Reader John McKnight is concerned about iCloud’s security. He writes:
My wife has an iPhone 4s and we recently purchased an iPad Air. Both are set up to use iCloud. I don’t like having passwords and other kinds of personal information in the cloud and am thinking of attaching a password-protected storage device to my router so that I can create my own private “cloud.” Just how secure is iCloud?
It would be worth your while to read Apple’s iCloud: iCloud security and privacy overview document. As its name hints, it spells out how your data is encrypted—both when it’s transmitted between your computer and Apple’s servers and when it’s stored on those servers.
The gist is that Apple uses a minimum of 128-bit AES encryption. This is the encryption standard used by banks and other financial institutions. As I write this, there is no practical way to crack AES-128 encryption—unless, of course, the NSA has found a way to introduce a weakness that allows it to get around it. But unless you’re an International Man of Mystery, I seriously doubt any government is interested in your private affairs.
Given that I occasionally scrawl my social security number on forms and pass my credit card to perfect strangers with no more assurance than the faith I place in my fellow human being, I rest easy at night knowing that Apple and other online entities are at least as trustworthy with my personal information (and provide greater protection).
Your local-storage solution is certainly an option, but one that’s not very convenient. After all, if you’re concerned about that data touching the Internet you won’t want to allow it to be accessible via any means other than your local network. And even then, you’ll have to lock down that device with a very firm password should someone break into your home and steal it. And you should memorize that password rather than write it down in case an errant nephew wanders by, finds the password that you’ve taped to the bottom of the drive, and accesses your stuff. And then you’ll need to back up its data to yet another device and keep that device in another location in case the original hard drive fails or is damaged.
Oh, and you should buy a safe and lock up your wife’s purse and your wallet and put a padlock on your mailbox.
I don’t mean to make light of your security concerns, but once you head down the path of “just how safe is safe?” it doesn’t take long before concern turns to obsession. I suggest, instead, that you take reasonable precautions.
For example, writing down passwords and sticking them to the side of your computer monitor is a bad idea. Using the same password for multiple accounts is little better. Creating passwords that can be easily guessed is just asking for trouble. Placing sensitive information such as a credit card number or social security number in email isn’t a good idea as email is rarely encrypted. Failing to password-protect your mobile devices and computer isn’t a risk you should take.
In other words, the things we commonly do for the sake of convenience are often far riskier than trusting your data to services such as iCloud.