The good news for Apple fans is that the Cupertino technology giant issued a serious security upgrade yesterday by adding two-factor authentication to its users’ Apple ID accounts. The bad news is that Apple, once considered a vanguard among the big tech companies, is a cool two years behind the trend on this one.
For those of you that don’t know already, Apple ID is essentially the central profile around which users can access the account settings to the various devices they own and Apple services they use.
The new security mechanism, which you have to set up here because it is not enabled by default is not enabled by default. It will require you to verify your identity using a “trusted device” before you can make changes to your account or make an iTunes or App Store purchase from a new device. So, you enter your Apple ID and password in the login field of whichever service you are trying to access, Apple then sends a four digit verification code to the device you established as the “trusted” one, and you go ahead and enter that code into the specified field on your browser.
“When you set up two-step verification, you register one or more trusted devices. A trusted device is a device you control that can receive 4-digit verification codes using either Find My iPhone notifications or SMS to verify your identity.” Apple explained in a support article introducing the new feature.
Of course, two-factor verification is a nice security feature for all kinds of services (not just Apple), but it isn’t perfect. Any two-factor system that relies on sending numeric codes to users via SMS, the protocol that most mobile devices use to send text messages, will only work for users that physically have access to their phone, which in turn must have cellular service in order to receive the code. So if you lose your phone or you are trying to logon from area with poor cellular service you can forget about two-factor, because you won’t be able to authenticate or log into your account at all.
Apple has, however, built a pretty solid safety net into its two-factor system. When you sign-up for it, Apple sends you a recovery key that you can use as the second factor of authentication to access your accounts if you do happen to lose your phone or find yourself on the top of a cellular service-less mountain.
As alluded to in the opening paragraph, Google and Facebook have had two-factor verification systems in place for a few years now and they provide very solid security coverage for your accounts so long as you can count on yourself not to lose your phone.