Roman Sakhno - Fotolia
Just weeks after nude photos of celebrities including Jennifer Lawrence and Kate Upton were leaked from multiple iCloud accounts, Apple Inc. has rolled out a more robust two-factor authentication implementation for its data storage service.
Apple sent an email yesterday to Apple ID accountholders detailing the iCloud changes, which notably extends two-factor authentication coverage to all data stored in the service. As of Oct. 1, third-party apps that do not support iCloud two-factor authentication will also require app-specific passwords for access. Apple began sending alert emails to users last week informing them if any of several actions -- including device restores, attempted password changes and logins from new devices -- had taken place on an iCloud account.
Apple's response comes after a barrage of public criticism stemming from the high-profile photo leak, which the Cuptertino, Calif.-based tech vendor argued was the result of a "very targeted attack" on certain users' passwords and security questions rather than a breach of iCloud's security. Still, security experts said that the whole incident likely could have been avoided if Apple's iCloud two-factor authentication implementation wasn't notably flawed.
Despite enabling the security mechanism last year, Apple's two-factor authentication system only covered three specific scenarios for iCloud users before the recent improvements: signing in to My Apple ID to manage an Apple account; making iTunes, App Store, or iBookstore purchases from a new device; and receiving Apple ID-related support from Apple.
CEO Tim Cook promised in an interview with The Wall Street Journal days after incident that Apple would enhance the security of its iCloud suite, including improving the two-factor authentication coverage, as well as encouraging users to actually utilize the security feature.
"We want to do everything we can do to protect our customers," Cook told the news source, "because we are as outraged if not more so than they are."
Apple's new 2FA appears to challenge you EVERY TIME you log into your iCloud account. Shocked Apple did it, and it's VERY good for security.
— Jonathan Zdziarski (@JZdziarski) September 16, 2014
Was your confidence in the cloud shaken after the iCloud incident? Sister site SearchCloudComputing explains why the cloud blame may be misplaced.