Apple has long held a reputation for rock-solid security, and now the U.S. government seemingly agrees after praising the company for its security procedures. At the same time, the feds have suggested Microsoft and Twitter need to pull their socks up and make their products much more secure for their users, according to CNBC.
In a speech given at Carnegie Mellon University, Cybersecurity and Infrastructure Security Agency Director Jen Easterly pointed to Apple as a company that took security and accountability seriously, and suggested other companies should take note.
Easterly gave the example of Apple’s iCloud security practices, which enable multi-factor authentication (MFA) by default. As a result, 95% of iCloud users have MFA switched on, greatly improving security.
Related
-
A beginner’s guide to Tor: How to navigate the underground internet
-
Apple just made a huge move to power up your next MacBook
-
This major Apple bug could let hackers steal your photos and wipe your device
Multi-factor authentication means a unique code is sent to a separate device from the one that is attempting to log in, which can help to thwart hackers who may have gained access to a single device. Easterly said the high rate of iCloud MFA adoption was due to Apple’s proactive approach of “taking ownership for the security outcomes of their users.”
In contrast, Easterly said that companies like Microsoft and Twitter had much lower rates of MFA adoption (only 3% of users in Twitter’s case) and that this was “disappointing.”
‘Radical transparency’
Windows
Microsoft and Twitter received praise for at least disclosing how many of their users had MFA enabled, even if it didn’t look great for the companies involved. “By providing radical transparency around MFA adoption, these organizations are helping shine a light on the necessity of security by default,” Easterly explained. “More should follow their lead.”
That said, Twitter has just hidden SMS security authentication behind its Twitter Blue paywall, which could be seen as a backward step when it comes to making your Twitter account more secure. You can still enable Twitter MFA using a third-party authenticator app, though, which is more secure than SMS authentication anyway.
Aside from that, Easterly touched on the idea of new legislation, which should “prevent technology manufacturers from disclaiming liability by contract,” she said. Its goals should also include “establishing higher standards of care for software in specific critical infrastructure entities, and driving the development of a safe harbor framework to shield from liability companies that securely develop and maintain their software products and services.”
Apple’s security prowess doesn’t just come from its enabling MFA by default. Apps are sandboxed so they can’t access critical parts of the operating system, while Apple chips contain a secure enclave to handle sensitive data. It looks like those protections and more convinced the U.S. government that Apple was worth singling out for praise.
Today’s tech news, curated and condensed for your inbox
Subscribe
Check your inbox!
Please provide a valid email address to continue.
This email address is currently on file. If you are not receiving newsletters, please check your spam folder.
Sorry, an error occurred during subscription. Please try again later.
Privacy Policy
Use a different email