In association with heise online

22 March 2013, 16:33

Apple launches two-factor authentication for Apple IDs

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple icon

Apple has started to introduce two-factor authentication for its centralised Apple ID, which controls access to iCloud, iTunes and Apple's online store and is used by FaceTime and iMessage. US users have reported the appearance of a corresponding setting on Apple's My Apple ID web site. The new feature, listed under "Password and security", uses temporary PINs which have to be entered together with the password and are distributed to users via a second channel as an additional security credential.

Apple sends out temporary PINs in one of two ways – either by text message to a nominated phone or, in iOS, via Apple's own Find My iPhone app. Both options for transmitting a PIN to a trusted device require prior authorisation, but Apple does allow multiple devices. Installing the Find My iPhone app may be unnecessary – activating the Find My iPhone service in the iOS settings on the device in question may be sufficient to enable PINs to be received.

Apple two-factor authentication overview
Zoom Apple's overview of two-factor authentication
Source: Apple

A temporary PIN is not, however, required every time the password is entered. According to Apple, a PIN is only required when managing an Apple ID on the My Apple ID web site and the first time a purchase is made from iTunes, the App Store or iBookstore on a new device. In addition to two-factor authentication, Apple also provides a 14 figure recovery key for use where the trusted device is no longer available.

According to Apple, the new service will initially be available in the US, UK, Ireland, Australia and New Zealand. Even in these countries, however, the roll-out appears to be proceeding slowly. More details on the new temporary PIN can be found in Apple's support document; Macstories has also put together an illustrated how-to guide.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit