Home / News / Internet News / Apple adds two-factor authentication for iCloud.com

Apple adds two-factor authentication for iCloud.com


iCloud.com now asking for ID verification

Apple has boosted the security for the iCloud.com web portal, by requesting users switch to the two-factor authentication system.

In light of the recent embarrassing celebrity iCloud hack (both for Apple and the victims) the firm is making good on its promise to make it more difficult for unauthorised parties to gain access to accounts.

As a result, the company is now asking users to enter a verification code on the iCloud.com website. That code is sent via a notification to one of the users ‘trusted’ devices.

Until the verification code has been entered, iCloud.com visitors will be able to log in, but cannot access apps like Mail, Contacts, Calendar, Reminders, Pages, Numbers and Keynote. For obvious reasons, access to the Find My iPhone security tool does not require the ID to be verified.

Two-factor authentication was introduced last year as a means of beefing up security for iTunes accounts. Users were asked to verify their IDs using a secondary device in order to protect iTunes, App Store and iBooks purchases. If they change their iTunes password, a verification code is sent to the trusted device to ensure it’s really them.

The rollout for iCloud.com comes a week after Apple began sending emails to users anytime their accounts were accessed from a web browser. The firm is asking users to ignore those emails if the logins are legitimate, but advises users to instantly change passwords if they do not recognise the attempt.

Apple recently blamed weak passwords and security questions of the victims for the hacks, which led to the personal photos of over 100 female celebrities being leaked online.

Do the new measures make you feel better about storing personal information on iCloud? Share your thoughts below.

Read more: iCloud Drive vs Google Drive vs Dropbox vs OneDrive

Via: MacRumors

Hitoshi Anatomi

September 19, 2014, 2:59 am

2 is larger than 1 on paper, but two weak boys in the real world may well be far weaker than a toughened guy. Physical tokens and phones are easily lost, stolen and abused. Then the password would be the last resort. It should be strongly emphasized that a truly reliable 2-factor solution requires the use of the most reliable password.

By the way, I wonder how many people are aware that biometrics operated with a password in the OR/disjunction way (as in the case of Apple’s Touch ID) offers a lower security than when only the password is used. Media should let this fact be known to the public lest consumers should be misguided.

I am very worried to see so many people being utterly indifferent to the fundamental
difference between AND/conjunction and OR/disjunction when talking about “using
two factors together”.

Biometrics can theoretically be operated together with passwords in two ways, (1) by
AND/conjunctiion or (2) by OR/disjunction. I would appreciate to hear if someone knows of a biometric product operated by (1). The users must have been notified that, when falsely rejected with the device finally locked, they would have to see the device get reset.

Like other biometric products, Touch ID is operated by (2) so that users can unlock the
phones by passcodes when falsely rejected, which means that the overall vulnerability is the sum of the vulnerability of biometrics and the vulnerability of a password. It is
necessarily larger than the vulnerability of a password, say, the devices with Touch ID are less secure than the phones protected only by a password.

As for an additional vulnerability unique to biometrics, you may refer to

Needless to say, so-called 2-factor systems with a password as the first factor and something possessed as the second factor are generally operated by (1), providing raised security at the sacrifice of lowered convenience.

comments powered by Disqus