Security experts applaud Apple's new two-factor authentication
There's no evidence that Apple is using such an approach, Storms acknowledged, but it could. "They own the infrastructure [for Find My iPhone] on the server side, the client side, the application, and so on," he noted.
Apple also took customer service out of the equation, instead providing a 14-character recovery key for password resets or when the iOS device assigned to receive passcodes has been lost or stolen.
That's important. Last summer the hack of Wired reporter Mat Honan Apple ID was commandeered when attackers convinced a company support representative to give them access to his account.
Several other well-known Web services have also recently added optional two-factor authentication to secure their users' accounts, often after their networks were breached.
Dropbox, for example, added two-factor last August after usernames and passwords were stolen from another website, then used to access accounts. Facebook debuted two-factor in 2011. And Evernote, which had to reset 50 million passwords earlier this month after a hack, promised to speed up work on two-factor authentication.
Apple, while not the last major technology company to add two-factor, was certainly not at the forefront. "They seem to be slow to implement all kinds of things that seem so obvious to everyone else," said Storms.
Even so, Storms acknowledged the company's expertise. "Two-factor is two-factor is two-factor. You either implement it correctly or it's not two-factor," said Storms. "What's going to make the difference is how convenient they make it for the end user. And as we know, Apple has a seriously-good history at making good user interfaces. If anyone can make two-factor so friendly that everyone wants to use it, Apple is the one to pull it off."
Apple's move came just in time to give customers a way to protect their accounts from a password-reset hack revealed Friday by The Verge, which had found instructions online that showed how to reset an Apple ID password using only a user's date of birth and the account's associated email address. By day's end, Apple had fixed the vulnerability and restored the iForgot password-reset site.
Apple will roll out two-factor authentication in the U.S., U.K., Australia, Ireland, and New Zealand, then add other countries down the line.
The company has also posted an FAQ with more information about its two-factor authentication.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
- Hands on: Apple's Mac Pro is the fastest Mac ever
- Apple CFO to retire in September after he cashes in $53M stock award
- Apple's CarPlay to spark mobile apps war in your car
- Apple retires Snow Leopard from support, leaves 1 in 5 Macs vulnerable to attacks
- Apple patches critical 'gotofail' bug with Mavericks update
- Why Apple needs a $700 MacBook Air
- Apple takes top spot in brand value computation
- Apple gets a patent for health-monitoring ear buds
- Apple shifts to hardware-first TV strategy with revamped set-top box
- iTunes is almost as big a biz as OEM Windows
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts