Apple has long been known for its rock-solid security, and the US government now appears to agree after praising the company’s security procedures. At the same time, according to CNBC, the feds have suggested that Microsoft and Twitter pull their socks up and make their products much more secure for their users.
In a speech at Carnegie Mellon University, Cybersecurity and Infrastructure Security Agency Director Jen Easterly cited Apple as an example of a company that took security and accountability seriously, and suggested that other companies should follow suit.
Easterly used Apple’s iCloud security practices as an example, which enable multi-factor authentication (MFA) by default. As a result, 95% of iCloud users have MFA enabled, significantly increasing security.
By sending a special code to a device other than the one that is trying to log in, multi-factor authentication can help frustrate hackers who may have acquired access to a single device. The high rate of iCloud MFA adoption, according to Easterly, is a result of Apple’s proactive strategy of “taking ownership for the security outcomes of their users.”
In contrast, Easterly saw it as “disappointing” because organizations like Microsoft and Twitter had far lower acceptance rates of MFA (just 3% of users in Twitter’s case).
‘Radical transparency’
Even though it didn’t look well for the firms concerned, Microsoft and Twitter were praised for at least revealing the number of their users that had MFA activated. According to Easterly, “these organizations are helping throw a light on the requirement of security by default by offering extreme transparency about MFA implementation. “More should imitate their example.”
However, Twitter recently moved SMS security authentication behind its Twitter Blue paywall, which can be viewed as a step backward in terms of increasing the security of your Twitter account. But, a third-party authenticator software, which is more secure than SMS authentication anyhow, can still be used to enable Twitter MFA.
In addition, Easterly mentioned the need for new legislation that would “prevent technology makers from disclaiming liability by contract,” as she put it. As part of its objectives, it should also “drive the development of a safe harbor framework to shield from liability enterprises that securely build and maintain their software goods and services” and “set greater standards of care for software in specified critical infrastructure entities.”
Apple’s security prowess stems from more than just the fact that MFA is enabled by default. Apple chips feature a secure enclave to manage sensitive data, while apps are sandboxed so they can’t access important components of the operating system. It appears that these safeguards and others persuaded the American government that Apple was deserving of special recognition.