How Risky Is Apple's New iCloud Keychain?

By Zesty

Maybe it was the timing, coming as it did just days after revelations about the NSA keeping a “close eye” on… well, the entire internet.

Or maybe it”s an idea that stirs up a general sense of unease – the idea of one password to control them all; a single place to retain credit card details, access codes to just about every site we use, personal information and more.

That”s the idea behind Apple”s new iCloud Keychain service, and it”s one that”s rustled up all the predictable squirms of discomfort, from a public that feels it”s shared quite enough personal data with big companies at this point.

But are we right to feel worried – or is it just a misguided Orwellian sense of danger that”s preventing us from seeing this as a good thing?

I had a chat with our Technical Director Mark Kennedy about the risks and the benefits of Apple”s new service. And he told me that, while there are risks, it”s not necessarily a one-way ticket to disaster – and carries some serious benefits that could help us all become more security conscious.

“There will be some users who will relish this system as it will take away the worry of securing their machines. There will be other users who are wary of storing all of their details in one place in a cloud service,” he said.

“Unfortunately, though, there is no “silver bullet” when it comes to security. Just look at the media on a daily basis to see the catalogue of high-profile security breaches across the globe. And what are most of these caused by? Lax security by human users.”

The new version of Safari contains an automated password generator, that creates long-form codes that would be far harder to crack, the centralisation is essential – otherwise it would be impractical for users to remember the jibberish passwords assigned to them by the software.

But this centralisation is where the risk lies, says Mark.

“With centralised passwords systems you are “putting your eggs in one basket”. There are a number of questions you must ask yourself, though – what if the main password is compromised, what if your host machine is compromised or what if the provider is compromised? Assess the risk and ask yourself about how much information you are happy to push to a 3rd party online service.”

Gotta Be Mobile