Published on the 18/02/2015 | Written by Mark Webster
Everyone wants to feel secure and even the idea that someone might be snooping on electronic devices is unsettling. Mark Webster looks at security for Apple…
Security is a double-edged sword: at the same time as wanting everything to be more secure, we don’t want to do all that much about it once it’s been set up, especially when our passwords and codes get lost, confused or we just get heartily sick of typing them in all the time. The thumb-scanner (Touch ID) on iPhones and iPads helps; that’s at least one four-digit code you don’t have to repeatedly type in. But Apple keeps ramping up security. Back in the good old days (for us – not so good for Apple) there was almost no security requirement on Macs. Since Mac OS X came out, in 2001, Mac users have been virtually untroubled by viruses and malware. This was partly from intrinsically secure routines built into the OS which are constantly being updated, and partly because a Mac loads Unix, a rather old OS written in the 1970s, then the rich graphic-laden OS X loads up on top of that. Effectively, you have two systems to crack, one rather simple and with a limited syntax, and one very complex. Only fairly late in the piece did most of us even think about entering a code to unlock our Macs on wake. Even now, I only turn that feature on when I’m travelling. The first iPhones and iPads were similarly almost free of anything but the most basic security, should we bother to turn it on. Largely this was because, as new systems, it took a while for malware developers to work them out. But boy, have those times changed. It’s partly due to Apple’s success – the old saw, directed at us by PC users, was that Apple was ‘too small to be a target’. That couldn’t be less true anymore. Once upon a time, you could meet people who hadn’t heard of Apple. That’s a virtual impossibility now. As a result, Apple has had to spend a considerable amount of energy making its devices more secure. This was also part of its new romance with ‘enterprise’, at one time the commercial sector most leery of Apple as a product. This perception steadily got broken down, not only by people’s insistence they were going to use Apple devices in those environments come hell or high water, and damn the corporate policies, but also because Apple applied itself to altering that perception. However, it has all led to a massive headache for users. How many passwords can a normal person actually remember? If you write them down, that’s hardly secure, is it? Anyone stealing devices is probably well aware there might be a password list in the top draw. I mean, you don’t want to lose your list, do you? And it has to be handy. Those in corporate environments, at least if they’re using company phones, are probably used to changing passwords regularly, but their IT departments get the same complaints I do: forgotten passwords, or worse, consistently miss-typed ones that lock you out of the system. One solution is a password app that locks every other password up within. A kind of virtual vault. However, I’m too scared to use this – what if I forget that password or mess it up? That’s goodbye to all my passwords… Apple has now been criticised for being too secure. The National Security Agency and the US law enforcement agencies have expressed concern the iPhone is now so secure, the equipment “disrupts their investigative abilities”. Well, that certainly makes me feel safe. Added to this rising addition of passwords to all sorts of facets of our digital lives was the rise of the ever-more-complex password requirements. Typically, Apple ID passwords have to have at least eight characters, at least one capital and at least one number, making passwords like ‘boris1’ ever more impossible, for all the best reasons, of course. And we’re getting two-step verification – one of the banks I have an account with texts me a number every time I want to make a transaction. Until I type this code in online, nothing happens – and I’ve already signed into the account in the first place. Facebook and even YouTube are getting more and more serious about protection and security, and even WordPress offers two-step verification. Does this make me feel more secure? Yes. Does it add to the weight of things I have to remember to get anything done? Yes. And that’s my news: Apple started offering two-step verification to its accounts in 2013, but this additional security feature for your Apple ID, which protects your iCloud dealings, iTunes, iBooks and app purchases and your contacts, schedule and (Apple) Mail account, has just been extended. Even if someone that’s not you learns your password, since two-step requires you to verify your identity using one of your other devices, you’re a whole lot safer again. Now two-step authentication has been made available for those iMessage and FaceTime users who already use two-step verification for their Apple ID. From 13th February, users will also be prompted for an app-specific password when they sign in to iMessage or FaceTime, or when they edit their iMessage or FaceTime contact information, or when they sign out and then sign back in to iMessage or FaceTime. Also, you can add app-specific passwords. This feature of two-step verification for Apple ID allows you to sign in to your account securely when using other apps that don’t natively support two-step verification. Instead, you can use an app-specific password to sign in to your account. This ensures your primary Apple ID password cannot be collected or stored by any third-party apps you might use. Apple has posted information about this. Good luck!
Mark Webster is an independent writer of Apple Mac and iOS/iDevice news and reviews for Australia and New Zealand, covering Apple Mac and iDevice (iPad, iPhone, iPod touch) hardware and software and accessories. His guest blog posts make it easy to find the most up-to-date news and information on Apple products and software.