Apple beefs up security with two-factor authentication for iCloud backups

Caitlin McGarry
18 September, 2014
View more articles fromthe author

iCloud-backup-apple-macworld-australia11A sneaky method hackers use to crack your iCloud backups won’t work anymore if you’re serious about your security. Overnight, Apple turned on two-factor authentication for iCloud, which will protect against the kind of social engineering exploits that helped hackers steal celebrity photos last month.

Until Wednesday, Apple’s brand of two-factor authentication only protected your Apple ID, preventing people from making purchases from your account. But if thieves were able to guess the answers to your security questions and recover your password, they could easily use third-party software to access your iCloud backup. Your photos, documents, text messages: All of it was up for grabs.

That’s no longer the case. Ars Technica tried to install an iCloud backup with two-factor turned on using the most common software, made by Elcomsoft, and found it no longer worked.

Two-factor authentication works by requiring a second means of verification, aside from your password, to sign in to your accounts. That second method is usually an SMS code sent to your phone, which you then enter to gain access. If you don’t even have two-step verification turned on for your Apple ID, you’re forgiven. Apple buried the option in your settings and the process was cumbersome once you actually found it.

Apple sent out an e-mail to iCloud users with information about its security measures and how to use them. On 1 October, the company will let you generate app-specific passwords for third-party apps with access to your iCloud account, like Microsoft Outlook, BusyCal and Mozilla Thunderbird. The new option prevents those apps from knowing your iCloud password and will keep your account safe.

The new security measures are too little, too late for celebrities like Jennifer Lawrence, but turning on two-factor authentication for every account that offers it is the safest way to protect your information.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us