There is always a fine balance between security and usability. Apple was strongly criticized because of the iCloud selfie breach, and Tim Cook announced that the company would be implementing new security procedures.
As of today, one of them is live: if you sign into iCloud on the web, you’ll get an email:
This is interesting, but is it useful? First, if you get one of these every time you sign into iCloud on the web, it’ll just be a bother. Sure, if you didn’t sign into iCloud, you can reset your password, but too much security hampers usability. People will, over time, get tired of these messages and just delete them.
And, what if I just accessed iCloud around the same time someone broke into my account? Will I get two emails? Or will I just assume that the email I get is for my access?
In any case, by the time you get the email, it might be too late.
As my friend and editor Michael Cohen pointed out:
“Of course, if someone DID sign into your iCloud account via a Web browser, that person would see the email, too and could reset your password, locking you out! Unless you use 2-factor authentication; then it might be harder to do the last.”