Cover image for: 如何保护您的iPhone,照片和iCloud帐户



Since 2017, Apple have allowed "differential privacy" on iCloud user data. This function allows users to enable or disable data-sharing for analytical purposes. The same iOS 10.3 update also included numerous notifications promoting two-factor authentication (2FA) adoption. Both actions work to keep your iPhone data safer.


Jennifer Lawrence, Kirsten Dunst and Kate Upton were among the victims of the notorious Celebgate hacking attacks, which accessed data from iCloud accounts remotely and without permission. Celebrity hacks show these breaches can happen to anyone, Apple already implements numerous safety and privacy protections as defaults (such as 2FA) to make sure your iOS devices and iCloud data is kept safe. Successful hacking attacks are almost always the result of users failing to implement Apple’s security tools properly or phishing.

You can use this article to ensure you’re making the most of Apple’s security features. First, we cover the 12 most important steps to protecting your data which we recommend every iCloud user follows. Once we've covered the essentials, we outline a further five safety measures which are slightly more advanced or involved. You may want to consider implementing these steps if you are at particular risk of being hacked, or if your data is particularly sensitive:

12 Easy safety measures everyone should always take to protect their iPhone, Photos, & iCloud data🔒


1. Beware of phishing attempts



Whenever you see an email asking for credentials, check the URL. If you see any domain other than iCloud.com, or if you notice an insecure certificate when browsing, it's most likely a phishing attempt. Here's Apple's icloud.com, and the secure certificate that you should see on it:

Apple's iCloud.com with a secure SSL certificate
具有安全SSL证书的Apple iCloud.com


We recommend you always access your iCloud account manually, by opening in a new tab in your web browser and typing in "icloud.com", even if you think a message may be authentic. Always use the official iCloud site to log in, change a password, or check up on warning messages. You can also get in touch with Apple’s security team to report any phishing attempts to them.


2. Keep your email address private


Lookout的安全专家Mike Murray将最后一个漏洞利用描述为“我们在市场上看到的最复杂的间谍软件程序包”。它与NSO Group有联系,后者是一家为政府提供安全应用程序的以色列公司。几个小时后,Apple启动了iOS更新,从而修复了此漏洞。


  • Use a separate email address for purchases, social networks, and promotional messages, and a private, rarely disclosed one for any information you wish to keep secure. Share it only with trusted people.
  • 避免打开看起来像垃圾邮件的邮件,即使它们已经超过了您的过滤器。
  • 为您的电子邮件启用两因素身份验证(有关2FA的更多信息,请参见下面的2FA)-考虑使用您的手机号码接收有关可疑活动的通知。
  • 加密电子邮件-使用基于Web的电子邮件提供商或将Outlook设置为与GPG一起使用加密连接。

Yahoo!'s 2013 email scandal, in which all 3 billion Yahoo! email accounts were hacked, revealed that email accounts are sometimes not as well protected as you might hope.

If one of your accounts becomes hacked, that weakens all linked accounts. If hackers gain access to your email account, they may try to send a password reset email to your email address using the iCloud login system.

如果您拥有与Yahoo!关联的iCloud帐户。电子邮件地址,最好尽快更改您的密码。更好的是,只需切换邮件提供商。抱歉,雅虎! Gmail功能强大。

3. Update your iPhone passcode

iPhone密码是当Face ID或Touch ID不起作用时提示您使用的数字代码。从iOS 9开始,此代码的默认长度为六位数,比之前的四位数默认破解时间长得多。 4位密码有9,999种可能的组合,而6位密码有999,999种组合。


Here's how to make your iPhone passcode longer and use an alphanumeric passcode:

  1. Go to Face ID & Passcode or Touch ID & Passcode

  2. Enter your current passcode

  3. Tap Change Passcode, enter your passcode again, then select Passcode Options

  4. Select Custom Alphanumeric Code or Custom Numeric Code

  5. Enter your new passcode twice to reset


Custom alphanumeric code

4. Use strong passwords across your accounts


You also need to make sure to use different passwords across all accounts, particularly when it comes to those accounts with the most valuable data. Hackers often target less protected sites, and then try these passwords out on other accounts owned by the user.

At the very least, keep your iCloud password different from the passwords you use on less secure sites, and make sure it is sufficiently complex.

When choosing a new password, aim to meet the following three criteria:

  1. Strong: Use a combination of lower and upper case letters, numbers, and special characters. Replace certain letters with numbers or symbols: beardak0tast@arhip, for example.

  2. Long: the longer a password is, the greater the number of combinations a hacker needs to crack it. Consider using phrases to protect the integrity of your account, which are easy for you to remember as an individual but difficult for existing software to rapidly generate. Ideal passwords are at least 14 characters long.

  3. Hard to guess: Avoid password terms that include personal information, like your birthday, pet's name, or a favourite colour, because they're easy for hackers to guess. Don’t choose a favourite band, your birthplace, or any other relatable guess as your iCloud password. The Telegraph has written on the most commonly used passwords; they're all worth avoiding!


We don't recommend putting your actual password into either of them, though. Just put something in of similar complexity.


诸如1Password (收费)或KeePass (免费)之类的工具会生成随机文本,这些文本通常会形成非常强的密码,并可以帮助您安全地存储密码和机密数据。

Look, it's 1Password!

Back in 2016, Colin Powell and George W. Bush lost their email data after their accounts was illegally accessed by a hacker. The hacker managed to gain access by guessing the answers to their security questions. Beware!

Many common security questions ask for information that could be public knowledge. For example, many security questions ask for your mother's maiden name. This information is not exclusively known by you and could be accessed by a hacker.


5. Activate two-factor authentication (2FA)


2FA protects the iCloud account even where the password is known to somebody else. As long as a potential hacker doesn’t have access to any of your trusted devices, your iCloud account remains inaccessible.



A 2FA prompt on a Mac

2FA is standard for all new Apple devices. If you use an Apple device that doesn't use 2FA as a default, here's how to can enable two-factor authentication for iCloud:

On your iPhone, iPad, or iPod touch with iOS 9 or later:

  1. Go to Settings

  2. Click on your name to access Apple ID

  3. Tap Password & Security

  4. Tap Turn on Two-Factor Authentication


6. Don’t use unsecured wireless networks (and use a VPN)



The safest thing you can do is to avoid accessing the internet using these hotspots. Secured public Wi-Fi connections are safer, but you are still exposed to risks if you use them to access the cloud.

Use a good data plan with your carrier instead, and make sure your home WiFi network is secured.

If you do need Wi-Fi access on the go, invest in a Mi-Fi device, or consider using a VPN to protect your traffic. Bear in mind that using a VPN won't protect your device from other users on the network.

7. Use "Find My" to secure lost or stolen devices

Once activated, this option allows you to get in touch with your lost or stolen iPhone, or to remotely erase it. We’ve covered this in-depth here. You can essentially wipe the data on your iPhone until you recover it.

To wipe your data using "Find My":

  1. Go to the Find My app on a linked device

  2. Under Devices, select the device that is lost or stolen.

  3. Select Activate under Mark As Lost for that device.

  4. You can add a contact number to be used by anyone who finds your device.

Another benefit of this feature is that it prevents anyone else from using your iPhone if it's stolen. It can't easily be reactivated, so it's worth a lot less to a potential thief. You can also erase the data from your device using from the Find my app.

You can use "Find My" to protect and erase lost or stolen devices
You can use "Find My" to protect and erase lost or stolen devices

8. Enable "Erase Data" on your device

This is one of the most simple methods to prevent your phone from being attacked. If this option is enabled and somebody tries to guess your passcode, your iPhone will wipe itself after 10 failed attempts. Don't worry: this isn't something you're likely to do by accident. There's a long timeout between failed attempts. It'd take a serious attempt to have someone erase your phone.

To activate this feature:

  1. Go to Settings on your iPhone

  2. Tap Face ID & Passcode or Touch ID & Passcode

  3. Activate the Erase Data option

Erase data after 10 failed attempts

9. Use local iPhone backups instead of iCloud

If you do enable "Erase Data", you should also create regular backups. An iPhone backup won't protect your data, but it will ensure that you can access your data in the event of theft or loss. iCloud backups are convenient, but they're not end-to-end encrypted, meaning it's at least theoretically possible for them to be remotely accessed.

定期备份是如此重要,甚至还有一个世界备份日 。尽管有更多的了解,更好的习惯和更轻松的技术,但许多用户仍未创建常规备份。

我们写了一个全面的指南备份你的iPhone或iPad 在这里

如果收到“ iPhone备份失败 ”或“ iPhone未备份 ”消息,则不会备份手机,因此,如果丢失设备,则会丢失数据。

10. Sign out of iCloud on unused devices and browsers


To view and remove iCloud devices on your device:

  1. Go to Settings

  2. Click on your name to access Apple ID

  3. Scroll down to view the devices connected in your iCloud account.

  4. To remove a device, select it, then select Remove from account

  5. If you find and remove any devices you do not recognise, change your iCloud password.

To view and remove iCloud devices from a browser:

  1. Go to iCloud.com

  2. Sign in, then go to Settings

  3. Select My Devices

  4. Remove any devices you don't recognise or no longer use.

  5. If you find and remove any devices you do not recognise, change your iCloud password.


Check the devices associated with your iCloud account


If you logged in to iCloud on a computer that is not your own (such as a work computer or friend’s computer) and forgot to log out, you can log out remotely.

To sign out of iCloud remotely:

  1. Go to iCloud.com and log in with your username and password.

  2. Select Account Settings

  3. Scroll to the bottom of the screen to find the link that says Sign Out Of All Browsers

  4. Click it and you'll be signed out of all browsers on any device anywhere in the world where you are signed in to your iCloud account

Sign out other browsers

11. Turn off access to sensitive data for apps that don’t need it

To keep your data private you can also restrict access to apps that don’t need it, for example, access to your contacts, calendar, photos, etc.

To restrict access for apps on your device:

  1. Go to Settings

  2. Select Privacy

  3. Select one of the apps listed, such as Photos


Following these steps allows you to control which photos Chrome can access
Following these steps allows you to control which photos Chrome can access

12. Secure your lock screen

与流行的看法相反,Touch ID和Face ID不会使您的iPhone完全不可入侵。苹果公司推出FaceID之后不久,网络安全公司Bkav制作了能够解锁iPhone X印刷面具

通过Touch ID,Face ID或您的iPhone密码进行的锁屏攻击不是很常见,因为它们要求黑客与您的手机进行直接的物理接触,但这是最容易尝试的攻击,并且如果您的设备很可能成功配置不正确。



To deactivate access from the lock screen:

  1. Go to Settings

  2. Select Face ID and Passcode or Touch ID and Passcode

  3. Enter your iPhone passcode

  4. Scroll down to the bottom of the screen and disable access to Control Centre

Disabling access to controls from the lock screen
Disabling access to controls from the lock screen

We've disabled access to all controls from the lock screen because that's the safest approach. At a minimum, we recommend you remove lock screen access to all of the following:

  • Today View

  • Notification Centre

  • Control Centre

  • Siri

  • Reply with Message

  • Home Control

  • USB Accessories



1. Turn off "Personalised Ads"

Ad tracking is used by advertising networks to target ads to you. If you limit this, it restricts tracking of ads across apps. Well, apart from when Google bypass it.

To limit ad tracking on your iOS device:

  1. Go to Settings

  2. Select Privacy

  3. Scroll to the bottom of the screen and select Advertising

  4. Toggle to turn off Personalised Ads

您还可以Reset Advertising Identifier以删除已经编译并用于向您发送定向广告的数据的历史记录。

turn off Personalised Ads in Safari
turn off Personalised Ads in Safari

2. If you're a macOS user, consider pair-locking your iPhone

配对锁定需要一些技术知识,并且不适合所有人,因此我们在另一篇文章中对此进行了详细介绍 。简而言之,它可以防止您的iPhone与其他计算机交换数据。

3. Delete unwanted or sensitive content from Photo Stream or iCloud Photo library


4. Decrease the time until the iPhone locks itself



To decrease your phone's lock time:

  1. Go to Settings

  2. Scroll down and select Display & Brightness

  3. Select Auto-Lock and adjust the time available until the iPhone is locked.

The shortest interval of time is 30 seconds. Activate this option and confirm the action.

Time iPhone locked

5. Encrypt your locally saved data

如果您的计算机上有敏感数据,则最好对其进行加密。 Windows内置了BitLocker ,而Mac则具有FileVault 。两者都很棒-并且可以免费使用。打开它们。




As a company, data privacy and security are in our DNA. We built iPhone Backup Extractor to be compatible with all of Apple's security measures, and we're committed to ensuring our product is used by legitimate, ethical users. Stay safe!



我们的办公时间是格林威治标准时间周一至周五上午9点至下午5点。 时间目前是 9:50 AM的 GMT。




我们喜欢听取用户的意见:为什么不给我们发电子邮件,发表评论或发推文 @reincubate?

© 2008 - 2024 Reincubate Ltd. 保留所有权利。 在英格兰和威尔士注册 #5189175, VAT GB151788978. Reincubate®和Camo®是注册商标。 隐私政策 & 条款.