The Guardian is reporting that two-step authentication — first enabled for iTunes and iCloud accounts nearly two years ago — has now been added to FaceTime and Messages as well. If you’ve already logged into an iPhone, iPad or Mac using your iCloud account, you’re already covered by that extra security. But if you log out of your iMessage or FaceTime accounts and then try to log in again, or if you log in from another machine, you’ll be required to enter a security code to verify your password and user name.
Two-step authentication requires you not only to know the user name and password for a particular account, but also adds another form of authentication. For Google and some other services, that may come in the form of an app that generates a security code once every sixty seconds. For other companies, including Apple, a text message can be sent to a phone number that has been registered with an account.
Even if a person seeking entrance into your account has your name and password, they’ll still need that second level of authentication to break in.
Our take on the news: While it’s still a good move and one that’s surprisingly long overdue, Apple’s two-step authentication process can still be subverted if an attacker has your phone in hand. We’re hoping that the growing ubiquity of Touch ID on Apple products means that future two-step authentication may be accomplished with a fingerprint.