3. Separating your iTunes and iCloud passwords
Like most people, I have too many passwords to remember, and the differing rules for what constitutes an acceptable password at every site and service makes it even harder to remember which goes where, especially as I use multiple devices during my day, each of which stores passwords (or not) differently. (I rely on the Forgot My Password feature a lot at sites I visit infrequently.)
Despite the hassle, I strongly recommend you use separate passwords for iCloud and iTunes. By default, Apple has you use your Apple ID -- your iTunes password -- as your iCloud ID. That makes it easier to remember how to log in to all of Apple's services: iTunes Store, the App Stores (Mac and iOS), Apple Store (for hardware), iBookstore, Find My Friend, Find My Phone, iCloud email, and so on. It also means if someone discovers your Apple ID and password that all those services are available to that person -- a really big deal considering that your credit cards are linked to several services. A thief could quickly spend thousands of dollars on purchases and redirect all your accounts to his or her address. I know -- it happened to a friend.
The unified account gets scarier if you share that Apple ID and password with third-party online services, such as with the Android app that lets Android devices participate in iCloud syncing. Those services are handy, but now one of your key access methods is shared with companies you don't really know.
The solution to the iCloud/iTunes dilemma is to set up separate Apple IDs: one for iCloud and one for iTunes. If you already share an Apple ID across both, create a new Apple ID, and switch your iCloud settings to the new ID. Just be sure to have copied and synced all iCloud-stored data to your local devices so that you can them transfer them to the new iCloud account when you switch to that in your various settings.
Although it's a pain to have two Apple IDs, the reality is that most services save your credentials once you log in, so you're not entering them very often. But if one Apple ID is lost or stolen, you have a decent chance of limiting the damage to just iTunes or just iCloud.
Apple could do more in its account approach to give third-party access without requiring you give up all of your credentials, to add second-factor authentication, to allow for mulituser accounts, and to provide subaccounts so that not all services use the same credentials even if linked to the same master user. Until it does, you can minimize the risk by following the steps here.
This article, "3 easy steps to a more secure iPhone or iPad," was originally published at InfoWorld.com. Read more of Galen Gruman's Mobile Edge blog and follow the latest developments in mobile technology at InfoWorld.com. Follow Galen's mobile musings on Twitter at MobileGalen. For the latest business technology news, follow InfoWorld.com on Twitter.