Your Apple iCloud is now protected with two-factor authentication

Aaron Mamiit, Tech Times 19 September 2014, 09:09 am

Following the nude celebrity images leak last month that was caused by a hacker getting into the iCloud accounts of celebrities, Apple has now activated its two-factor authentication process for the iCloud accounts of all users.

The two-factor authentication process was not previously used on the iCloud and Find My Phone services of Apple, which allowed a hacker to gain access to the iCloud accounts of celebrities using only the Apple ID and password of the user.

The activation of the two-factor authentication process looks to address security holes by requiring, on top of the log-in details of a username and a password, a dynamically generated pass code composed of four digits.

The pass code is sent only to a trusted device of the user, with the user personally registering the trusted devices.

Users can begin using the security system by first verifying at least one mobile phone number for the iCloud account. Upon verification, the user can begin adding additional trusted devices.

According to the Apple website, the two-factor authentication process prevents hackers from gaining access to the iCloud accounts of others, even if the passwords for the accounts are known.

The identity of a user will undergo verification through the security system when the user attempts to sign in to an Apple ID account, purchase from the App Store, iTunes, or iBooks Store, or seek support from Apple.

Upon confirmation of the user's identity, the iCloud is unlocked to the user. The iCloud will again be locked once the user exits the browser or logs out of the account.

In addition, the two-factor authentication process now also allows the user to securely sign in to the iCloud using third-party apps, even if the programs do not support the security system, through the creation of app-specific passwords, which will be a requirement beginning Oct. 1.

Vladimir Katalov, a Russian security expert, previously revealed that users are not informed if a hacker is able to gain access and downloads content from the user's iCloud account. In addition, users do not have the ability to encrypt their own iCloud data. While the data on the iCloud account is encrypted, the keys for the encryption are also located within the iCloud data, with Apple holding the keys.

Apple looks to address these issues to prevent a repeat of the data breach that leaked nude pictures of several celebrities, including Jennifer Lawrence and Kate Upton.