Overloading Cloud Services With Security Fixes Defeats Their Purpose
NEWS ANALYSIS: There are several things Apple could do to make iCloud really secure, but many of them would make the cloud service useless for its intended purpose.After I wrote about the problem with Apple's iCloud in which photos of some celebrities were compromised and stolen from their accounts, I received a number of suggestions as to what Apple should do about it. I'll forget about the suggestions that are unprintable, but there were plenty of people who think Apple should do something. But not everyone is sure exactly what it is Apple should do. Some things are obvious, including one fix that Apple has already made, which is limiting the number of password entry attempts before the account is locked down. Before the photo thefts came to light, iCloud allowed visitors to make an unlimited number of password tries. Now there's a limit of five tries. Other preventive measures, such as requiring two-factor authentication before changing passwords, were already available. Another measure requiring two-factor authentication before extracting photos out of iCloud wasn't implemented despite Apple tech support's claim that it was.
But, as Chris Preimesberger points out, some things take time, and some security enhancements for Apple devices and iCloud will be released with the next version of iOS, due this fall. As much as Apple might wish it could snap its corporate fingers and simply make it happen, the company does not have magical powers.