Move should lead to fewer Mat Honan-type iCloud hacks
Apple has opened up the option of two-factor authentication for its online services, bringing an additional layer of protection for its customers.
The iPhone maker was caught up in a security storm last year, when writer Mat Honan had his iCloud account compromised and all of his devices wiped.
The hacker was able to access the account by calling up AppleCare and, having acquired certain details about Honan elsewhere, duping them into handing over the keys to his iCloud Apple subsequently stopped letting users reset passwords over the phone.
Apple has now added two-factor authentication (2FA), which users can sign up to by going into the “Manage your Apple ID” section of the appleid.apple.com site. In the “Password and Security” section, there is a 2FA option, which users can click through to set it up.
It is standard 2FA, in which Apple sends unique codes every time a purchase is made, which users are asked to type in after their password. There is also a 14-digit recovery key, used to regain access to accounts if they are hacked or passwords are forgotten, Apple noted in its support page.
Security expert Troy Hunt said addition of 2FA was a “very good thing given the value of the data they’re protecting”.
“The Honan situation was your worst case scenario but I bet you it wasn’t the only incident. The complete iCloud backups are probably the biggest risk – imagine being able to restore someone’s entire iDevice with nothing more than a password,” he told TechWeekEurope.
“The other thing is that it paves the way for Apple to deliver even more through their services. This could even be a pre-emptive strike for services we’re yet to see.”
Are you a security expert? Try our quiz!