Roman Sakhno - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Apple rolls out more robust iCloud two-factor authentication

Following a high-profile leak of celebrity photos, Apple has moved to improve its iCloud two-factor authentication mechanisms.

Just weeks after nude photos of celebrities including Jennifer Lawrence and Kate Upton were leaked from multiple iCloud accounts, Apple Inc. has rolled out a more robust two-factor authentication implementation for its data storage service.

Apple sent an email yesterday to Apple ID accountholders detailing the iCloud changes, which notably extends two-factor authentication coverage to all data stored in the service. As of Oct. 1, third-party apps that do not support iCloud two-factor authentication will also require app-specific passwords for access. Apple began sending alert emails to users last week informing them if any of several actions -- including device restores, attempted password changes and logins from new devices -- had taken place on an iCloud account.

Apple's response comes after a barrage of public criticism stemming from the high-profile photo leak, which the Cuptertino, Calif.-based tech vendor argued was the result of a "very targeted attack" on certain users' passwords and security questions rather than a breach of iCloud's security. Still, security experts said that the whole incident likely could have been avoided if Apple's iCloud two-factor authentication implementation wasn't notably flawed.

Despite enabling the security mechanism last year, Apple's two-factor authentication system only covered three specific scenarios for iCloud users before the recent improvements: signing in to My Apple ID to manage an Apple account; making iTunes, App Store, or iBookstore purchases from a new device; and receiving Apple ID-related support from Apple.

CEO Tim Cook promised in an interview with The Wall Street Journal days after incident that Apple would enhance the security of its iCloud suite, including improving the two-factor authentication coverage, as well as encouraging users to actually utilize the security feature.

"We want to do everything we can do to protect our customers," Cook told the news source, "because we are as outraged if not more so than they are."

Next Steps

Was your confidence in the cloud shaken after the iCloud incident? Sister site SearchCloudComputing explains why the cloud blame may be misplaced.

Dig Deeper on Two-factor and multifactor authentication strategies

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Apple should do something about the big vulnerability that was brought by Touch ID.