Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Desktops (Apple) Iphone Security The Internet Apple

Apple Makes Two-Factor Authentication Available For Apple IDs 63

Posted by Soulskill
from the security-is-now-officially-hip dept.
wiredmikey writes "In an effort to increase security for user accounts, Apple on Thursday introduced a two-step verification option for Apple IDs. As the 'epic hacking' of Wired journalist Mat Honan proved, an Apple ID often carries much more power than the ability to buy songs and apps through Apple's App store. An Apple ID can essentially be the keys to the Kingdom when it comes to Apple devices and user maintained data, and as Apple explains, is the key to many important things you do with Apple, such as purchasing from the iTunes and App Stores, keeping personal information up-to-date across your devices with iCloud, and locating, locking, or wiping your devices.' 'After you turn [Two-step verification] on, there will be no way for anyone to access and manage your account at My Apple ID other than by using your password, verification codes sent your trusted devices, or your Recovery Key, a support entry announcing the new service explained."
This discussion has been archived. No new comments can be posted.

Apple Makes Two-Factor Authentication Available For Apple IDs

Comments Filter:
  • by noh8rz10 (2716597) on Friday March 22, 2013 @06:33PM (#43252511)

    For the most common 2-factor authentication in place today (e.g. if you enable for Gmail) the authenticating entity sends a code to your device in order to tie this to something that you have (your phone) and thereby introduce the possession factor.

    I would say the most common 2-factor authentication is at the ATM, where you need to present your ATM card and enter your pin.

  • by cbhacking (979169) <been_out_cruising-slashdot@y a h o> on Friday March 22, 2013 @07:01PM (#43252785) Homepage Journal

    Yep, that's a good example of 2FA. Calling "username and password" two factors is foolish; your username isn't even an authentication credential at all in most cases (that is, it's typically at least semi-public information). It's an identifier, not a credential.

    However, even if the username is treated as a second password, then you don't really have two passwords; you have one long password with a break in the middle. There's no meaningful difference between them at that point.

"If you want to eat hippopatomus, you've got to pay the freight." -- attributed to an IBM guy, about why IBM software uses so much memory