Apple Expands Two-Factor Authentication to Accounts

Apple Expands Two-Factor Authentication to Accounts

Posted by · 7358 views · Translate

After initially rolling out the feature back in June, Apple has expanded two-factor authentication for more accounts. Two-factor authentication adds an extra layer of security to iCloud applications including mail, contacts, calendar, notes, reminders and iWork web apps.

Apple's two-factor authentication requests a user to enter a verification code that is sent to the user's iOS device before they can use iCloud web applications. Find My iPhone is the only app that does not require a verification code in the event that a device gets lost and you can't access it.

This extra security feature comes weeks after numerous celebrities saw their iCloud accounts hacked exposing sensitive information such as private photos.

Apple has added a 'remember this browser' toggle so that you must only enter a verification code once. Two-factor authentication is slowly rolling out to iCloud accounts, so you may not see it just yet.

Apple first rolled out two-factor authentication in March of last year in the United States. It later launched the extra layer of security in Australia, Ireland, New Zealand and the U.K, Canada, France, Germany, Italy, Japan and Spain.

via MacRumors

Apple Expands Two-Factor Authentication to Accounts

Hitoshi Anatomi - September 19, 2014 at 3:05am
2 is larger than 1 on paper, but two weak boys in the real world may well be far weaker than a toughened guy. Physical tokens and phones are easily lost, stolen and abused. Then the password would be the last resort. It should be strongly emphasized that a truly reliable 2-factor solution requires the use of the most reliable password. By the way, I wonder how many people are aware that biometrics operated with a password in the OR/disjunction way (as in the case of Apple’s Touch ID) offers a lower security than when only the password is used. Media should let this fact be known to the public lest consumers should be misguided. It is very worrying to see so many people being utterly indifferent to the fundamental difference between AND/conjunction and OR/disjunction when talking about “using two factors together”. Biometrics can theoretically be operated together with passwords in two ways, (1) by AND/conjunctiion or (2) by OR/disjunction. I would appreciate to hear if someone knows of a biometric product operated by (1). The users must have been notified that, when falsely rejected with the device finally locked, they would have to see the device get reset. Like other biometric products, Touch ID is operated by (2) so that users can unlock the phones by passcodes when falsely rejected, which means that the overall vulnerability is the sum of the vulnerability of biometrics and the vulnerability of a password. It is necessarily larger than the vulnerability of a password, say, the devices with Touch ID are less secure than the phones protected only by a password. As for an additional vulnerability unique to biometrics, you may refer to Needless to say, so-called 2-factor systems with a password remembered as the first factor and something possessed as the second factor are generally operated by (1), providing raised security at the sacrifice of lowered convenience.