Mikey Campbell
Apple on Monday appears to have rolled out a new implementation of its two-factor Apple ID authentication system with iCloud.com, requiring users who have the additional layer of security enabled to enter a special code before accessing the Web apps.
With the new implementation, shown in the screenshot above, Apple is expanding its two-step authentication security feature beyond Apple ID management and iCloud-connected features to the iCloud.com Web app suite. Prior to the change, iCloud.com was accessible via a simple password. The feature was first spotted by reader Stephan.
AppleInsider was able to confirm the new iCloud security feature is indeed Apple's normal two-factor authentication service, though it is unclear if the feature is in testing or nearing rollout. Certain Apple ID accounts we tested required the second verification, while though others did not.
Like Apple's other two-factor methods, iCloud.com asks users who log on to enter both a password and a four-digit verification code that is sent by the system to a trusted device. Once verified, all iCloud apps are unlocked and can be accessed normally.
We found signing out of iCloud.com will, in most cases, reset the verification mechanism, forcing the secondary code on each login attempt. In some instances, however, the system does not reset itself even after clearing cookies and toggling two-factor authentication via the Apple ID management webpage.
Apple has left the "Find My iPhone" Web app accessible even without secondary authentication in case the trusted iPhone or iPad goes missing.
Apple first introduced two-factor verification in March 2013 to provide an extra layer of security to Apple ID account holders. After launching in the U.S., Australia, Ireland, New Zealand and the U.K., two-step was expanded to Apple ID holders in Canada, France, Germany, Italy, Japan and Spain.in February.
Charles Martin
Malcolm Owen
Andrew O'Hara
15 Comments
I'm not sure I need to be THAT secure. Seems like it might quickly become a nuisance.
Not that I think it's a bad idea. It's a GREAT idea. I'm just not sure my account is at great enough risk to warrant an ongoing extra step. I log out every time I finish buying something, so I'd be doing the number dance a lot.
I'd wish Apple would hurry up and add more countries to 2-step verification to other countries. Google and others already have this globally.
If you know anyone who's had their email hacked ... and I know several people ... you will think differently about two-factor. Because the first thing they do is delete all your mail, and then they mail your contacts that you have changed your mail, and they give them a new fake email address for you. But hey. Do whatever you want.
Good job Apple. Anything Apple can do to make the eco system safer, the better. An extra step or two in nothing compared to the Android / Microsoft world of hurt. Anyone complaining ... go buy an Android heap of crap or a Microsoft mobile device ... oh wait a minute do they have any?
[quote name="Lorin Schultz" url="/t/181006/apple-rolls-out-two-step-verification-for-icloud-com-web-apps#post_2557914"]I'm not sure I need to be THAT secure. Seems like it might quickly become a nuisance. Not that I think it's a bad idea. It's a GREAT idea. I'm just not sure my account is at great enough risk to warrant an ongoing extra step. I log out every time I finish buying something, so I'd be doing the number dance a lot. [/quote] Just returned from Vancouver. Expensive and wet but wow what a fantastic city. Loved it. Now, as to your comment, come on, anything Apple can do to make the only eco system is worth a shit, safer ..... :)