Apple Plans to Add Two-Factor Authentication to iCloud

After Celebrity picture leaks by iCloud hacking, Apple plans to add its two-factor authentication(2FA) system to logins to the iCloud service from mobile device. 2FA will be implemented to iCloud when iOS 8.0 will be released, possible later this month.

iCloud hacking

Two-factor authentication (also known as Two-step verification) is a process involving two stages to verify the identity of an entity trying to access services in a computer or in a network.

Two-factor authentication will add an extra layer of authentication for iCloud logins from iPhones and iPads. In addition to an Apple ID and password, users who have 2FA implemented will be required to enter a PIN code sent to the device through SMS or a long access key generated at the time of sign-up. Speaking to the Wall Street Journal, Tim Cook, Apple’s CEO, said that the company needed to do more to protect user’s information, a fact that was highlighted by the celebrity photo leak several days ago.

The unidentified hacker were able to hack iCloud accounts either through phishing attacks or by correctly answering security questions. Apple has had 2FA available for iTunes and Apple ID accounts since March 2013, but it is not enabled by default and it doesn’t apply to iCloud logins at this point. The company has not widely publicized the availability of the 2FA option, something that security experts have criticized the company for.

See Also: How to Protect Gmail Account from Hackers with 2 Step Verification

In addition to adding 2FA to iCloud logins, Cook said Apple also plans to start sending email and push notifications to users if certain operations are attempted on their accounts, such as password changes, iCloud data restoratations to a new device or logins from a new device. Those notifications will start in the next couple of weeks, but one limitation of the change is that users only will be made aware of these attempts after they’ve occurred.