UPDATED 07:00 EDT / FEBRUARY 13 2015

Apple adds two-step authentication to iMessage and FaceTime, security expert says it’s not enough NEWS

Apple adds two-step authentication to iMessage and FaceTime, security expert says it’s not enough

imessageApple Inc. has rolled out two-step authentication to users of its messaging app, iMessage, and its video chat app, FaceTime, on iPhone, iPad and Mac. (via The Guardian)

Two-step authentication aims to protect users from hackers attempting to access their accounts and the information stored and shared via the apps. With two-step authentication in place, users log in with their username and password as per normal, but a second step kicks in asking users to enter a second security code to verify that they are the authorized account owner.

This extra layer of security was implemented for Apple’s iTunes and iCloud services in March 2013. Now it has been added to two more Apple services in an attempt to protect users.

“It’s really great to see Apple extending its two-step authentication to cover more services, particularly person-to-person communication services such as these, which have been so widely abused in the past (Facebook, Skype etc),” Rik Ferguson, vice president of security research at Trend Micro told The Guardian.

Even with the username and password for an account in hand, a hacker won’t be able to gain access without the additional security code.

However, while he welcomes the additional security, Ferguson said Apple could do more to protect its users from threats.

Two-step authentication vs. two-factor authentication

Two-step authentication sends a security code to a user’s mobile device via text message or an app, whereas two-factor authentication makes use of information the user knows, like a password, and something the user physically has, like a swipe card or even a fingerprint.

“Two-step authentication is simply two sets of something that you know,” said Ferguson.

According to Ferguson, a text-based password or security code does not depend on ownership of the device it is sent to, only on a user’s access to that device. As long as hacker’s have the ability to intercept or divert that message, two-step authentication can be undermined.

On Apple’s services two-step authentication sends the password or code via text to the account owner’s registered phone or via the Find My iPhone app. Users have the option to register additional phone numbers as a backup to the primary phone. In the event of emergencies, there is also a recovery key that can be used to log in instead of the security code.

Image via Apple Inc. 

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU