Here’s how to keep your iCloud account secure

10 min read

Apple’s iCloud is incredibly useful as a way to backup files, store photos, and sync passwords and credit card details. Is iCloud safe? Yes. But having all that sensitive data stored in the cloud also makes it vulnerable. And it’s not just hackers we have to worry about. There are plenty of opportunists willing to extort money from Apple device owners by claiming to have access to accounts. So what can you do to secure your iCloud account and make sure you are immune to the threats from these racketeers? Read on.

Tip: Recently there appeared a number of good privacy cleaners for Mac. Such tools allow you to manage the shareable data that could be used by third-party apps. For example, you can proactively block apps from accessing your camera or photo library. One of such tools is CleanMyMac X. You can download it’s free version that is notarized by Apple. We’ll show you how to use it later in the article.

Turn on two-factor authentication

Two-factor authentication is a way of ensuring that only you can sign into your iCloud account. When you attempt to sign in on a device for the first time, you’ll be required to submit two pieces of information: your password and a six-digit code that is sent to a trusted device that you have previously verified. If you’re not in possession of that device, you won’t be able to sign in. Thus, even if a hacker obtains or guesses your password, they won’t be able to gain access to your iCloud account.

  1. Go to the Apple menu and choose System Preferences.

  2. In macOS Catalina or later, click on Apple ID. In earlier versions of macOS, click on iCloud. 

  3. Choose Password & Security.

  4. Set the Two-factor authentication toggle switch to on.

You may be required to add a phone number, to which Apple will then send a code to verify it’s your phone.

Check which apps can use your Apple ID

Apple’s Sign with Apple system allows you to sign into third-party apps and services using your Apple ID. While there should be no security threat from doing nothing, even if you no longer use the account, it’s worthwhile checking every now and again and removing any you no longer need. 

  1. Launch System Preferences.

  2. Click on your Apple ID and choose Password & Security.

  3. Next to ‘Apps which are using your Apple ID’ press Edit.

  4. Look for apps you no longer use or that you don’t remember granting access to. If you see any, select them.

  5. Press Stop Using Apple ID.

Change your password

It’s good practice to change your password regularly. But you should definitely do it when there have been reports of a security breach or if you use a password that’s similar to other passwords you use. When you change your password, don’t use one that could be easily guessed or that you use elsewhere. If you’re worried that using a complicated password will mean you forget it, use a string of three or more words that mean something to you but no one else. Include digits, if possible. Better still, use Safari’s suggested password feature to create one for you. It will be synced using iCloud, so if you need to log in to your account on another machine and can’t remember it, you can check it in Settings on your iPhone.

  1. In System Preferences, choose Apple ID.

  2. Press Change Password.

  3. Type in your Mac login password and press Allow.

  4. Type in your new password into the New Password and Verify boxes.

  5. Click on Change. 


Log out of your account on devices you don’t use regularly

If you use a shared computer at work or log into your iCloud account from a library or other shared computer, you should always log out again as soon as you’ve finished. Remaining logged in risks allowing other people to access your data.

Similarly if you use your own MacBook in a communal space and leave it, make sure you at least lock it (Command-Control-Q will return you to the lock screen quickly).


Make a backup copy of your data

This won’t secure your iCloud account as such, but it will secure your data, which is the most important part. iCloud Drive is not a backup solution and shouldn’t be used as such. It’s a convenient method of syncing files between devices. If a file is deleted on one device, it will be gone on all devices. To prevent that happening accidentally, set up a regular backup schedule using Time Machine or a third-party tool to back up data to an external drive. 


What to do if you forget your password?

Hopefully you’ll either be using a password that you can remember easily or be using a password manager like iCloud Keychain to remember it for you. If not, and you forget your password, all is not lost. Here’s what to do.

  • Go to the Apple menu, choose System Preferences and then, if you’re using macOS Catalina or later, click on Apple ID. If you’re using an earlier version of macOS, skip to step 5. 

  • Choose Password & Security.

  • If you’re asked to type in your Apple ID password, click ‘Forgot Apple ID or password’.

  • Follow the on-screen instructions. 


Then, repeat the same steps for iCloud

  • Click on iCloud.

  • Choose Account Details.

  • If you’re asked to type in your Apple ID password, click ‘Forgot Apple ID or password.’

  • If, at step 3 or step 7 you’re not asked to type in your password, click change password. Then choose the option that says you’ve forgotten your password. 


Follow good security practice

Most security breaches, including those that involve iCloud accounts don’t happen because hackers broke encryption or hacked servers by exploiting holes in their security. They happened because the hackers preyed on human fallibility. In computer security terms, this is known as social engineering. Malicious actors exploit the fact that many of us use the same passwords for multiple accounts, or use passwords that can be easily guessed by anyone who knows a little about you. So, in order to keep your iCloud account secure, you need to keep all your personal data secure.

As we’ve already said, use a unique, difficult to guess password, preferably one that’s suggested by and stored in a password manager.

Tip: You can use passphrases instead of passwords. 

  • Protect your email address – it’s half of the data anyone needs to access your account. If you’ve been notified that the address has been involved in a breach of another company’s systems, consider changing it. Use a different email address for online shopping or signing up for newsletters. Better still, use sign in with Apple and prevent the third party from seeing your email address.

How to check if your email has been leaked

This website constantly monitors email databases that had been exposed in the past.

  • Don’t share location data, your date of birth, or any other personal information on social media – particularly if any of it is the answer to a security question for an online account. 

  • Talking of security questions, it’s good practice not to give a truthful answer to a question such as your place of birth or mother’s maiden name when you sign up for a service or account, as long as you remember the answer you gave and can repeat it when necessary.

  • Don’t forget offline security – shred or burn bank statements, tear the address off envelopes or labels before recycling them. 


Check which devices are logged into your account

One of the main benefits of iCloud is that it allows you to sync data across all your devices seamlessly. To enable data top be synced, those devices must be connected to your iCloud account. That means any device connected to your account has access to your data, including any devices you no longer own, or shared computers you have used to access iCloud. Of course, if you log out of iCloud on shared computers once you’ve finished using there’s nothing to worry about. Here’s how to check which devices are logged into your account.

  1. In a web browser, go to iCloud.com

  2. Type in your Apple ID and password, if you’re not already logged in.

  3. If you’re using two-factor authentication, wait for the code to arrive and type it in.

  4. Click on Account Settings.

Near the top of the page, you’ll see a list of all the devices connected to your iCloud account. If there are any you no longer own, click on them.

  1. Click on ‘Lost, sold, or gave away this device?’ and follow the instructions.

  2. Choose Done.

Further down the page, you’ll see a link: ’Sign out of all browsers’. If you see any computers that you no longer use on the list of devices currently logged into your iCloud account, click that link and choose ’Sign Out’ to confirm.

Log out of iCloud and wipe data before selling your Mac

If you sell or give away a Mac that’s still logged into your iCloud account, there’s little you can do to stop the new owner from accessing your data. You can change your password, but any files in iCloud Drive, for example, will remain on that Mac. The best you can do is to ask them to delete the data. So, it’s important you take precautions before you hand over the Mac. Apple recommends you do the following.

How to completely deauthorize your Mac

  • Backup your data.

  • Sign out of iCloud.

  • Sign out of iTunes if your Mac still has it.

  • Sign out of iMessage.

  • Reset the NVRAM.

  • Unpair Bluetooth devices/

  • Erase your boot drive and reinstall macOS.

To erase your boot drive and reinstall macOS, do the following:

  1. Restart your Mac while holding Command-R to restart in Recovery mode.

  2. Select Disk Utility and press Continue.

  3. Choose Macintosh HD (or whatever your boot disk is called).

  4. Choose Erase or Erase Volume Group.

  5. When it’s finished, quit Disk Utility.

To reinstall macOS, restart your Mac while holding one of the following combinations of keys:

  • Command-R to install the version macOS that was installed previously

  • Command-Option-R to install the most recent version of macOS that millrun on your Mac

  • Shift-Option-Command-R to install the macOS that was shipped with your Mac or the closest one still available

Use CleanMyMac X privacy features

As we said earlier, CleanMyMac X can fix privacy issues and scan your Mac for malware. But mainly, you’ll need to erase privacy details from browsers, including History, downloads, and even saved Wi-Fi connections. This tool is notarized by Apple and you can download a free version here.

When you install and launch the app, click the Privacy tab.

As you can see from the screenshot above, I can select and remove lots of items that may compromise my Privacy. For example, deleting the Cookies, erases tracking pixels that advertisers use to spam you with their ads.

If you’re running macOS Catalina, you’ll have an access to Application Permission in the same window of CleanMyMac X. It builds the list of all apps that have gained access to your settings. You can revoke their permissions right away. 


Apple’s iCloud is an excellent and very convenient tool. How secure is iCloud? Very. However, that security is only as strong as the people using it, in this case you. So you should follow the advice above and take the precautions described, to keep iCloud secure. You can also use CleanMyMac x to scan your Mac for malware and improve your privacy while using it.

Blog FAQ
How to

MacPaw uses cookies to personalize your experience on our website. By continuing to use this site, you agree to our cookie policy. Click here to learn more.