A few weeks ago Apple opened up "Enhanced Security". This lets you end to end encrypt *most* but not all of your iCloud data. I think the safest way to use iCloud is to not use it at all, but if you're going to use it, enhanced security is the way to go. Unfortunately this means generating a backup key, and having to take custody of it yourself. What that means is if you lose your key, you lose your data.
The big problem with icloud is if you back up to icloud your icloud back ups are not end to end encrypted w/o enhanced security turned on. In that case anyone who gains access to your icloud data, including Apple can access everything on your phone including your imessages, all of your location data, and sensitive photos you may have stored on your device.
In 16.3 you can now enable a security key as your 2nd Factor for logging in. I discussed this in a previous post, but a security key is a physical key for your digital life. Rather than approving adding a new device by receiving a code on a device you've already approved, you'll have to tap a physical key against your device. This means to access icloud, or your apple account, an attacker will need more than your phone, they'll also need the key, which will be stored away from your phone.
To set it up you'll need two FIDO equipped keys, one is a primary, the other is a backup. I use Yubico 5 series NFC enabled keys. If you want more info on how to set it up, I'd recommend using DuckDuckGo to search foe a tutorial.
I'm just a regular 30+ dude of average health. I skipped the vaccine and all the boosters and I haven't worn a mask since the public health order ended. The only thing I've done to protect myself against covid is avoid crowded indoor places, and take vitamin D gummies. I respect covid, I do not want to get it, but I also think that it's here to stay and that eventually my time will come, but for some reason, to date I've never had it. In fact I haven't had so much as a sniffle in 3 years.
As to why I haven't caught it yet, I'm not sure. I think avoiding indoor crowds has been a big part of it. My risk
is pretty low, I'm not unhealthy but I'm not super healthy either. My lifestyle has some factors that I think help reduce the risk even further. I don't drink alcohol and alcohol ruins sleep, sleep is really important for the immune system, so my sleep is usually pretty good. I take melatonin, aspirin, vitamin D, xylitol, NAC, marshmallow root, and quercetin regularly. All of these have at least some evidence of reducing the risk of infection or severe outcomes, and I do exercise fairly regularly.
At this point, I hesitate to say not taking the vaccine has helped me even though personally, I do believe it, and there is some evidence to support my belief but it's definitely not a proven fact. I can at least say making this choice hasn't harmed me or anyone else because I've never had it or given it to anyone, and the vaccine does not stop infection or transmission. While I also don't think I'll be able to avoid it forever, it's been odd having to go through all of these rituals in the last 3 years to never have gotten sick. I feel sort of stuck. I think everybody does. People seem to either live in fear or denial. I don't feel afraid, but I try to stay aware of the reality that covid is here to stay and that it's a novel virus, which means we don't know what it does to people over time. Maybe it's harmless, maybe it causes irreversible damage that slowly leads to premature aging, heart disease, cancer, autoimmune disease and death. Only time will tell. In the meantime, I'll stick to my same old routine of vitamin d gummies, baby aspirin, and sleeping in.
The Yubikey is a security tool which is used as a secure 2nd Factor for online accounts. Securing accounts with 2FA is always a good idea. Once enabled, your accounts require both a username, password, and a 2nd factor like a one time password (OTP). In the case of a security key, you need to physically insert or tap your yubikey into or against your NFC enabled device.
Many people are familiar with using 2FA via an SMS code that is texted to your device. This is a better method than SMS. People who use SMS for one time passwords often find themselves the targets of sim swap attacks. In this scenario, an attacker ports your phone number to their cell phone, and is then able to receive your 2FA codes.
With authenticator apps like Google Authenticator or Authy, you eliminate the risk associated with sim swaps but now your phone is the physical key to unlocking your online accounts. For this reason, phones are often the target of thieves, and if your phone is lost or damaged, you may permanently lose access to your accounts secured with the authenticator app on your phone.
By using an a physical security key, you can create backup keys and physically separate your 2nd factor from your phone.
Using a security key also eliminates the risk of phishing and social engineering because the security key must be inserted into a USB slot or read via NFC (near field communication, the same way you tap to pay).
No matter which way you enable 2FA, it's much more secure than not using it at all. An authenticator app like Authy is nearly as secure as using a Yubikey.
Accounts you should consider securing with 2FA include email accounts, social media accounts and financial accounts, and your Apple or Google account.