Apple to remove Recovery Key from iOS 9, OS X 10.11 two-factor authentication process

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Apple on Wednesday confirmed that the removal of a pesky Recovery Key security mechanism will be one of the changes coming to its two-factor authentication solution when iOS 9 and OS X 10.11 El Capitan are released this fall.

Currently, the Recovery Key system in Apple's "two-step" protocol works as a failsafe for accessing an Apple ID when registered trusted device or phone number is unavailable. Under the existing setup, losing both a trusted device and Recovery Key renders the account inaccessible, which has in the past forced some users to abandon their Apple IDs altogether.

With higher level integration in iOS 9 and El Capitan, Apple's new method, now referred to as "two-factor," does away with 14-character Recovery Keys, to be replaced by a live customer support recovery process, an Apple spokesperson confirmed to MacWorld. The feature removal is just one modification Apple plans to apply when two-factor authentication rolls out later this year.

Other security enhancements were revealed in a support document published today, including longer six-digit verification codes and more intuitive authentication alerts that work across iOS and OS X platforms. For example, when users sign in to their Apple ID on a new device — or browser in the case of iCloud — with a password, a verification code is automatically pushed to all trusted devices. Text message and phone call verifications to trusted numbers will also remain available.

Because the system is built in to iOS 9 and El Capitan, devices running older iOS and OS X versions will not display the new six-digit verification codes. Once a user enables the new two-factor protocol, attempting to access an Apple ID using an iOS 8 device, for example, will send the six-digit code only to compatible devices. In lieu of a dedicated code entry mechanism, users might be prompted to log in again and append the six-digit number to the end of their password.

The new opt-in two-factor protocol is currently rolling out to a limited number of beta testers and will gradually become available to more users as Apple builds up backend support.