Apple Extends Two-Factor Authentication to iMessage, FaceTime

Type threatpost
Reporter Chris Brook
Modified 2015-02-13T16:14:25


Apple extended two-factor authentication (2FA) yesterday to its iMessage and FaceTime services, adding an extra layer of security to the popular iOS apps.

The move, which Apple has taken to calling “two-step verification,” follows the company’s enabling of 2FA on its iCloud storage service back in September after a celebrity photo hacking scandal made headlines over the summer.

Two-factor authentication bolsters security by mandating users not only have the username and password for an account but also an additional PIN to login.

Users who previously enabled the functionality on their iCloud accounts will be prompted upon opening either app to create a new application-specific password for them.

After setting passwords, users can manage them in their Apple ID account settings under the Password and Security section. Before Apple quietly dropped 2FA for the apps yesterday, users who opened either app were not prompted for a code.

In addition to the two-step verification codes, users will also receive a lengthy code composed of letters and numbers that can be used as a backup recovery key, in the event that they lose their phone.

Apple first began deploying 2FA on iTunes in March 2013 to thwart attackers from hijacking users’ App Store accounts. Nearly a year and a half later, prompted by a nasty photo hack that leaked dozens of celebrities’ photos, Apple extended the feature to iCloud.