Apple users have for many years operated under the assumption that using a Mac, iPhone or iPad made you less of a target to cybercriminals. Or that they are more secure because of the technical underpinnings of Apple’s software. But cybercriminals no longer hack computers. They hack people. That means taking steps to protect your user accounts.
If you join a retailer’s loyalty program and they are hacked, your username and password could be stolen. And if you used the same log-in credentials with other stores or services, then they are also vulnerable.
When a password or some other user credential is shared across services, it makes life much easier for criminals.
The good news is that Apple’s main operating platforms, macOS, iOS and iPadOS, come with tools help protect your user accounts. This can minimise the risk of one stolen account leading to a catastrophe.
As individuals, we all have a role in making life as difficult as possible for criminals. Just as we don’t share our house keys with strangers or leave windows open, we can protect our online presence. Strong door locks might not stop every criminal but they act as a strong deterrent to opportunistic thieves.
Following these simple steps means you won’t be an easy target.
1 – Hide My Email
If you use any of Apple’s online services, like the App Store, then you have an Apple account. If you also have an iCloud+ account then you’ll also have access to Apple’s Hide My Email service.
Hide My Email generates unique, random email addresses that automatically forward to your personal email inbox.
For example, let’s say the email address you use with your Apple account is smartguy@cyber-shack.com. When you create an account with an online service, your device will usually fill the email address in for you.
But, at the bottom of the list of your email addresses, you’ll see an option for Hide My Email.
Hide My Email creates a unique email address that forwards automatically to your main email address. If the Hide My Email address is stolen, the only service that can be compromised is the one associated with that address.
2 – Passwords
You can make life hard for criminals by using a strong, unique password with every online account you have. The challenge is that there are only so many passwords we can remember. Depending on whose research you believe, we each have an average of about 100 online accounts. That’s a lot of passwords to remember.
Apple’s Passwords app makes it easy to create and use a unique password so you can protect your user account.
When you create an online account, your Mac, iPad or iPhone will prompt you to create a unique password. That password will be saved in an encrypted digital vault that is securely synchronised across all your devices. The only way that vault can be used is by providing your device’s master password, FaceID or TouchID.
The iCloud app for Windows will sync passwords so your passwords will work there as well.
The password will be filled in for you once you provide your device’s password, FaceID or TouchID when you use that site.
If a user account with a unique passwords is breached, you only have to change your password in one place.
3 – Passkeys
haveibeenpwned.com currently says over 15 billion user accounts have been stopped up by criminals. This is why experts have been looking for ways to reduce our reliance on traditional username and password combinations. One of those tools is a passkey.
Passkeys are cryptographic keys (think of them as being like a secret handshake between two computers) that change every time they are used. If a passkey is intercepted it can’t be reused as it’s a one-time only handshake.
Apple’s Sign in with Apple service uses passkeys to log you into online services. Instead of using a username/password combination, you use your device’s password, FaceID or TouchID to verify your identity. The other party does not receive your biometric data or device password. They get a cryptographic key that’s created by using both your unique device data and unique information created on a special computer chip in Macs, iPhones and iPads.
As well as being more secure, passkeys are easier to use as there’s no need to enter a username or password. In practical terms, the only way a criminals can break into a passkey-protected account is stealing your device and being able to duplicate your biometric information or if they know your device’s passcode.
4 – Multi-factor Authentication
The problem of usernames and password being stolen will not go away. It will take many years for all the systems that rely on a security measure designed in the 1960s to be replaced with more secure options. But, until then, many systems have been updated to add another way of proving who we are.
Muti-factor or two-factor authentication adds a further piece of information to prove who you are. For example, once you enter a username and password, you might be prompted to price a code that’s sent to you via text or generated in an app.
That extra piece of information, or factor, is generated on or sent to a device that belongs to you.
While there have been some cyberattacks that have thwarted multi-factor authentication, it remains a far better option than a username/password combination.
Anthony is the founder of Australian Apple News. He is a long-time Apple user and former editor of Australian Macworld. He has contributed to many technology magazines and newspapers as well as appearing regularly on radio and occasionally on TV.