Apple recently released new iCloud security features that could help keep mobile professionals safe while on the go. The quirks include better iCloud data security, improved iMessage security, and more.
Here's how to use these new iCloud protections.
Protect your digital assets
No one should doubt that the protection of personal or corporate data has become more essential than ever. Apple introduced Lockdown Mode for iCloud in XNUMX, followed by even more protections in December, and most recently the introduction of Free Privacy & Security Sessions in Apple Stores in XNUMX.
The December build of iCloud Privacy Tools includes:
- Advanced Data Protection for iCloud (Free today in select countries).
- iMessage ignition key verification (expected to start later this year).
- Apple ID security keys.
What are they for and how do you use them?
Advanced data protection for iCloud
Which is
Apple has always encrypted some of the information you keep in iCloud to protect it from prying eyes. With the introduction of iOS XNUMX and macOS XNUMX, it has locked things down even more, safeguarding more categories of information and allowing data to be decrypted only on trusted devices. The caveat is that once you set up Advanced Data Protection for iCloud, you also need to set up another restore procedure (device passcode, restore contact, or restore key) in case you lose access to your account, because Apple cannot assist you when to enable protection at this level.
Advanced Data Protection for iCloud encrypts the next auxiliary data sets that are not otherwise protected: device backups, message backups, iCloud Drive, photos, notes, Siri Shortcuts, Safari bookmarks, reminders , voice notes and access codes. These join the XNUMX categories of data that iCloud has always encrypted, including Keychain and Health data.
Mail, Contacts and Calendar are helpless as they must interact with other systems
How to use
iMessage ignition key check
Which is
iMessages between Apple users have always been end-to-end encrypted, which makes message surveillance intercessor attacks really difficult, because without decryption, encrypted messages are gibberish to the brim. when they are decoded. It is not impossible to decode these messages, of course, but it is very complex, expensive, and most people should not worry about being attacked in this way.
But some do. Think journalists, human rights activists, high-value business users, ministers, and others whose communications may be of the utmost importance.
The iMessage ignition key verification is only for those users. It will alert them if you suspect a mail session is being spied on. The feature also gives users the ability to match a contact verification code in person, on FaceTime or through another secure call.
How to use
Details about this feature are not yet out. It can be enabled in System Settings > Password & Security, where a setting will be added.
Apple ID security keys
Which is
Some of the most secure corporate or government entities use hardware security keys to protect services, data or access to critical information. As Computerworld readers are sure to know, this is actual hardware, a dongle, which acts as a key. It essentially has a unique ID and contains a precise digital cryptographic key to open the account. When this type of protection is incorporated, the user must be in possession of the key, be physically connected to the system they want to use, and must enter a password.
This level of protection is now free for iCloud and means that users must have a hardware key and access key to access data protected by their Apple ID. Apple explains it as an optional feature developed particularly for high-value targets that need additional protection against phishing attacks or social engineering.
How does it work
If you enable this feature, two things happen: the first is that every time you access your account, you will need your security key to complete the process; the second is that when you try to set up a new device, you will no longer receive a 2FA code to authorize access; on your site, you will need to use your password. This makes it more secure as it means others can't try to steal from you or use stolen devices to access your account, and it means you won't have to use sometimes insecure SMS messages.
The bad?
If you lose the key, things are going to get weird. (Apple will require you to set up two FIDO certified keys to use this service, the idea is that you keep one in reserve. You can link up to 6 keys to your account.) You also need to enable 2FA on your account and to sign in on devices like the Apple Watch or HomePod, you also need an iPhone or iPad that accepts the key.
In other words, as long as the protection is solid, you should really appreciate using it.
There are other limitations, too: You won't be able to use iCloud for Windows, you won't be able to sign in on older devices, and protection doesn't work with Managed Apple IDs. This last restriction can be a defining factor for any company that depends on managed environments.
- These keys are created in System Settings>Password & Security>Security Keys (Mac) or Settings>Password & Security>Add Security Keys (iOS/iPad OS).
- A dialog appears explaining what these keys do and prompting you to add them. It requires having two compatible keys to configure this protection. If you lose both keys, Apple can't help you regain access to your account.
- If you haven't used any of your devices for ninety days or more, you'll need to sign out of them.
- You will be prompted to plug in each key for configuration.
Apple has a tech note that explains more about using these keys; is free here
Follow me on Mastodon or join me at AppleHolic's bar & grill and Apple Discussion Boards on MeWe.
Copyright © two thousand twenty-three IDG Communications, Inc.