NEWS
NEWS
NEWS
Apple adds two-step authentication to iMessage and FaceTime, security expert says it’s not enough
Apple Inc. has rolled out two-step authentication to users of its messaging app, iMessage, and its video chat app, FaceTime, on iPhone, iPad and Mac. (via The Guardian)
Two-step authentication aims to protect users from hackers attempting to access their accounts and the information stored and shared via the apps. With two-step authentication in place, users log in with their username and password as per normal, but a second step kicks in asking users to enter a second security code to verify that they are the authorized account owner.
This extra layer of security was implemented for Apple’s iTunes and iCloud services in March 2013. Now it has been added to two more Apple services in an attempt to protect users.
“It’s really great to see Apple extending its two-step authentication to cover more services, particularly person-to-person communication services such as these, which have been so widely abused in the past (Facebook, Skype etc),” Rik Ferguson, vice president of security research at Trend Micro told The Guardian.
Even with the username and password for an account in hand, a hacker won’t be able to gain access without the additional security code.
However, while he welcomes the additional security, Ferguson said Apple could do more to protect its users from threats.
Two-step authentication vs. two-factor authentication
Two-step authentication sends a security code to a user’s mobile device via text message or an app, whereas two-factor authentication makes use of information the user knows, like a password, and something the user physically has, like a swipe card or even a fingerprint.
“Two-step authentication is simply two sets of something that you know,” said Ferguson.
According to Ferguson, a text-based password or security code does not depend on ownership of the device it is sent to, only on a user’s access to that device. As long as hacker’s have the ability to intercept or divert that message, two-step authentication can be undermined.
On Apple’s services two-step authentication sends the password or code via text to the account owner’s registered phone or via the Find My iPhone app. Users have the option to register additional phone numbers as a backup to the primary phone. In the event of emergencies, there is also a recovery key that can be used to log in instead of the security code.
Image via Apple Inc.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
