While Apple investigates if its iCloud was responsible for the massive leak of naked celebrity photos, here’s our guide to how two-factor authentication can stop these hacks happening to you.
Although it isn’t yet clear how the hack and subsequent leak of photos of Jennifer Lawrence and others took place, Apple (and other companies like Facebook, Twitter and Google) offer a simple security process which will almost always thwart such an attack on your personal data.
Two-factor authentication (or two-step verification, as Apple calls it) is a system whereby a potential hacker would require more than your email address (or username) and password to access your account. Once set up, the system will send a text message to a device you have designated as ‘trusted’ - such as your iPhone - every time someone tries to log into your account from a device which is not yours, or when you set up a new phone, tablet or laptop.
The text message contains a unique 4-digit PIN which you need to enter, as well as your password, to access your account. The PIN is different every time you log in from a new device, so a used PIN will not work if it's stolen by a potential hacker.
Facebook and Twitter also offer two-step authentication, where a new and temporary password is sent to your phone every time you log into either service from an unrecognised device.
Security expert Graham Cluley blogged this week: “Unfortunately, Apple although has had 2FA since early last year, it has been slow to bring it to iCloud accounts. It would be great to see Apple make such protection mandatory, rather than an opt-in choice for the few who even know about it...In my mind, the lack of two-factor authentication is likely to have played a critical part in this security breach….No doubt there will be more to learn about this case in the coming weeks."
Learn more about how to set up two-factor authentication at these links:
By default, your iPhone and iPad syncs every photograph you take to your iCloud account on Apple’s server. That way your photos can be accessed quickly from a new iPhone, or from your computer.
Even if the photos are deleted from your iPhone, a hacker who breaks into your iCloud account may still be able to find them. To stop photos syncing to iCloud, go to the Settings app on your iPhone or iPad, then to iCloud and then Photos. Here you can stop photos from syncing.
Additionally, you can log into iCloud on your computer and delete the photos stored on it - remember, these might not be on your phone anymore, but remain on iCloud until you delete them.