Your Apple ID is the email address and password you use to sign in to Apple services including iCloud, the App Store, the iTunes Store and more. Apple takes the privacy of your personal information very seriously and employs industry-standard practices to safeguard your Apple ID. Some of these practices are outlined below for your information. When using your Apple ID and any Internet account, there are also some best practices you can follow to maximize the security of your account.
How Apple keeps your account secure
Apple policy requires you use strong passwords with your Apple ID. Your password must have a minimum of 8 characters, not contain more than 3 consecutive identical characters, and include a number, an uppercase letter, and a lowercase letter.
You can also add extra characters and punctuation marks to make your password even stronger.
Using a strong password is the most important thing you can do to help keep your account secure. If you aren’t sure if you have a strong password, visit your Apple ID account page to reset your password as soon as possible.
Apple uses security questions to provide you with a secondary method to identify yourself online or when contacting Apple Support. Security questions are designed to be memorable to you but hard for anyone else to guess. When used in conjunction with other identifying information, they help Apple verify that you are the person who is requesting access to your account. If you haven't selected your security questions, visit your Apple ID account page to set them up.
Apple offers an optional security enhancement for your Apple ID called two-step verification. Two-step verification requires you to verify your identity using one of your devices before you can make changes to your account information at your Apple ID account page, sign in to iCloud, or make an iTunes, App, or iBooks Store purchase from a new device.
Starting this fall, Apple will offer an improved security method called two-factor authentication designed to ensure all the photos, documents, and other important data you store with Apple can be accessed only by you, and only with your devices. When you enter your Apple ID and password for the first time on a new device, we’ll ask you to verify your identity with a six-digit verification code. This code is displayed automatically on your other devices, or sent to a phone number you trust. Just enter the code to sign in and access your account on the new device.
Two-factor authentication is built right in to iOS 9 and OS X El Capitan. It will gradually be made available to users who meet the system requirements on all the devices they use with their Apple ID.
Encryption and SSL
All web pages where you can view or change your Apple ID utilize Secure Sockets Layer (SSL) to protect your privacy. Look for the lock icon in your browser when accessing your account at your Apple ID account page to know your session is fully encrypted and secure.
Employee privacy and security policies
In addition to strong passwords, encryption, and other technology, Apple has strict policies and procedures in place to prevent unauthorized access to your account. Without proof of your identity via security questions and other carefully selected criteria, Apple Support can't help you reset a password or perform any other actions on your account. These policies are audited and reviewed on a regular basis.
Other tips for keeping your account secure
Good online security requires a combination of good practices by companies using Internet services and informed behavior by users. Below are some good rules to follow to maximize your security when using your Apple ID and other online accounts.
- Always use a strong password.
- Avoid using your Apple ID password with other online accounts.
- Change your password regularly, and avoid reusing old passwords.
- Don’t share your password with anyone, even family members.
- Never send your password or any private account information over email.
- Choose security questions and answers that cannot be easily guessed by someone else. To be even more secure, your answers can even be nonsense as long as you can remember them. For example, Question: What is your favorite color? Answer: Mozart.
- Add a rescue email address to your Apple ID.
- Avoid phishing scams. Don’t click on links in suspicious email messages, and don’t provide personal information on any website you aren’t certain is legitimate.
- If you suspect that someone knows your Apple ID username and password, change your account password immediately.
- When using a public computer, always sign out when your session is complete to prevent other people from accessing your account.
- If you abandon an email address associated with your Apple ID, be sure to update your Apple ID with a current email address. Some Internet service providers may reissue abandoned email addresses to new customers.
Internet Service Providers, including mobile carriers, may reissue email addresses. If at any time you stop using an email address associated with your Apple ID, be sure to update your Apple ID with a current email address.
If your account information has been compromised, select the appropriate resource below for assistance.