Apple Adds Two-Step Security To iMessage, FaceTime

Apple has added two-step authentication to the iMessage instant messaging service and the FaceTime mobile video telephony application, as a measure to improve security.

Apple previously prompted users to sign up for the authentication method, which requires users to enter a four-digit code sent to a mobile device in addition to a standard username and password, if they signed in to managed an Apple ID account, signed into the iCloud remote storage service from a new device or at iCloud.com, made purchases from iTunes, iBooks or App Store from a new device or requested Apple ID-related support from Apple.

“Your Apple ID is the key to many things you do with Apple,” the company said in documentation for the feature. “Two-step verification is a feature you can use to keep your Apple ID and personal information as secure as possible.”

The technique replaces other security methods used by Apple, such as creating a series of security questions.

It isn’t as strong as full two-factor authentication, which typically involves the use of a physical token such as a PIN-generating device or a personal item such as fingerprint, but it does provide additional security, according to industry observers.

Banks have made use of two-factor authentication for several years, but online services such as those operated by Apple, Google, Facebook or Yahoo typically use two-step authentication such as a SMS code or a code-generating smartphone application.

Log-in code

Apple’s scheme requires users to register at least one device capable of receiving SMS messages; each time a log-in is needed, the user must enter a code sent to the device.

Users can register more than one device, and are also given a 14-digit code to print out that can be used to access the service in case the registered devices are lost or stolen.

Apple’s security measures were subjected to scrutiny after its iCloud service was said to have been involved in last year’s publication of compromising celebrity photos.

Apple later said the service had been accessed via a “very targeted attack”, which was not the result of a vulnerability in iCloud itself, and promised more “human” security measures to help protect the service.

Are you a security pro? Try our quiz!