Cook tells the Wall Street Journal that upcoming improvements will include e-mail and push notifications on devices whenever someone tries to change the password on an account, or when someone tries to restore iCloud data to a new device, or when a new device logs into an account for the first time.
The changes will kick in at some point in the next few weeks, says Apple. However, critics are quick to point out that these are not preventative measures. Instead, they are just ways of telling the user that his or her account may be compromised. By the time the user notices the alert, the damage may be done, as it does not take long to siphon off images and other sensitive files.
In terms of the human element, Cook says not enough was done to educate users on the risks of targeted attacks by hackers, and the need for strong passwords.
“When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” he tells the Journal. “I think we have a responsibility to ratchet that up. That’s not really an engineering thing.”
To that end, Cook says Apple will expand the use of two-factor authentication, which requires that anyone trying to access sensitive information on a new device will not only need the password, but a unique 4-digit code. So a password alone would not be sufficient for cracking open someone’s account.
An upcoming iOS update will add two-factor coverage for iCloud access.
But even with the additional coverage, Apple still faces the challenge of getting users to turn two-factor authentication on. Most users don’t use it, so the company says it will be making a push to remind consumers to turn it on.