From a security standpoint, Apple customers are in good hands from the start. The company enforces several security layers by default to make sure users don’t have their account and data compromised. But there’s only so much Apple can do. Customers shoulder the responsibility of securing their account by properly configuring a number of key settings. Today we look at five easy configuration settings that help keep your Apple account safe from bad actors.
Upon creating your account, Apple prompts users to set a strong password and to accept two-factor authentication as the means to confirm it’s you using that specific account and not someone else.
A strong password must include eight or more characters and use upper and lowercase letters, and at least one number. You can increase the character count to make your password even harder to guess. If you already have an account with Apple but you think your password may be weak, consider upgrading it soon.
If you don't remember your password, to you can reset it here. Remember that once you do that, you’ll have to update your Apple ID and password in each service that you’re signed in to. You can also generate a recovery keyand use it to help reset your password.
Two-factor authentication (2FA) ensures that you’re the only person who can access your account – even if someone else knows your password. Apple does this by asking you to verify your identity with a six-digit code sent to a device you deemed trustworthy. This code is displayed automatically on your device or sent to a phone number you trust. To log in, just enter the code to sign in and access your account on the new device.
When you create an Apple account, don’t skip this step. Configure 2FA properly and make sure you designate a trusty secondary device that you can always rely on to confirm your identity.
2FA is different than Apple’s older two-step verification feature. Built directly into iOS, macOS, tvOS, watchOS, and Apple’s web sites, 2FA uses different methods to trust devices and deliver verification codes. Certain features that require improved security will mandate that you enable and use two-factor authentication. Use this link to learn how to switch to 2FA.
As an added benefit, 2FA also eliminates the need for security questions.
Two-factor authentication is enforced for new Apple IDs created on iOS 10.3 or later and macOS 10.12.4 or later. If your devices can’t do iOS 9 or later, or OS X El Capitan or later, you can set up two-step verification for your Apple ID instead.
It’s never a good idea to use your Apple ID password with other online accounts. In case of a data breach, bad actors can match your Apple ID and password and try to use them to take over your account (that’s why 2FA is crucial). However, even if you have enabled 2FA, it’s still advisable to use app-specific passwords when you use third-party apps with your Apple ID. These passwords maintain a high level of security and help ensure the password associated with your Apple account won’t be collected or stored by any third-party apps you use.
To generate an app-specific password:
· Sign in to your Apple account
· In the Security section, find the area that says ‘App-Specific Passwords’ and click Generate Password
· Follow the steps provided by Apple
· With your app-specific password in hand, enter or paste it into the password field of the app
Learn how to use app-specific passwords here.
Your Apple ID works with the App Store, iCloud, FaceTime and more. More recently, it also works with various ‘participating’ online stores and websites, through the “Sign in with Apple” feature.
In short, it lets you set up an account using your Apple ID without having to create a new social media account, fill out forms, or choose another new password. The first time you sign in, just like with 2FA, you’ll be prompted for a verification code from your trusted Apple device or phone number. After that, it's just simple fingerprint/passcode signing in.
To manage apps and websites that use your Apple ID to log you in, visit https://appleid.apple.com/account/manage, scroll down to the Security section and choose Manage apps & websites under Sign in with Apple. Remove any apps or services you no longer use or don’t want associated with your Apple ID anymore.
If you suspect your Apple ID and password have been compromised, there are various steps you can take to regain control of your account. Generally, you’ll want to try to sign in to your Apple account. If you can sign in, change your password immediately and make sure 2FA is enabled.
If you can't sign in or you receive a message that the account is locked, you might have to reset or unlock your account.
Review all personal and security information in your account and update any information that isn't correct or that you don’t recognize.
Make sure that you control every email address associated with your Apple ID. Remove any address you no longer use or that may have been compromised. If you abandon an email address or phone number associated with your Apple ID, update your account with the latest changes as soon as possible.
Most Yahoo email addresses got compromised in the largest data breach still on record today. If you plan to keep using your Yahoo! email with your Apple account, be sure to revisit your Yahoo! security settings, set a strong password and enable 2FA.
If you receive a suspicious email that claims to be from Apple, forward it to [email protected]. Other scams that typically target Apple account owners include:
· malicious pop-ups and ads that claim your device has security problems
· voicemails that impersonate Apple Support
· unsolicited Calendar invitations and subscriptions
As a rule of thumb, you should never provide your password, answers to your security questions, verification codes, recovery key, or any other account security details to anyone asking for them, even if the request might seem legit at first glance. Take your time and investigate what's happening. Apple – and companies in general – will never ask you to supply this information via email, SMS or phone.
And, as always…
Bitdefender Total Security offers unbeatable threat detection to stop Mac-centric malware. Multi-layer ransomware protection keeps your files safe and VPN secures your online privacy. Parents can use a range of advanced parental controls to keep their kids safe online, while the impact on your system performance is minimal.
Bitdefender Mobile Security for iPhone offers full protection against mobile-specific threats, plus a secure VPN for a fast, anonymous and safe experience while surfing the web. It helps you secure your passwords, private data and financial information, and instantly alerts you whenever an incident is detected and prevented.
Bitdefender Digital Identity Protection enables you to check your online accounts against data breaches, find your private information online in legal and illegal collections of data, detect your social media impersonators and more.
Stay safe out there!
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsNovember 14, 2024
September 06, 2024