How to stop your iCloud and Apple ID getting hacked

By •

don't get hacked
A good password is just the start of good security.
Photo: 1Password

If you have a lame password, then your iCloud account will eventually get hacked. You might not think a hacker is interested in you, but you’re wrong. The good news is that there are several easy steps you can take to lock your Apple ID down and make it safe.

If you don’t think it’s important, consider this: Your photos, your email, all your browsing history, your credit card information, all of the files you have in iCloud, your contacts, notes, calendars, and all your personal messages will all be open to anyone that hacks your account. Not only that, but you can then be impersonated on social media, so that all your other accounts can be hacked too.

Why would anyone hack you?

This isn't something you want to see if you don't own an iPod Touch.
This isn’t something you want to see if you don’t own an iPod Touch.
Photo: Cult of Mac

Many people think that hackers still target individuals, like in the Selena Gomez Instagram hack. But those attacks are rare. Most hacking is like a trawling expedition, with large botnets (private computers which have themselves been compromised and added to a hacking network) deployed to break into any accounts they can. It works like this: A botnet will use a huge list of email addresses and/or usernames, and then keep trying to log into Gmail, Facebook, Instagram, your Apple account, and so on, using lists of common passwords, names, and dictionary words, as passwords.

This is why you need a good, strong, password. You, as an individual, are of no interest to “hackers.” But as the owner of an easy-to-guess email address, and a weak password, your account can be compromised and then either used, or sold in bulk.

Step one: Choose a good password

1Password is available for Mac, iOS, Android, and even the PC.
1Password is available for Mac, iOS, Android, and even the PC.
Photo: 1Password

Hacked

A bad password is one that is easy to guess. Bad passwords include your dog’s name, your kids’ birthdays, any word found in a dictionary, and common words with obvious substitutions, like ch4rl13. Also bad are common strings of letters and numbers like 123456, password, qwerty, and so on. Here’s a list of the worst passwords of 2016.

Another bad habit is using the same password across multiple services. You know when you read the news “XXX company was hacked, and ten zillion passwords and user IDs were compromised”? If you use the same password for your Apple ID as you do for your email, and for logging in to that forum about dating tips, then you will have to change it every time a service is hacked. The new owners of the stolen passwords will add them to the lists used by their botnets, and your other accounts will be hacked in short order.

In order to choose a secure password, you should let a machine do it for you. Your father, for instance, may like to use his dead dog’s name as a password because “It makes me think of him every time I use it,” but a password is for security, not for triggering emotional reminiscences. You need a password manager app, like 1Password.

1Password for Mac and iOS

There are many password manager apps, but 1Password is my favorite for a few reasons. First, I trust the developer. That’s the most important, and it’s worth doing research and reading privacy policies. Or, I guess, taking the recommendation of someone else you trust. 1Password also syncs across all the devices I use, is rock solid, and has great support.

1Password is a standalone app for generating and saving strong passwords. And I means strong. Here’s one I just generated:

QKFCkN2uqCG&.=H]6RZWpFdn8ZWg7d%vn2N}R]?sN78p/RrK68rq3XAPhcUbat^B

That looks pretty much uncrackable. It is also impossible for a human brain to remember. That’s why password managers integrate with your browser, entering your super-strong passwords for you. All you have to do is remember one password, the one that unlocks the app. And if you’re using an iPhone or iPad with Touch ID, you can use your fingerprint instead.

Price: $Free/$9.99

Download: 1Password from the App Store (iPad and iPhone)

Price: $Free/$69.99

Download: 1Password from the App Store (Mac)

Two-Factor Authentication

The next step is to enable two-factor authentication, or 2FA. 2FA means that you need to have two “factors,” or things, to authenticate yourself. The first is your password. The second is usually a device — in this case your iPhone. Apple’s 2FA works by sending a code to your iPhone whenever you log in. You then enter that code, and you’re done. It’s easy, and pretty seamless, especially given the extra security it adds.

With 2FA, nobody can log into your account unless they have one of your devices, as well as your password. Best of all, 2FA is built in to all recent Apple devices, so the integration really is slick. For instance, when you attempt a new login, you not only get a code sent to your trusted device, but you get a warning, with a map, showing where you’re trying to log in. That’s great for making sure it’s actually you doing the logging-in.

How to set up Two-Factor Authentication for your Apple ID

2FA setup doesn't take long, and offers way better security.
2FA setup doesn’t take long, and offers way better security.
Photo: Apple

To switch on 2FA on iOS, head to Settings, then tap your name on the banner at the top there. Then tap Your Name>Password & Security, and then Two-Factor Authentication. Tap Continue. You will be prompted to enter a trusted phone number (this should probably be your own phone). Apple will then send a verification code to that phone number. Enter that, and you’re all set!

On the Mac, you can find the settings in Apple Menu>System Preferences>iCloud>Account Details, under Security

Be careful, but don’t worry

You don’t have to be paranoid to keep yourself safe from password attacks, but a little bit of paranoia goes a long way. Just be aware that your iCloud ID is gold for hackers, and that you do not have to be a person of interest in order to be a target: You are already a hacking target simply by being on the internet. The trick is to make it hard enough to hack your credentials that it’s not worth anyone’s while. Like locking up a bike. As long as you lock yours up next to a nicer bike with a worse lock, you’ll probably be safe.