Apple Applauded For Adding Two-Factor Authentication To iCloud

Apple has opened up the option of two-factor authentication for its online services, bringing an additional layer of protection for its customers.

The iPhone maker was caught up in a security storm last year, when writer Mat Honan had his  iCloud account compromised and all of his devices wiped.

The hacker was able to access the account by calling up AppleCare and, having acquired certain details about Honan elsewhere, duping them into handing over the keys to his iCloud   Apple subsequently stopped letting users reset passwords over the phone.

Two-factor authentication arrives

Apple has now added two-factor authentication (2FA), which users can sign up to by going into the “Manage your Apple ID” section of the appleid.apple.com site. In the “Password and Security” section, there is a 2FA option, which users can click through to set it up.

It is standard 2FA, in which Apple sends unique codes every time a purchase is made, which users are asked to type in after their password. There is also  a 14-digit recovery key, used to regain access to accounts if they are hacked or passwords are forgotten, Apple noted in its support  page.

Security expert Troy Hunt said addition of 2FA was a “very good thing given the value of the data they’re protecting”.

“The Honan situation was your worst case scenario but I bet you it wasn’t the only incident. The complete iCloud backups are probably the biggest risk – imagine being able to restore someone’s entire iDevice with nothing more than a password,” he told TechWeekEurope.

“The other thing is that it paves the way for Apple to deliver even more through their services. This could even be a pre-emptive strike for services we’re yet to see.”

Are you a security expert? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago