Apple extends its two-step authentication protocols to iMessage and FaceTime

13 Feb 2015

Following its move to add layers of security to iTunes and iCloud two years ago, consumer tech giant Apple has now extended two-step authentication to iMessage and FaceTime.

The move is coming in part (presumably) because of the leak last year of celebrities’ content that had been stored on their Apple devices.

What the two-step authentication does is makes the user enter a PIN to access iMessage or FaceTime when he or she switches devices, even if the user has signed in with his or her Apple ID.

“It’s really great to see Apple extending its two-step authentication to cover more services, particularly person-to-person communication services such as these, which have been so widely abused in the past (Facebook, Skype, etc),” Rik Ferguson, vice-president of security research at Trend Micro, told The Guardian.

Ferguson, however, is not convinced this is the appropriate response to security issues among Apple users, with the PIN merely being a number sent via SMS to a user’s device. “The ability to enter the SMS-based password doesn’t depend on your ownership of the smartphone, only your access to the text message,” he explained.

“If attackers can divert the calls or messages of that device, for example, by calling the mobile service provider, this two-step authentication can and has already been subverted.”

Apple devices image via Shutterstock

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com