YouTube video
A number of celebrities had their privacy significantly violated this week when their Apple iCloud accounts were compromised and photo backups were downloaded by unauthorized individuals. While Apple is correct in saying their security system was not compromised, they could be doing more to help users protect their data.

Normally this sort of attack is preventable by enabling two factor or two step authentication on an account. This method of authentication requires entering a code after a username and password is accepted. The code is either pushed to a mobile device or is generated on the device using an authentication app. It combines something the user has (the mobile device) plus something they know (their user name and password).

This means that even if a hacker obtained a user name and password they could not access the account without having physical access to the mobile phone.

Apple has a two factor authentication system, and the company recommended that users enable it this week in the wake of the celebrity hacking incident. That would be great advice if the company’s two factor system actually protected device backups stored on iCloud. It unfortunately does not.

Apple’s two factor authentication is used only for making payment or email changes to an account, or when purchasing an app, album, or book on a device that hasn’t previously been used with that Apple account before. It does not protect any iCloud features including email, photos, and full system backups.

Russian security firm Elcomsoft’s Phone Password Breaker is able to log in and download iCloud device backups without any second factor authentication. It just needs a user name and password to access a user’s account and grab everything – including photos, call logs, and other personal data. The software is used by law enforcement agencies but is also available as a $200 download to anyone.

In the past a good password was usually good enough. But now as more and more websites are compromised and user information is stolen, having that second authentication factor is becoming more and more critical to securing personal data.

Apple needs to act quickly to extend its two factor authentication to all of its services like its competitors Microsoft and Google already do.

Lon Seidman is the host and producer of “Lon.TV,” a consumer technology video show that is on a number of platforms including YouTube and Amazon. He creates in-depth, consumer-friendly product reviews and commentary. His YouTube channel has over 300,000 subscribers and more than 100 million views.

In addition to being a full-time content creator, Lon is an adjunct faculty member at the University of Hartford (his alma mater) where he teaches a course in entrepreneurial content creation.

Prior to becoming a full-time creator, Lon was a partner at The Safety Zone, his family’s business that manufactures gloves and safety equipment. The company has locations around the globe and employs over 200 people worldwide. The Safety Zone was acquired by the Genuine Parts Corporation in 2016.

Lon is also active in public service, serving as the Chairman of the Essex Board of Education, a member of the Region 4 Board of Education, and as the Secretary / Treasurer of the Connecticut Association of Boards of Education. He was endorsed by both Democrats and Republicans for his re-election in 2021.

The views, opinions, positions, or strategies expressed by the author are theirs alone, and do not necessarily reflect the views, opinions, or positions of