Editor's desk: Hold your iPhone dates close, your iCloud account closer

So, we had a bit of a week, didn't we?

September 12

Apple iPhone 5 and iPad mini event planned for September 12, iPhone 5 release date for September 21

On Monday, iMore learning Apple would announce the next iPhone on Wednesday, September 12 and release it on Friday, September 21, along with the iPad mini, and perhaps more. That's later than the first four years, when new iPhones hit in the summer, but earlier than last year when the iPhone 4S didn't put in an appearance until October. It is, however, right around the time Apple used to announce the new iPod lineups, and put everything in place for the traditionally massive holiday quarter. And that certainly seems like the new sweet spot for the new iPhone.

No doubt we'll have more on this over the next week, and the weeks leading up to the event.

But in the meantime, iPhone and iPad mini aside, what other devices are you hoping to see updated next month?

What's the best way to steal someone's password?

You ask for it.

It's a cliche but it's true. We've talked recently about security and the importance of really strong passwords (and 1Password has a great guide to creating your own). But what do you do when it's not the password itself that's guessed or brute force attacked? What do you do when it's just given away?

That's what happened to Wired's Mat Honan this week when a hacker apparently called up Apple Support and, using what's called a social engineering attack, conned them into resetting Honan's iCloud password and giving him access to Honan's account. What happened next was a nightmare, including Honan's iPhone, iPad, and Mac getting wiped, his Gmail, Twitter, and Gizmodo's twitter account getting hijacked, and his life turned absolutely upside down.

There are several takeaways from this:

  1. Apple has to enable multi-factor security for iCloud, and never -- not ever -- give access to someone who calls them (hang up and call back on the registered phone line, okay?).
  2. On systems that do support multi-factor security, like Google, use it. I hate the idea of giving Google my phone number, but I hate the idea of having my life stolen more.
  3. Always make sure you have local and cloud backups of all your machines, always. It's not that expensive, and it's much cheaper than losing priceless photos, videos, or having to waste time starting from scratch.

What happened to Honan was terrible, but if any good at all could come from it, it's a reminder for all of us to review our own security and backups practices and make improvements wherever possible.

I'm using 1Password to generate strong, unique passwords for every site, and I lie like crazy when it comes to security questions. I also store almost my entire home directory on Dropbox for online backup, and use SuperDuper and a Time Capsule for local backup.

How about you?