Apple expands two-factor authentication to include FaceTime and iMessage

[Shawn Knight]

Apple is expanding the reach of its two-factor authentication beyond iTunes and iCloud to include its iMessage and FaceTime communications platforms. Here’s what it means and how it can protect users.

If you’re already logged into FaceTime or iMessage on your device, not much will change. But if you log out then attempt to log back in or happen to sign into either service on a different device, you’ll need to enter a second security code sent to a trusted device in addition to the usual username and password to proceed.

This, of course, is assuming you’ve enabled two-factor authentication.

The addition comes just one month after blogger Dani Grant reminded us that most of Apple’s services still weren’t protected by the double layer of protection even after the embarrassing iCloud celebrity photo hack.

With just a username and password, Grant demonstrated how easy it’d be to impersonate someone sending iMessages from their account, see someone’s billing address, credit card type, the last four digits of said credit card, their phone number and what app purchases someone has made.

The extra layer of security is a welcomed addition but it’ll do no good unless you actually enable it. Apple has a complete FAQ on the matter that covers what it is, why you should use it and more importantly, how to set it up.

Permalink to story.

https://www.techspot.com/news/59744-apple-expands-two-factor-authentication-include-facetime-imessage.html

 

[DelJo63]

A certain BnB site uses Facebook as a validation of the user identity. As the Terms and Conditions insist that all FB content is accessible and shared with the BnB, I declined to allow that level of access.

Consequently, a friend LOST a 4day rental.

Facebook is a validation of only Facebook - - nothing else.

 

[tonylukac]

Two factor authentication? My mother can't even cope with one factor authentication of gmail. I set up outlook with imap for her. They are always telling me I'm in my own little world, but these companies are in their own littlw world. I had one of my apps on android using microsoft email servers, and all of a sudden microsoft wrongly determined that someone was sending spam thru my account, and caused me to manditorily change the password. All the existing apps downloaded were thus invalid because they `couldn't send the email message because the password had been changed. By the time I located the source code and restored the eclipse compiler which crashed every time my mother makes noise and sometimes requires reloading it and ALL apps from scratch, two months had gone by. Mother had to be out of the apartment for it to work.