Mikey Campbell
In a bid to secure its online consumer services, Apple on Tuesday activated two-factor authentication for iCloud.com access, allowing only basic access to Find My iPhone for those opted-in to the security layer.
As seen in the screenshot above, the iCloud.com portal is now protected by Apple's two-step authentication system, which requires users to enter a dynamically generated code sent to a trusted device prior to gaining access to the service.
Apple first tested the extra layer of iCloud.com security in June, more than one year following the protocol's introduction for Apple ID accounts in 2013.
In practice, iCloud.com two-step verification asks users logging in to provide both a password and a four-digit code, the latter of which is sent to a trusted device through text, iMessage or push notification. Apple ID owners can add trusted devices through the Apple ID management webpage.
Once a user is confirmed, all iCloud.com assets are unlocked until a user signs out or closes their browser window. Find My iPhone is left active by default, allowing users to remotely deactivate or wipe a trusted device that is stolen or lost.
At the time of this writing, Apple's implementation of two-factor iCloud.com authentication has effectively broken a number of forensics tools like ElcomSoft's iCloud backup and password breaker programs. The tools were supposedly employed by nefarious users to garnish photos from celebrity devices, which were then disseminated on the Web earlier this month.
AppleInsider Staff
Malcolm Owen
Oliver Haslam
Andrew O'Hara
Wesley Hilliard
William Gallagher
Christine McKee
22 Comments
Nice. One thing you have to hand to Tim Cook's Apple- it acts pretty damn fast.
Am I misreading the article? It says that Apple only allows basic access to Find my iPhone when opted into the security layer. Wouldn't it allow full access if you're opted in? I think you mean that if you haven't enabled the two step, you can only use Find my iPhone but not the other things until you've added the two step access.
I don't log into iCloud all that often, but I just did, to test this two-step system, and after I logged in with my Apple ID, that was it. I was in iCloud, everything was accessible and it never asked me for any security code.
Why is that?
[quote name="Apple ][" url="/t/182321/apple-activates-two-step-authentication-for-icloud-web-portal/0_100#post_2600047"]I don't log into iCloud all that often, but I just did, to test this two-step system, and after I logged in with my Apple ID, that was it. I was in iCloud, everything was accessible and it never asked me for any security code. Why is that? [/quote] Maybe you've already set it up? Or is it US only?
I am in the US.
I do already have two-step setup on my iOS devices, but I thought that it would ask me for the security code whenever I try to log into iCloud, at least that's what I thought after reading the OP. I guess that I'm mistaken about that, and since I already have two-step setup on my devices, it just allows me to log onto iCloud without the security code.