Categories
News security Software

Apple implements two-step authentication protocol for iCloud Web services

icloudicon

It’s a step in the right direction.

Or at least a step to make the iCloud user base feel more secure.

Per AppleInsider, Apple on Tuesday activated two-factor authentication for iCloud.com access, allowing only basic access to Find My iPhone for those opted-in to the security layer.

The authentication system now requires users to enter a dynamically generated code sent to a trusted device prior to gaining access to the service.

Apple first tested the extra layer of iCloud.com security in June, more than one year following the protocol’s introduction for Apple ID accounts in 2013.


In practice, iCloud.com two-step verification asks users logging in to provide both a password and a four-digit code, the latter of which is sent to a trusted device through text, iMessage or push notification. Apple ID owners can add trusted devices through the Apple ID management webpage.

Once a user is confirmed, all iCloud.com assets are unlocked until a user signs out or closes their browser window. Find My iPhone is left active by default, allowing users to remotely deactivate or wipe a trusted device that is stolen or lost.

At present, Apple’s implementation of two-factor iCloud.com authentication has effectively broken a number of forensics tools like ElcomSoft’s iCloud backup and password breaker programs. The tools were supposedly employed by nefarious users to garnish photos from celebrity devices, which were then disseminated on the Web earlier this month.

Stay tuned for additional details as they become available.

2 replies on “Apple implements two-step authentication protocol for iCloud Web services”

Comments are closed.