CIO Today HOME LATEST NEWS NEWSLETTERS SEARCH Search
  LATEST NEWS FOR WEDNESDAY FEBRUARY 22

Close Search Box
CIO Today
NETWORK SECURITY
Two-Step Authentication Security Offered for Apple ID
Posted March 22, 2013
Two-Step Authentication Security Offered for Apple ID
Next Story
EARLIER
Trojan Malware Targets Macs on the Web
THIS STORY
Two-Step Authentication Security Offered for Apple ID
Next Story
LATER
Biggest DDoS Attack Ever Hits Internet
YOU ARE HERE:   HOME arrow NETWORK SECURITY arrow THIS STORY
NEWS OPS

By Adam Dickter. Updated March 22, 2013 2:02PM

SHARE

ALSO SEE

It may soon be harder for bad guys to order apps, e-books, songs or old episodes of Mad Men on iTunes using your account, if you take advantage of Apple's new two-step authentication option.

Once you have turned on the feature, purchasers must first send a special code to their phone and then input that code with the purchase. If the would-be hacker or thief doesn't have your device or access to e-mail, he or she is out of luck.

'As Secure as Possible'

The option is often used by banks or credit cards, and not optionally, when someone tries to access an account from a device that has never been used before by that customer. Typically options include sending the code via automated phone call, text or e-mail. Apple ID will only send the code via the Find My iPhone feature or text message.

"Your Apple ID is the key to many important things you do with Apple, such as purchasing from the iTunes and App Stores, keeping personal information up-to-date across your devices with iCloud, and locating, locking, or wiping your devices," Apple writes on its Apple ID FAQ list. "Two-step verification is a feature you can use to keep your Apple ID as secure as possible."

In addition to blocking purchases, the two-step feature also prevents unauthorized persons from managing accounts, including changing passwords, or accessing support for Apple ID. Designated devices are set up beforehand and if they are all somehow lost, you can use a 14-digit recovery key to regain access to your account.

Tech companies are increasingly responding to the need to safeguard user accounts as hackers run amok. Google also uses two-step authentication for its user accounts. Last month, after Twitter reset the passwords of thousands of accounts it said were likely compromised, the company placed a help-wanted ad on the Jobs section of its home page seeking experts in product security specializing in two-factor identification (2FA).

A 2FA system combines a password with another obstacle, such as a security question or an image that the user must recognize. They are also routinely used by banks and credit card companies, but social media may be slow in implanting them since it slows logging in.

With Apple, perhaps the world's most prominent consumer tech company, taking a lead role in increasing authentication, others may soon follow suit.

Fingers Crossed

"Hopefully more and more companies are going to roll out similar systems in the future," said Graham Cluley, a senior consultant at Sophos International. "It makes it harder for people to crack into your account.

"By making a physical device (the mobile phone) an essential part of the verification process -- a hacker doesn't just need to know the name of your first pet, or the first album you ever bought, to unlock your passport. They will need access to your mobile phone."

If a hacker happens to be in the other side of the world in, say, China, he told us, "that makes things much trickier."

Tell Us What You Think
Comment:

Name:

MORE IN NETWORK SECURITY

Next Article >

NETWORK SECURITY SPOTLIGHT
This Spotlight
Is Brought to You By:

INSIDE CIO TODAY NETWORK SITES SERVICES BENEFITS