Aug 10, 2012

What can Apple do to reassure users that iCloud is safe?

Apple got a lot of press this week for essentially giving a "hacker" (I hesitate to call it actual hacking, it was more like clever thevery) access to Wired's Mat Honan's iCloud account. I heard an interview with Honan on NPR yesterday, and the person who took over his accounts essentially deleted his digital life, and things such as childhood photos of his daughter with her now deceased grandparents. Sure, in an ideal world he would have had everything backed up, but most of us,including myself, do not always practice what we preach. I'm not sure how much this has shaken people's confidence in integrating their personal life with iCloud, but it couldn't have improved confidence. What can Apple do to reassure people that they can keep your personal data safe, when even tech savvy people like Honan can lose everything without really doing anything wrong from a security standpoint? How would you handle something like this if it was your business?


Don't let Amazon off the hook, they were the ones that helped provide the keys to the his iCloud account!  It was gaming the system by some punk, not hacking, and reflects that while Apple may have gotten security right in many ways, they didn't think through the entire system.  In hindsight it seems obvious.


If I was Mr. Apple, I would just say this was an unusual, isolated event, we are now aware of a manner in which someone could possibly exploit our excellent customer service, and have taken steps to prevent it from happening again.  Oh, and by the way, they got the information they used to access the account from somewhere else.  Throw in something about You The Customer being the most important thing to us and we value the integrity of your data more than our first born children.  That should about do it.  Really, how many customer are going to leave iCloud because of this.  I would guess somewhere around zero, give or take. 


Like most things in life, security is compromised by convenience, which explains a lot of those "123456" passwords.  The downside of this event is that when the people call Apple with legitimate needs to reset a password or regain access to their iCloud account, it is going to be a lot harder.  Good for security, bad for convenience, but that is the tradeoff.     

Apple responded to this, here's a quote:

"Apple responded today to Honan via a spokesperson, Natalie Kerris. In a statement to Wired, where Honan posted an account of his experiences, Apple promised to look into how users can protect their data and security better when they need to reset their account passwords.

“Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password,” said Apple, via Kerris. “In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.

This all happened because the hackers were able to get a hold of Honan’s email address, his billing address and the last four digits of a credit card he has on file. Once the hacker had this info, he or she called Apple, asked for a reset to the iCloud account in Honan’s name, and was given a temporary password."

Apple Responds To Journalist Victim of “Epic” Apple ID Hack
Answer this