NEWS
NEWS
NEWS
Apple adds two-step authentication to iMessage and FaceTime, security expert says it’s not enough
Apple Inc. has rolled out two-step authentication to users of its messaging app, iMessage, and its video chat app, FaceTime, on iPhone, iPad and Mac. (via The Guardian)
Two-step authentication aims to protect users from hackers attempting to access their accounts and the information stored and shared via the apps. With two-step authentication in place, users log in with their username and password as per normal, but a second step kicks in asking users to enter a second security code to verify that they are the authorized account owner.
This extra layer of security was implemented for Apple’s iTunes and iCloud services in March 2013. Now it has been added to two more Apple services in an attempt to protect users.
“It’s really great to see Apple extending its two-step authentication to cover more services, particularly person-to-person communication services such as these, which have been so widely abused in the past (Facebook, Skype etc),” Rik Ferguson, vice president of security research at Trend Micro told The Guardian.
Even with the username and password for an account in hand, a hacker won’t be able to gain access without the additional security code.
However, while he welcomes the additional security, Ferguson said Apple could do more to protect its users from threats.
Two-step authentication vs. two-factor authentication
Two-step authentication sends a security code to a user’s mobile device via text message or an app, whereas two-factor authentication makes use of information the user knows, like a password, and something the user physically has, like a swipe card or even a fingerprint.
“Two-step authentication is simply two sets of something that you know,” said Ferguson.
According to Ferguson, a text-based password or security code does not depend on ownership of the device it is sent to, only on a user’s access to that device. As long as hacker’s have the ability to intercept or divert that message, two-step authentication can be undermined.
On Apple’s services two-step authentication sends the password or code via text to the account owner’s registered phone or via the Find My iPhone app. Users have the option to register additional phone numbers as a backup to the primary phone. In the event of emergencies, there is also a recovery key that can be used to log in instead of the security code.
Image via Apple Inc.
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
