If you’re an iPhone, iPad or Mac user, your iCloud password is the key to your digital realm. With your iCloud password, you can access such personal data as your iCloud mail messages, your calendar, your contacts, and your stored iCloud credit cards. Your iCloud password could even be used to track, lock and wipe your precious devices.
Needless to say, it would be a very bad thing if your iCloud password landed in the wrong hands. But in just a few basic steps, you can secure your iCloud account from the most common threats, and you can take all those steps directly from your device.
Let’s start with the easiest—and most important—way to protect your iCloud password, which is…
Change your password (and don’t use the same one twice)
Yes, I heard that groan, and I feel your pain. I just changed my own iCloud password recently (and after far too long), and it meant logging back into iCloud on a bunch of my devices, including my iMac, my iPhone, my iPad, my Apple TV, and my third-party email clients.
Not only do you need to change your password, you also need to create a “strong” password—that is, a password that’s at least 12 characters long (the longer the better, actually), with a random combination of letters, numbers and symbols.
To make matters even more complicated, your iCloud password should be unique, as should be the passwords for all your other Internet accounts. (If all that sounds too difficult to keep track of, consider investing in a password manager. Trust me, they’re life savers.)
Changing your iCloud password may be annoying, but it’s the best way to foil hackers, particularly those who steal passwords from one service and use the same passwords to break into others—and indeed, that’s what Apple says happened in the recent case of a hacker group that claimed to have stolen millions of iCloud passwords.
To change your iCloud password directly from an iPhone, iPad or other iOS device, tap Settings > Apple ID > Password & Security > Change Password.
Turn on two-factor authentication
Was that another groan I heard? Again, I understand. While two-factor authentication means another layer of protection for your iCloud account, it also means another layer of hassle for you.
That said, turning on two-factor authentication will make it tough for all but the most dedicated hackers to crack your iCloud account. Better still, you can use two-factor authentication in place of those (absurdly weak) iCloud security questions, such as “What was the name of your first pet?”
Tap Settings > Apple ID > Password & Security > Two-Factor Authentication, enter your phone number, then choose how you want to receive your verification number: either via text message or voice call. Plug in the verification number once it arrives, and you’re all set. Alternatively, you can turn on two-factor from your Mac, by going to System Preferences > iCloud, clicking Account Details under your name, signing in, and looking in the Security tab.
Now, the next time you try to log in to your iCloud account with a new device, you’ll need a temporary six-digit authentication code in addition to your standard iCloud password.
The code will arrive on one of your “trusted” devices (more on that in a moment), along with a notification showing you where the login attempt took place. If you recognize the location, go ahead and tap Continue to get the six-digit code—or, if it looks like someone is trying to break into your iCloud account, you can block the login attempt.
Add more “trusted” phone numbers
When you first enable two-factor authentication for your iCloud account, you’ll be asked to enter a “trusted” number where you’ll receive your verification mode.
While one such trusted number is enough, you can also enter more phone numbers—such as, say, your landline number, your office number, or the digits of a friend or loved one. That way, if you lose or otherwise don’t have access to your primary phone, you’ll have other ways to get a verification code for your iCloud account.
Head back to the Password & Security screen (Settings > Apple ID > Password & Security), tap the Edit button next to the Trusted Phone Number heading, then enter one or more additional trusted numbers. You can add more trusted numbers on your Mac too (System Preferences > iCloud > Account Details > Security)
Keep an eye on devices signed in to your iCloud account
As you log into your iCloud account from your various Apple products, each device is added a list of “trusted” devices, some of which (namely those running iOS 10 or macOS Sierra) are capable of receiving iCloud verification codes.
It’s a good idea to take an occasional gander at the list of devices signed in to your iCloud account—and if you see any devices you don’t recognize, you should go ahead and sign them out.
Tap Settings > Apple ID, the scroll down to review the list of devices. If you see a device that shouldn’t be on the list, tap it, then tap the Remove from Account button.
Ben has been writing about technology and consumer electronics for more than 20 years. A PCWorld contributor since 2014, Ben joined TechHive in 2019, where he covers smart speakers, soundbars, and other smart and home-theater devices. You can follow Ben on Twitter.