A reader who wished to remain really, really anonymous has failed in this regard. She writes:
Recently some pictures and movies stored in my iCloud account have found their way onto the Internet and they’re, well… embarrassing. Is there some way I could have prevented this from happening?
Yes. If you’d disabled photo sharing from your iPhone to your iCloud account those pictures would have remained on your phone. Although the horse has left the barn, here’s what you might have done.
On your iPhone go to Settings > iCloud, tap on Photos, and ensure that the My Photo Stream option is switched off. Your iPhone will no longer automatically send its images to iCloud.
Switch off Photo Sharing while you’re at it. Although this latter feature is intended for sharing images with just those friends you choose, when your career can be ruined by an unwisely shared image it’s best to leave all your images on the phone. Should you later wish to share an image, do so via email, message, or a social media account where you select specific images to share.
Note that if you have photo sharing enabled on other Apple devices—your iMac and iPad, for example—those images are still in iCloud and could be retrieved by someone who has access to your account. In this case it’s not a bad idea to delete embarrassing images one by one in iPhoto and the Photos app.
But hang on, those image may still exist in another form. If you’ve switched on iCloud Backup on your iPhone, the images it holds are sitting in iCloud in the form of a backup archive. If someone gains access to that backup, they have your images and movies. To prevent your iPhone from creating such a backup, tap Settings > iCloud > Storage & Backup and disable the iCloud Backup option. Now when you want to back up your iPhone you’ll need to connect it to your computer and back it up via iTunes.
You’re not out of the woods yet. Those backup files still exist on iCloud. To remove them, navigate once again to Settings > iCloud > Storage & Backup, tap Manage Storage, and in the resulting screen you’ll see a list of backups. Tap any that you wish to delete and on the next screen tap Delete Backup.
Finally, let’s talk about passwords. Despite all the “hacking” that’s gone on in the last couple of years people remain careless about the passwords they create. If you use a single word or simple sequence of numbers as a password, it’s the work of a moment for ne’er-do-wells to run a script that generates a series of common passwords and break into your account. Once that’s done they have access to everything you thought was under lock and key.
So, the first step is to create a very difficult to guess password—one made up of letters, numbers, and characters. (And no, p@ssw0rd isn’t going to cut it.)
Two-factor authentication—a scheme where you’re asked to confirm certain interactions with Apple on a trusted device—can be helpful for changes to your Apple ID or for verifying purchases from Apple’s online stores. However, two-factor authentication doesn’t do you any good when someone has glommed onto your password and then accesses your photos as this isn’t the kind of interaction that triggers an alert to your trusted device. TUAW’s Michael Rose provides the details.
That doesn’t mean that two-factor authentication is useless. If someone attempts to change your password you’ll be glad you have it switched on. Our own Dan Miller provides the steps for doing exactly that in his How to Set Up Two-Factor Authentication for iCloud.
Updated 9/2/14 to provide details about the effectiveness of two-factor authentication for protecting your images.