Apple beefs up security with 2-factor authentication for iCloud backups
By Caitlin McGarry
A sneaky method hackers use to crack your iCloud back-ups won’t work anymore if you’re serious about your security. On Tuesday night, Apple turned on two-factor authentication for iCloud, which will protect against the kind of social engineering exploits that helped hackers
steal celebrity photos last month.
Until Tuesday, Apple’s brand of two-factor authentication only protected your Apple ID, preventing people from making purchases from your account. But if thieves were able to guess the answers to your security questions and recover your password, they could easily use third-party software to access your iCloud backup. Your photos, documents, text messages: All of it was up for grabs.
That’s no longer the case. Ars Technicatried to install an iCloud backup with two-factor turned on using the most common software, made by Elcomsoft, and found it no longer worked.
Two-factor authentication works by requiring a second means of verification, aside from your password, to sign in to your accounts. That second method is usually an SMS code sent to your phone, which you then enter to gain access. If you don’t even have two-step verification turned on for your Apple ID, you’re forgiven. Apple buried the option in your settings and the process was cumbersome once you actually found it. It’s still not exactly easy to turn on two-step verification, but we created a
handy how-to guide with step-by-step instructions.
Apple sent out an e-mail to iCloud users on Tuesday night with
information about its security measures and how to use them. On Oct. 1, the company will let you generate app-specific passwords for third-party apps with access to your iCloud account, like Microsoft Outlook, BusyCal, and Mozilla Thunderbird. The new option prevents those apps from knowing your iCloud password and will keep your account safe.
The new security measures are too little, too late for celebrities like Jennifer Lawrence, but
turning on two-factor authentication for every account that offers it is the safest way to protect your information.