Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Other What can someone do to you if they know your iCloud email address?

T

thephantompain

macrumors newbie
Original poster
Aug 25, 2021
20
0
Hello. Just a question regarding the use of your iCloud/iPhones and it's security.

These days, people do almost everything on their phones. It has your photos, your emails, iCloud backups, passwords, etc.

Assuming you've got 2FA enabled (which is a no-brainer these days), how likely is it that someone could lock you out of your iPhone/Apple devices or even take control of your Apple ID if they've got your Apple ID/iCloud address?

I guess as a second part to this, is your Apple ID only used for your iPhone/Apple devices or do you use it for other things/as a main email?

Thanks you!
 
K

KaliYoni

macrumors 68000
Feb 19, 2016
1,799
3,955
There isn't a universal answer to this. The potential for a breach of your iCloud account depends on many factors, including:
  • The types of accounts and data tied to your iCloud account and address
  • If you reuse account names and/or passwords
  • If you have taken personal information defensive measures such as setting up non-text message/non-email based 2FA as much as possible
  • How much personal information you post on social media
  • How much personal information others post about you on social media
In short, as the amount of information you make public and the number of accounts tied to your iCloud address increases, the likelier it is that your iCloud account could be successfully attacked.
 
Last edited:
  • Like
Reactions: thephantompain
N

now i see it

macrumors G4
Jan 2, 2002
11,258
24,293
If two factor authentication is used, a person with your Apple ID and its password can't totally take over your account or lock you out because they'll need your iPhone too to authorize the changes.
But if they found/stole your iPhone and it is unlocked and it's the two factor 2nd device - you're screwed.
 
T

thephantompain

macrumors newbie
Original poster
Aug 25, 2021
20
0
KaliYoni said:
There isn't a universal answer to this. The potential for a breach of your iCloud account depends on many factors, including:
  • The types of accounts and data tied to your iCloud account and address
  • If you reuse account names and/or passwords
  • If you have taken personal information defensive measures such as setting up non-text message/non-email based 2FA as much as possible
  • How much personal information you post on social media
  • How much personal information others post about you on social media
In short, as the amount of information you make public and the number of accounts tied to your iCloud address increases, the likelier it is that your iCloud account could be successfully attacked.
Click to expand...

Right. And in case you want to go the extra-mile in terms of security, you can just have your Apple ID/iCloud email separate to your main email, right?
 
DeltaMac

DeltaMac

macrumors G5
Jul 30, 2003
13,769
4,593
Delaware
I had an incident with my AppleID (maybe 7 or 8 years ago. I don't even remember now what the problem was. But, I changed the email address associated with my AppleID. I don't use that email account for anything else except AppleID. I don't even check that account more than about once per year. I clean out old notifications, and other junk (if there is more than a few), but I don't use it for any kind of active communication. It's my AppleID - so I treat it nice :cool:
 
  • Like
Reactions: timeconsumer, KaliYoni and thephantompain
K

KaliYoni

macrumors 68000
Feb 19, 2016
1,799
3,955
thephantompain said:
Right. And in case you want to go the extra-mile in terms of security, you can just have your Apple ID/iCloud email separate to your main email, right?
Click to expand...
Yes. In fact, I have a primary iCloud account that is used for downloading software, syncing calendars, and handling non-confidential email. I also have a secondary iCloud account that is not tied to any of my devices and is used for emails I want to keep separate for security or privacy reasons. Finally, I have a third email account (non-Apple) that I use for mailing lists, people I don't know well, and websites that don't hold sensitive information about me.

fischersd said:
Explain that - as the encryption keys in the Secure Enclave are certainly not stored on your SIM card.
Click to expand...
Apple two factor verification can be vulnerable to SIM swapping or port outs, depending on how one's 2FA is set up. If one relies on a Trusted Phone Number or has not updated Apple 2FA since it became possible to move away from SMS (remember the confusion between 2 Step Authentication and 2 Factor Authentication?), losing control of a phone number can lead to an account takeover.

Two-factor authentication for Apple Account - Apple Support

Two-factor authentication is designed to make sure that you're the only person who can access your account. Learn how it works and how to turn on two-factor authentication.
support.apple.com support.apple.com
 
Last edited:
  • Like
Reactions: thephantompain
T

thephantompain

macrumors newbie
Original poster
Aug 25, 2021
20
0
DeltaMac said:
I had an incident with my AppleID (maybe 7 or 8 years ago. I don't even remember now what the problem was. But, I changed the email address associated with my AppleID. I don't use that email account for anything else except AppleID. I don't even check that account more than about once per year. I clean out old notifications, and other junk (if there is more than a few), but I don't use it for any kind of active communication. It's my AppleID - so I treat it nice :cool:
Click to expand...
Thanks. I might head down that route myself. :)
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom