Get to Know the New iCloud Security Requirements

03 October, 2017, by Gregory Wang

Quite a long time people used iCloud to use email or calendar, and work with applications not directly connected to Apple. Most of them did not even protect their accounts to get two-factor authentication (2FA). Now the situation is aggravated, and on June 15 this year such operations like syncing will be banned – the company has new requirements for the iCloud security system. New security requirements mean creating unique passwords for all programs or applications not created by Apple to work with iCloud. Among them, you can find Thunderbird, BusyContacts, Fantastical, and many other applications and online services.

It seems that with the new Apple security requirements nothing is scary now. But this is only at first glance, in fact, this modification does not protect against unauthorized access, including intruders. Whether the company will be able to reach the highest level of security remains unknown.

Main Weapon of Apple’s Security System

Apple uses its unique system of password encryption and protection of user accounts. 2FA, or two-factor authentication, is a very reliable technique that allows you to block access to your account for the others. Unfortunately, the number of hacked accounts is increasing every day, and the developers of any operating system continue to look for solutions to this problem, and especially this concerns Apple and its iOS.

Usually, when you sign in to an account, you need a username and password. But it has its own peculiarities, for example, if you log into your account from someone else’s computer (another IP address) or in another location, Gmail will send you a warning or completely access deny.

To protect your account, you need not only to come up with a complicated password but also provide other ways to confirm your password. It can be a fingerprint, personal information, an answer to a personal question, and so on. But even in case you follow all instructions, you are not protected from intruders. Many use such a technique as SMS-confirmation. “After all, who else will get the code on the phone, except me?” The trick is that your phone can be intercepted, or a phone number can be transferred to another device.

Is there any way out? Well, Apple suggests using 2FA while working with iOS, iCloud.com, macOS, iTunes and other Apple services. This means creating a specific password for each application. However, 2FA is not suitable for any third-party software.

An interesting alternative provided by Apple is OAuth. This standard allows users to open access to their personal data (photos, videos, contact lists) stored on one site to third-party services without the need to log in.

What is OAuth and How Does It Work?

OAuth is a brand-new open authorization standard used by such well-known websites as Google, Twitter, and Facebook. The users have understood the benefit of using this standard – a limited access to personal data for third parties. Such an original exchange of information is very convenient and seems to be safe since third parties do not recognize your password, but only can use the particular data.

But even OAuth has problems with the protection of the accounts. As a personal data protector, it needs to be modified to the point of providing maximum protection to iCloud users, and Apple developers still have to work on it.