Apple adopts two-factor authentication
Apple has enhanced its identification procedure to give users of its iCloud, iTunes and App Store users extra protection from hackers.business Updated: Mar 23, 2013 15:52 IST
Apple has enhanced its identification procedure to give users of its iCloud, iTunes and App Store users extra protection from hackers.
The feature, which is initially being rolled out as an option in the US, UK, Ireland, Australia and New Zealand, will mean that when an Apple customer signs into their account to make a purchase or to change information, as well as providing their Apple ID password, they will have to enter a unique code in order to prove they really are the account holder. The unique code is sent via SMS to the user's registered mobile phone or can be sent via the Find My Phone app. This extra layer of protection should ensure that even if someone else has managed to get hold of a user's password, without also having their phone, the information is useless.
The system will replace the current system that prompts users to answer security questions when logging in from an unfamiliar IP address or when claiming to have lost their passwords. Security questions usually have answers that, thanks to the almost ubiquitous use of Facebook, are extremely easy to find -- as Scarlett Johansson discovered when her email account was unlawfully accessed and its contents laid bare on the internet. Hacker Christopher Chaney, who was sent to prison for 10 years in December for a stream of such attacks on celebrities, broke into accounts by simply clicking on the ‘forgot password' button and answering security questions such as "what was the name of your first pet?" or "what is your boyfriend's name?" -- information that, when it comes to Hollywood stars, is often in the public domain.
Two-factor authentication is not foolproof but it is one of the simplest and most effective methods of protecting internet users from security breaches. Google has employed the system on its Gmail accounts for a number of years and, following a recent spate of account hacks, Twitter is being urged by the online community to quickly follow suit.