Apple tightens account security with two-factor authentication

After Wired writer Mat Honan was hacked last year, Apple and Amazon amended their security practices to close some loopholes. Now, Apple has added two-factor authentication: an additional layer of security which works by combining something a user knows with something they have.

|
Petar Kujundzic/Reuters/File
Apple introduced two-factor authentication to iCloud accounts this week, adding an additional layer of security against hacking attacks. Here, people walk past an Apple logo at a shopping center in central Beijing.

Eight months ago, Wired writer Mat Honan's iCloud account was hacked. By exploiting some loopholes in Apple's and Amazon's security practices, the hackers were able to remotely wipe Honan's iPhone, iPad, and Macbook, and take over his Twitter and Google accounts as well. Mr. Honan's story spread, and in response to the concerns of other users Apple and Amazon quietly took measures to increase their security.

This week, Apple introduced two-factor authentication to iCloud, adding an additional layer of security that addresses some of the lingering flaws exposed by the Honan hack. 

Two-factor authentication works by requiring both something you know, and something you have, before you can get into an account. Right now iCloud accounts require only a password, which is backed up by security questions (think of standards like "What was your mother's maiden name?"). Two-factor authentication introduces a device -- like a phone or tablet -- into the equation. When someone tries to access an account from an unrecognized device, Apple sends a verification code to that account's "trusted" device, and the code must be entered in order to open the account. In theory, hackers can't get in without having physical access to the trusted device.

If you're interested in setting up two-factor security (and live in the US, UK, Ireland, Australia, or New Zealand), you can head over to the Apple ID site and click on the "Password and Security" tab. Once you've identified your "trusted device," you're pretty much set. Two-factor authentication does away with security questions, which in and of itself probably makes your account safer -- since, in many cases, those questions can be answered based on publicly-available information.

Two-factor authentication is becoming more popular as a security measure: Google, Facebook, Twitter, and many other services all have two-step security options, although they're implemented slightly differently by different companies.

In Apple's case, the authentication code is sent either by text message to a particular phone number, or to the Find My iPhone app, if it's installed. When you set up two-factor authentication the first time, you'll get a recovery key that can be used to access your account in case you forget your password. That's important, since once two-factor security is installed Apple can no longer reset your password for you. (Depending on how you view it, that might actually be an upside: Apple's ability to reset passwords was a key part of the hack that Mat Honan suffered.)

Do you have two-factor security on any of your accounts? Do you feel it's kept your information safe? Share your stories in the comments section below.

For more tech news, follow Jeff on Twitter@jeffwardbailey.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Apple tightens account security with two-factor authentication
Read this article in
https://www.csmonitor.com/Technology/Horizons/2013/0322/Apple-tightens-account-security-with-two-factor-authentication
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe