Apple debuts two-factor authentication to protect against hackers

Apple is introducing two-factor authentication (2FA) for iCloud and other services to protect users from hackers trying to access their accounts

Apple is to introduce two-factor authentication (2FA) for iCloud and other services to help protect users from hackers trying to access their accounts.

This means even if hackers are able to steal or guess usernames and passwords, they will not be able to access accounts without being in possession of the mobile phone linked to the account.

Hackers will also not be able to use the classic technique of requesting a password resets without being in possession of the mobile phone that provides the second factor of authentication.

Once implemented, the system will allow account changes only with the one-time-password (OTP) or verification code sent to the phone.

Users will also be issued with a backup code in case they lose their mobile phone or they are unable to receive the OTP because of a lack of coverage.

PayPal in the UK introduced the option of 2FA in 2009 in partnership with VeriSign to give users greater protection when making online purchase by using an OTP.

Google introduced a 2FA security feature for Google email accounts in 2011 after it announced two-factor authentication for its Google Apps customers the year before.

The 2FA system will replace the flawed security questions that often rely on information about people that is publicly available, such as where they went to school.

However, the new system will not prevent children from spending large amounts of money on devices where they already have the password, according to the Guardian. This can be prevented only by changing settings on the device.

The weakness in single password security was highlighted last year when hackers accessed several online accounts of journalist Mat Honan, after guessing his Apple email and resetting his password.

Apple said: "Apple takes customer privacy very seriously and two-step verification is an even more robust process to ensure our users' data remains protected. We are now offering our users the choice to take advantage of this additional layer of security."

The service will initially be available only in the US, UK, Australia, Ireland and New Zealand.

Read more on Privacy and data protection

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...