Apple has added a new layer of security to iCloud, notifying users when someone logs into iCloud.com using their email address and password. When you log in to the site, Apple will send you an email notifying you that someone has your credentials have been used on iCloud.com, and instructing you either to ignore the email if you did this yourself, or what steps to take if you didn't.
This is similar to emails that Apple sends out when you make purchases on a new device for the first time. It's a fairly standard security practice, but it's good to see that Apple is taking security more seriously in light of recent events.
What other steps would you like to see Apple take to make iCloud more secure? Let us know below in the comments.
Reader comments
Apple sends email notifications when users sign into iCloud.com
Oh Please. The hackers already beat the security system by logging in, how hard would it be for them to delete the email before you noticed it.
Why pile another ineffective measure on instead of making two factor authentication work like it's supposed to?
They send the e-mail to the other e-mail address you have on file with them, not your iCloud e-mail :)
...which a significant number of users don't check with regularity once they have established a "main" iCloud address.
You just don't get it do you Benlee?
The purpose of two factor authentication is to keep people out of your iCloud regardless of how they attempt to log in. Its clear you don't understand the function of a security system at all.
How would you like it if a Bank's ONLY promise to you was to send you an email after someone stole all of your cash?
Go to Google's two factor Authentication page and read up on how it works:
https://www.google.com/landing/2step/
You can even set your home computer (or your phone) as "trusted " and never have to enter the code.
As a matter of fact I do understand security quite well. I have 2-factor setup on all of my main accounts (LastPass, iCloud, Outlook/OneDrive, etc.). Microsoft and LastPass's implementation of 2-factor is vastly superior to Apple's (which I often forget is even setup since I rarely switch or add devices) to the point where they are a bit prohibitive; but I love them for it.
I am merely pointing out that your scenario of a hacker deleting the notification e-mail as soon as it's sent is incorrect. They could not do that because the e-mail is not on Apple's servers. You are correct that by then your data has already been compromised.. However, you would be notified at a different address and would be aware of it. Unlike Target users that only found out months later once they basically had to admit a breach had occurred. It is better than nothing.
I got this notification this morning and it caused me some grief. Since I had never received a notice like this, I assumed there was some account activity that was unusual, as opposed to a new notification. It didn't help that the time the email referenced was Pacific time as opposed to Eastern.
It would have been nice if Apple would have noted in the email that it was a new security feature and even if I logged in from my computer I would receive it.
I signed in using multiple email addresses on my iTunes account and did not received a notification of any of them.
Seems pretty useless. By the time you get the email, whoever has hacked into your account already has had sufficient time to download whatever they want.
Gotta agree with others... Seems pretty useless. And will be really annoying to get an email every time I use web browser. Just require TFA on logging in too!