iMessage just got secure: Apple expands iCloud two-factor authentication

2 Comments

Credit: Apple

Since the embarrassing revelation that iCloud’s two-factor authentication didn’t actually cover many of Apple’s online services, partially responsible for a rash of leaked celebrity photos last year, Apple has been gradually adding the security setting to many of its other services. On Thursday, users with iCloud’s two-factor authentication enabled will need to complete extra steps when logging into iMessage and FaceTime, the Guardian reported. The feature is rolling out now, but may not be available for your specific devices yet.

For users who have two-factor turned on, when you log into iMessage on a new iPhone or Mac, your Apple ID password won’t be enough to gain access. According to MacRumors, FaceTime and iMessage are using app-specific passwords, in which you generate a unique code on Apple’s website, instead of having a four-digit PIN texted to your device.

Now, a miscreant with your Apple ID password — possibly gained through phishing, other social engineering, or even a lucky guess — won’t be able to set up iMessage or FaceTime and pretend to be you without your phone. Because of the way iMessage uses encryption, simply logging into a new device doesn’t recover old iMessages, even before Apple turned on the new two-factor authentication.

If you don’t have two-factor turned on for your iCloud account, you should do it. Here’s Apple’s guide. After all, even if you’re not a celebrity, you don’t want to get hacked and have your life turned upside down.

This post was updated on 2/13 to clarify that iMessage and FaceTime are using app-specific passwords, and not two-factor authentication with a PIN code. 

 

2 Comments

Alex Smith

“Since the embarrassing revelation that iCloud’s two-factor authentication didn’t actually cover many of Apple’s online services, partially responsible for a rash of leaked celebrity photos last year”

1) If the Celebs were phished. There is no end to human gullibility. That isn’t what two factor authentication is there to prevent.

2) The celebs weren’t using Apple’s two factor authentication at all. So it wouldn’t have made a difference whether it would cover the photos or not.

3) If they had been using the two factor authentication, then it would have been covering the photos.

The only people with a reason to be embarrassed were the celebs themselves, and the press who misreported, and continue to misreport, the incident.

Bob

I just tried logging into FaceTime and I wasn’t promped for a PIN, I was prompted for an application specific password. That’s a very different thing. I don’t need a trusted device at all.

Comments are closed.