How to Secure Your iCloud Account Against Hackers

Your iCloud account is one of the most important accounts you own. It stores your photos going back years, your contacts, your text message history, health records from your Apple Watch, and — if you use iCloud Keychain — all the passwords saved on your devices. Keeping it secure is not optional.

There are three essential protections every iCloud user should have in place: a strong password, two-factor authentication, and a recovery plan. Here is what each means and how to set them up.

A strong Apple ID password is your first line of defense. It should be at least 12 characters, include a mix of letters, numbers, and symbols, and not be used on any other website. If you use iCloud Keychain or a separate password manager, it can generate and store a strong password for you automatically.

Two-factor authentication (2FA) means that even if someone learns your password, they still cannot log in without access to one of your trusted devices. When you or anyone tries to sign in to your Apple ID, Apple sends a 6-digit code to your iPhone or iPad. Without that code, the login fails. To check if 2FA is on: open Settings, tap your name at the top, then tap "Sign-In & Security." It should show "Two-Factor Authentication: On."

Check which devices are signed in to your Apple ID: go to Settings > your name, then scroll down to see a list of all iPhones, iPads, Macs, and Apple Watches connected to your account. If you see a device you do not recognize, tap it and choose "Remove from Account."

Review which apps have access to your iCloud data: Settings > your name > iCloud. You will see a list of apps — Photos, Contacts, Mail, Health, etc. Turn off iCloud access for any app you do not need to back up or sync.

Advanced Data Protection is a newer setting that adds end-to-end encryption to even more iCloud data categories — including your photos and device backups. To turn it on, go to Settings > your name > iCloud > Advanced Data Protection. You must set up an Account Recovery Contact or a Recovery Key first, so Apple can help you regain access if you ever get locked out.

A Recovery Contact is someone you trust — a family member or close friend — who can help you get back into your account if you forget your password. Set one up at Settings > your name > Sign-In & Security > Account Recovery.

To check if your Apple ID email address has appeared in a known data breach, visit haveibeenpwned.com and enter your email. If it shows up, change your Apple ID password immediately.