In an interview with the Wall Street Journal Tim Cook says Apple will start sending out emails and push notices to people the minute after someone accesses their account to change their password, restore iCloud data to a new device, or when a device logs into an account for the first time.
He didn’t say that Apple would stop the access until after the user approves the action – but who knows. He just said they would notify the user. This ‘after the fact’ warning system will go into effect sometime in the next two weeks.
Cook also said Apple could have done more to educate their users about using strong passwords and setting up strong security questions.
“When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” Cook said. “I think we have a responsibility to ratchet that up. That’s not really an engineering thing.”
He also said that Apple will broaden its use of “two-factor authentication,” which requires a user, or a hacker, to have two of three things to access an account: a password, a separate four-digit one-time code, or a long access key given to the user when they signed up for the service.
Apple will do more to encourage users to activate the two-factor authentication when the next version of their iOS mobile operating system ships sometime in the coming month. There was a subtle implication that the two-factor system Apple has in place now does not include people using iPhones to access iCloud storage but will be included in the next version of iOS.
Perhaps the new email/push warning system will prevent unauthorized access to accounts, but only if it forces users to approve changes before they are made, rather than just inform them after the fact.
“Dear Apple user. We are sending you this message to let you know that someone accessed your account last night at 3:45 AM and downloaded all your iCloud data to a new device. We sure hope it was really you. If not, then you should probably change your password right away and contact our security team. Have a nice morning!
PS: can’t wait to see the pix ;)”