Last year, after an iCloud hack that made worldwide news because of the celebrity photographs subsequently released to the public, Apple promised that they would create better measures to protect their customers and their accounts.
What the electronics giant did was expand on a security feature, named “two-step verification”, that allowed users to log into their iCloud account using a new device, with their phone being used as a middleman to get a temporary numerical code to sign in, as well as their Apple ID and normal password.
Unfortunately, even using this new two-step verification, a hacker (or anyone else for that matter) can still access someone’s device simply by using their password to see their conversations on iMessage and then impersonate that person on the chat platform, while also having a look around at what they purchased on iTunes and the App Store.
The problem, and it’s a big one, is that the vast majority of passwords are quite easy to guess, as well as many security questions, which was unequivocally proven last year during the celebrity hacking fiasco.
The person who spotted this problem, a computer programmer named Dani Grant, believes that the approach Apple has taken is, at best, a half-measure. While it was made to enhance privacy, she says that it’s ridiculous that someone can just crack a password and not only see a person’s iMessages but their billing address as well, and even part of their credit card numbers.
Pointing out what could happen if someone were to hack a person’s iMessages, she said that “It is amazing how much access one can get,” adding that “Imagine that a hacker gained credentials of someone of power. They can make statements on [their] behalf.” Her belief is that Apple’s new two-step verification should apply to all of their services, not just some of them.
The main thing to remember is why exactly Apple chose to expand their security feature in the 1st place last year. It was after hackers, in August, were able to successfully guess either the passwords or answer to security questions that many celebrities were using on their iCloud accounts. The hack, and resulting release of hundreds of nude photos of celebrities, made worldwide news.
While Apple definitely can be credited for beefing up their security, the question is simply this; is it enough? Grant argues that no, users are still very vulnerable and Apple definitely needs to do more. She believes that the reason they aren’t is because it would be inconvenient, adding approximately 30 seconds to be verification process.
While that might be true, the final question is this; is an extra 30 seconds in order to protect your valuable information, as well as any compromising photographs, really that big an inconvenience?