We regularly come across stories of people whose cloud accounts have been hacked and their personal data leaked all over the Internet.
Most of these people could never imagine of how easy it would be for their data to be accessed from a web browser and most of the time the reason that they were vulnerable was that they were not following basic rules or thought that hacking could never happen to them.
Use strong passwords
We are sure you have heard that before and we do understand that it is challenging to setup complex password for each of your accounts and then remember them.
However, below you can see an example of how easy it can be to crack a simple password with a brute-force algorithm.
pkserv: 6 random characters (Brute-force - 1 month)
pser69: 6 random characters with numbers (Brute-force - 8 months)
P4Xs@5: 6 random characters with mixed case, symbols and numbers (Brute-force - 220 years)
apples: Common word (Dictionary - 1 minute)
woosaa: Uncommon word (Dictionary - 1 hour)
As you can see complex passwords that contain a combination of upper and lower case letters, numbers and symbols are the most secure.
However, they can be hard to remember. If that is a problem for you, you can try the next best method of having phrases as your password which tend to be long which adds to security but much easier to remember.
For example "mynoseistoosmall" or my nose is too small.
Utilize two factors of authentication
Several services such as Google and Dropbox, offer two-factor authentication, meaning that can set your account to require both a password and an authentication code sent to your phone. If then your password is compromised in some way, you can still be safe.
Unfortunately such security feature is not available on iCloud as yet.
Do not reuse passwords
We know you are tempted but do not be lazy and use a different password for every account. There are far too many incidents that when one account is compromised, all your accounts in popular websites then become compromised. This is so easy to prevent.
Change your passwords
Try to change them as frequently as you can. It can be annoying to change a password once you are comfortable remembering it but you must. Do it at least every 6 months.
Review your personal identifying questions
Do not use answers to questions such as "Your middle name" "Your mother's maiden name" "You first pet's name" "Your favorite teacher's name"as security questions. The answers to these questions can be discovered by asking questions or by finding answers in Google (especially if you are a public person).
If you are not allowed to create your own questions, then answer them in a more creative manner.
Be careful of your alternative email address
If you have a rather secure email address but your recovery email address is an old forgotten email address with a very simple password, one can easily crack the less secure account and change the password to your secure account, locking you out.
Be careful of which apps you enable
Although Find my iPhone is a great service from Apple to locate your iPhone, iPad or Mac when it is lost or stolen, if you iCloud password is compromised one may remotely erase you iPhone, iPad or Mac.
Set your phone to wipe data if too many access attempts are made
There is such option in your iPhone where you can set it to erase all data if the are 10 consecutive unsuccessful attempts to gain access to the device. Although it is drastic it will keep your data safe from opportunistic thieves.
Be wary of what is stored on your iCloud account
It may be the case that your iCloud account stores backups of your iPhone that contain images and emails that you thought you had deleted. Check the iCloud settings so as to ensure you are comfortable with what is being backed up.
At Computer Being Ltd we can offer you a full security assessment for yourself and your company.