Apple’s security trumps Microsoft and Twitter, say feds

The US government has come out and said it: Microsoft and Twitter need to learn a thing or two from Apple’s security practices, which leave them in the dust.

ShanonG ShanonG
Feb 28, 2023 - 21:07
0 27
Apple’s security trumps Microsoft and Twitter, say feds

Alex Blake

By February 28, 2023 6:21AM

Apple has long held a reputation for rock-solid security, and now the U.S. government seemingly agrees after praising the company for its security procedures. At the same time, the feds have suggested Microsoft and Twitter need to pull their socks up and make their products much more secure for their users, according to CNBC.

In a speech given at Carnegie Mellon University, Cybersecurity and Infrastructure Security Agency Director Jen Easterly pointed to Apple as a company that took security and accountability seriously, and suggested other companies should take note.

Apple's Craig Federighi speaking about macOS security at WWDC 2022.

Easterly gave the example of Apple’s iCloud security practices, which enable multi-factor authentication (MFA) by default. As a result, 95% of iCloud users have MFA switched on, greatly improving security.

Multi-factor authentication means a unique code is sent to a separate device from the one that is attempting to log in, which can help to thwart hackers who may have gained access to a single device. Easterly said the high rate of iCloud MFA adoption was due to Apple’s proactive approach of “taking ownership for the security outcomes of their users.”

In contrast, Easterly said that companies like Microsoft and Twitter had much lower rates of MFA adoption (only 3% of users in Twitter’s case) and that this was “disappointing.”

‘Radical transparency’

Window's new Microsoft Security Experts program works to protect users from cybercrime using.Windows

Microsoft and Twitter received praise for at least disclosing how many of their users had MFA enabled, even if it didn’t look great for the companies involved. “By providing radical transparency around MFA adoption, these organizations are helping shine a light on the necessity of security by default,” Easterly explained. “More should follow their lead.”

That said, Twitter has just hidden SMS security authentication behind its Twitter Blue paywall, which could be seen as a backward step when it comes to making your Twitter account more secure. You can still enable Twitter MFA using a third-party authenticator app, though, which is more secure than SMS authentication anyway.

Aside from that, Easterly touched on the idea of new legislation, which should “prevent technology manufacturers from disclaiming liability by contract,” she said. Its goals should also include “establishing higher standards of care for software in specific critical infrastructure entities, and driving the development of a safe harbor framework to shield from liability companies that securely develop and maintain their software products and services.”

Apple’s security prowess doesn’t just come from its enabling MFA by default. Apps are sandboxed so they can’t access critical parts of the operating system, while Apple chips contain a secure enclave to handle sensitive data. It looks like those protections and more convinced the U.S. government that Apple was worth singling out for praise.

Today's tech news, curated and condensed for your inbox

Check your inbox!

Please provide a valid email address to continue.

This email address is currently on file. If you are not receiving newsletters, please check your spam folder.

Sorry, an error occurred during subscription. Please try again later.

Editors' Recommendations

LastPass reveals how it got hacked — and it’s not good news Apple’s second-generation VR headset is already in the works Microsoft is already expanding Bing Chat to Skype and phones Microsoft’s Bing Chat: how to join the waitlist now You could be creeped out by Bing Chat on the go soon
Read More