Your Apple iCloud account may be open to attacks.
Maybe the London-based hacker group -- which goes by the name "Turkish Crime Family" -- doesn't have access to 250-million Apple iCloud account names and passwords. But they do have access to some indeterminate number of accounts, and that's more than enough reason to exercise caution: Protect your iCloud password and data today or risk losing it tomorrow.
Here's how to do it.
Back up vulnerable data
First, you need to back up your iCloud data. Yes, I know Apple's idea was you could use iCloud to back up your Apple device data, and that's fine, but it's iCloud itself we're worried about today.
For your iPhone, iPad, or iPod, the easiest way to do this is to back up your device's files to your Mac or PC with an iTunes backup.
Backing up your Apple device locally, and not just to iCloud, is a good idea.
The only problem here is that iTunes doesn't back everything up. For example, it won't back up your Apple Pay information and settings, photos already on iCloud, or purchased iTunes and App Stores content.
So, to be safe, you really must change and secure your password.
Change your passwords
Apple could help here -- and not just by paying off the Turkish Crime Family. Other major sites -- like Amazon, Netflix, and LinkedIn -- buy cracked password lists, and use one-way hashing matches to check for existing passwords. They then reset vulnerable passwords and ask users to switch passwords. Apple hasn't done that, but it should consider doing it, given just how large the threat appears to be.
Since Apple isn't doing this, it's up to you.
One thing that has always annoyed me is that Apple talks as if your Apple ID and iCloud ID are different. They're not. They're the same, and they use the same password.
To change your Apple ID password, sign in to your Apple ID account page with any web browser and follow the instructions to reset your password. I changed mine using Google Chrome from a Mint Linux system.
Your new Apple ID password must contain at least eight characters, a number, an uppercase letter, and a lowercase letter. You also can't use spaces, the same character three times in a row, your Apple ID, or a password you've used in the last year.
Whatever you do, do NOT use dumb passwords such as "abcdefgh," "qwerty," or "password." The easiest way to create a secure password that won't try your memory is to use passphrases instead of passwords.
Instead of working your nerves into a frenzy trying to memorize what the cat wrote when he jumped on the keyboard (e.g. "sdf9usdf"), use an easy-to-remember but nonsensical phrase instead. For example, "Plump/Trotting Pups:" or "UNC?Win!Duke?Lose!" or "AC!DC!Tesla!Edison?" These are easy to recall and hard for crackers to break.
Once you've changed your password, you'll need to change it on all your Apple devices.
Then, you're going to want to add another layer of protection: Two-factor authentication (2FA).
2FA
Apple's 2FA is clunky, but it still does a great job of protecting your account.
For additional protection, turn on Apple's two-factor authentication.
When you activate 2FA, you can access your account only from trusted devices such as your iPhone, iPad, or Mac. When you want to sign in to a new device for the first time, you'll need to provide two pieces of information. These are your Apple ID password and the six-digit verification code that's automatically displayed on your trusted devices.
To use Apple 2FA, you'll also need a trusted phone number so you can receive verification codes. To add a trusted phone number, take the following steps:
Now, you're ready for 2FA. For a trusted device, you need an iPhone, iPad, or iPod touch with iOS 9 and later, or you need a Mac running OS X El Capitan or later that you've already signed into with 2FA.
To turn on Apple 2FA, take the following steps.
On your iPhone, iPad, or iPod touch with iOS 9 or later:
On your Mac with OS X El Capitan or later:
Yes, this can be a lot of work. On the other hand, how much work would it take you to replace your important photos, music, books, or documents if your Apple iCloud account goes up in smoke? Take the time, do it now. You'll be glad you did.
Related stories: