Apple has long held a reputation for rock-solid security, and now the U.S. government seemingly agrees after praising the company for its security procedures. At the same time, the feds have suggested Microsoft and Twitter need to pull their socks up and make their products much more secure for their users, according to CNBC.
In a speech given at Carnegie Mellon University, Cybersecurity and Infrastructure Security Agency Director Jen Easterly pointed to Apple as a company that took security and accountability seriously, and suggested other companies should take note.
Easterly gave the example of Apple’s iCloud security practices, which enable multi-factor authentication (MFA) by default. As a result, 95% of iCloud users have MFA switched on, greatly improving security.
Multi-factor authentication means a unique code is sent to a separate device from the one that is attempting to log in, which can help to thwart hackers who may have gained access to a single device. Easterly said the high rate of iCloud MFA adoption was due to Apple’s proactive approach of “taking ownership for the security outcomes of their users.”
In contrast, Easterly said that companies like Microsoft and Twitter had much lower rates of MFA adoption (only 3% of users in Twitter’s case) and that this was “disappointing.”
‘Radical transparency’
Microsoft and Twitter received praise for at least disclosing how many of their users had MFA enabled, even if it didn’t look great for the companies involved. “By providing radical transparency around MFA adoption, these organizations are helping shine a light on the necessity of security by default,” Easterly explained. “More should follow their lead.”
That said, Twitter has just hidden SMS security authentication behind its Twitter Blue paywall, which could be seen as a backward step when it comes to making your Twitter account more secure. You can still enable Twitter MFA using a third-party authenticator app, though, which is more secure than SMS authentication anyway.
Aside from that, Easterly touched on the idea of new legislation, which should “prevent technology manufacturers from disclaiming liability by contract,” she said. Its goals should also include “establishing higher standards of care for software in specific critical infrastructure entities, and driving the development of a safe harbor framework to shield from liability companies that securely develop and maintain their software products and services.”
Apple’s security prowess doesn’t just come from its enabling MFA by default. Apps are sandboxed so they can’t access critical parts of the operating system, while Apple chips contain a secure enclave to handle sensitive data. It looks like those protections and more convinced the U.S. government that Apple was worth singling out for praise.
