really an engineering thing.'”
“He also said that Apple will broaden its use of an enhanced security system known as ‘two-factor authentication,’ which requires a user, or a hacker, to have two of three things to access an account: a password, a separate four-digit one-time code, or a long access key given to the user when they signed up for the service,” Wakabayashi reports. “As part of the next version of its iOS mobile-operating system, due out later this month, the feature will also cover access to iCloud accounts from a mobile device.”
Read more in the full article here.
MacDailyNews Note: Use two-step verification for Apple ID to keep your personal information as secure as possible. More info here.
Always use unique passwords, do not reuse passwords for different services, and use Apple’s Keychain Access and iCloud Keychain to create and manage them. When used properly, this system works like a dream.