Apple’s Two-Factor Authentication Fails To Protect Several Services, But Users Shouldn’t Worry
Last year, Apple took a big step forward when it expanded the scope of its two-factor authentication which makes it relatively hard to obtain someone else’s sensitive information.
A blog post by Dani Grant on Medium points out that Apple’s two-factor authentication doesn’t protect all of the company’s services. In order to get into services like FaceTime, iMessage, and iTunes you only need the email address associated with the user’s Apple ID and their password. This news shouldn’t be a surprise to anyone.
Apple is very clear in pointing out what services support two-factor authentication. It will take some time before the company can implement the security feature across all of its services, and users should not be worried if the service they use doesn’t support it.
I do, however, agree with Grant’s point that two-factor authentication should be implemented on all of Apple’s services because it will provide a greater level of security for users. However, implementing this security solution is not something that will happen overnight.
In order for someone (malicious or not) to get into your Apple account they still need an email address and password. The chances of someone being able to break into your account can be significantly decreased by using a strong password. The attacker must still figure out your password before being able to login, which is not an easy task by any means (especially if you have a strong password).
Earlier this year after a leak of celebrity iCloud photos, Apple CEO Tim Cook promised that the company would enhance its two-factor authentication system. The company has not released any of these updates yet, however, Cook didn’t give any timeline as to when the enhanced security features would become available.
Apple’s two-factor authentication currently applies to a select group of services, including iCloud. The company has not issued any comments regarding the matter, however it will be interesting if Apple will make security a higher priority in 2015.