Apple has introduced a new two-factor authentication system designed to help protect users’ iTunes and App Store accounts and prevent attackers or unauthorized users from taking over users’ accounts. The system is similar to the one that Google has implemented for Gmail, utilizing verification codes sent via SMS.
The move by Apple comes years after Google made the change with Gmail two-factor authentication in response to a series of targeted attacks against Gmail users. Google’s system requires users to set up a cell phone number or other alternate method of communication. When a user tries to log in to Gmail from a new device or application, she must enter her password along with a numeric code that’s sent via SMS or generated by an app on her mobile phone.
Apple’s two-factor authentication system, which is available in the United States, the UK, Australia Ireland and New Zealand, is almost the same, using either SMS or the Find My iPhone app to send a numeric code to the user. When the user logs into her iTunes account, she will then need her Apple ID password and that numeric code in order to gain access.
“When you set up two-step verification, you register one or more trusted devices. A trusted device is a device you control that can receive 4-digit verification codes using either Find My iPhone notifications or SMS to verify your identity.” Apple said in a support article introducing the new feature.
“Then, any time you sign in to manage your Apple ID at My Apple ID or make an iTunes, App Store, or iBookstore purchase from a new device, you will need to enter both your password and a 4-digit verification code. After you sign in, you can manage your account or make purchases as usual. Without both your password and the verification code, access to your account will be denied.”
The new Apple two-factor system is not enabled by default and users have to go into their Apple ID account settings and turn the feature on under the Password and Security option. In addition to the Gmail two-factor authentication system, Facebook has a two-factor sign-in system, as well, that requires users to enter a code in addition to their username and password.
Apple’s new system also uses a 14-digit recovery key that a user can employ to get access to her account if she loses control of her mobile device or otherwise can’t access the account. The system also eliminates the need for personal security questions.