Apple Needs To Implement Stronger Authentication For iCloud; Google Can Be A Great Teacher On This!

Before Mac OS X Mountain Lion roared its way into the market, iCloud was already a stir.  After Mac OS X Mountain roared its way into the market, iCloud is even a bigger stir.  iCloud is now more integrated into Mac OS X ecosystem evermore than before.  iCloud is better now as it allows so many more apps to have the option of saving data in the cloud.  One example would be TextEdit.  If you open up TextEdit on Mac OS X Mountain Lion, you would see a finder gladly greets you and asks you if you want to create a new document in iCloud or on the Mac itself.  This way, TextEdit clearly presents you the option of saving data in the cloud.  Many more apps on Mac OS X Mountain Lion are implementing this approach for iCloud too.

It’s great that iCloud is evermore readily available for many more apps on Mac OS X Mountain Lion, because it’s definitely a convenience for Mac users to be able to save data on the cloud for syncing and safekeeping (i.e., to recover when local data cannot be recovered).  Nonetheless, can one’s data be secure on iCloud?  Just recently I had read “The Dangerous Side Of Apple’s iCloud” Forbes article, and this daunted on me that if one isn’t too careful — one might save important information in iCloud and such information can totally be leaked by being hacked as iCloud’s password protection isn’t exactly strong at the moment.  Unlike Google which has 2 step password verification, iCloud only requires a user to enter password once to access iCloud data.  To add the insult to an injury, although iCloud does encrypt the data during the transit of data and on the iCloud itself, the encrypted data can still be decrypted easily as long the evildoer has the correct password which can be used to unlock the data from iCloud.

Then there is another issue of trust.  Can we trust Apple to be honest enough to not take a peek at our data?  Sure, the data are encrypted on iCloud, but is there a way in which Apple can ensure us that their employees won’t try to decrypt our data at will?  Perhaps, this is a concern for using any third party cloud service and not just only with Apple, because once the data reside on the cloud — such data are truly beyond our control (i.e., no longer in the control of the data owner).  Nonetheless, I think when one encrypts the data before sending such data onto iCloud, one might be able to sleep better even though one knows Apple is way more trustful than some unknown and untested third party cloud services.  This is why, one needs to keep TrueCrypt in mind even when Apple does assure one that iCloud is encrypting all data on Apple’s iCloud servers.

To end this blog post, I must say iCloud is a lot more attractive than ever before.  I definitely think iCloud is worth it, because it’s so integrated into Mac OS X Mountain Lion and onward (i.e., I hope it would be so integrated into Mac onward).  Knowing that you can always recover your data from the apps that are supported by iCloud is definitely a peace of mind when it comes down to that one extra layer of data redundancy.  You never know how unreliable the state of your data are until your data become unrecoverable, and by then everything is just too late.  Obviously, even with iCloud, one can never have too much data redundancy, therefore it’s still wise for one to backup their Mac to an external hard drive with the usage of Time Machine, regularly.  This to ensure and insure one in the case of having one’s iCloud account being wiped out by a hacker — just as how Forbes had mentioned how Mat Honan had his iCloud account wiped out by a hacker.  To really end this article, I wish Apple actually implements or at least giving Mac users a choice of implementing 2 step password verification, just like how Google is doing it now.