Apple Inc. NASDAQ:AAPL has brought in a two-factor authentication process for iCloud access after being criticized for lack of security following the last month’s online nude celebrity photo leak. Users will now be asked to provode an additional four-digit pass-code sent to him or her other than the login and password details.
Login through third-party apps supported
Users should use one verified SMS-capable phone number for their registered accounts and use the security system. According to the company’s website, the two-factor authentication shuts off bad actors from using users’ iCloud accounts even if they know the password. The user is required to verify through a two-step system to sign into a My Apple ID account, make iTunes, App Store, and iBooks Store purchases from a new device and get Apple ID-related support from Apple.
After completing the two-step authentication processes, the user can access the iCloud and logout. Additionally, the company said that if users are accessing the iCloud through any third-party apps such as Microsoft Outlook or Mozilla Thunderbird, they have an option to create app-specific passwords and sign in securely even if the service that they are using does not support the two-factor verification. The Cupertino Calif-based device maker revealed that the app-specific passwords will be required from October 1.
Incident that inspired Apple
A slew of attacks taking advantage of the vulnerability of Apple iCloud were unleashed when news broke that hackers allegedly broke into the iCloud accounts of celebrities, and leaked risque photos.
The photos were uploaded on the web after the news of Apple ‘Find my iPhone’ online service break was out. Apple responded to the incident by releasing a statement that it was investigating, but maintained that it has nothing to do with the lack of security on its end.
At that time, Apple Inc. said, “When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source,” added that after 40 hours of investigation, it had determined that various celebrity accounts were hacked by a very large targeted attack on usernames, passwords, and security questions, a relatively common practice today.
Apple Inc. also claimed that the incident did not occur due to any laxity in the company’s system including iCloud or Find my iPhone. The company noted that they are supporting law enforcement in tracking down the criminals involved.