Screen Shot 2014-06-30 at 5.09.51 PM

It appears Apple has started rolling out support for two-factor authentication on its iCloud.com website. The feature initially rolled out to the Apple ID management website in the United States and then in several other countries soon after.

Under the new setup on iCloud.com, users can only access Find My iPhone without verifying their identities. Mail, Contacts, and other “apps” require you to enter a passcode that can be texted to any phone number or sent to the Find My iPhone app on properly configured devices.

2-step

The Find My iPhone web app is unlocked by default as a security measure to ensure that if users have lost their phones, they’re still able to get them back, since requring you to use your missing phone to login in order to locate it would be counter-intuitive. Users have the option of setting trusted computers to automatically remember their two-factor login so they don’t need to repeat the process each time they login.

It seems the feature is rolling out to many users today, while others will have towait to get the full benefits of this additional security measure.

Update: It seems the two-factor option has stopped working now. It’s possible Apple accidentally launched the feature earlier than expected for some users.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

13 Responses to “Apple finally brings two-factor authentication to iCloud website (updated)”

  1. oreomuncher says:

    Ergh, this is going to be a pain on the school computers :l
    Can’t use phones over here in the uk.

    Like

  2. Ian Wood says:

    I’m all for two factor authentication if it’s optional. Making it a compulsory step can be more problematic for a legitimate user in some circumstances, like that one referred to by oreomuncher. Not a good move.

    Like

    • oreomuncher says:

      If this is compulsory I’m defiantly starting a page to get people to write complaint letters. Our school uses a cart of windows laptops and we have separate computer rooms. So you rarely receive the same computer, And obviously since I’m in school i can’t use my phone…I physically can’t use word or powerpoint in school any more, it’s too much of a headache, i really need access to iCloud

      Like

    • lkernan says:

      Personally I think it should be required for all, just offer an alternative option for receiving the second code. Two Factor saved my Google account once after another site where I had used the same password was hacked.
      The messages on my phone were also the first sign of something going wrong.

      Like

  3. To those who set up two-step verification, be extremely carful! Apple says that you will always have access to your account as long as you have two of the following (your Apple ID password, at least one trusted Apple device, and your recovery key). BUT, if you lose your recovery key and your account suffers a DS Lockout (a lock caused by too many failed login attempts) before you can set a new one, knowing your password and having access to a trusted device won’t be enough — you will be locked out of your account until you can provide them with your recover key. So, if you don’t know it, not only will you lose access to all your purchases, iCloud-stored info, Apple email, etc., but if you have an iOS device with find my iPhone enabled, you will not be able to use iCloud with it again. AND, if you try to restore it, your device will be bricked.

    For the most part, Apple’s security beef-up has been great! But this is one issue that has been very-much overlooked by Apple. Hopefully, this is a sign that Apple is paying more attention to two-step verification and will device a solution to this problem.

    Like

  4. SMIDG3T says:

    So an “attacker” only needs a password and then can access Find my iPhone and remove the devices??

    Like

    • fabrica64 says:

      Currently you just need a password to erase and lock an iPhine. That’s very bad as you use your password any time you enter Find my iPhone. If Apple was really interested in security would have set up an additional PIN (two-factor auth) that should be used ONLY when erasing and lock, so if someone sniffs your password while you enter Find my iPhone it could not erase and lock your iPhone.
      So they are implementing two-factor auth on everything but not on Find my iPhone, too bad…

      Like

      • Alberto says:

        I guess they do it because if someone steals your iPhone you won’t be able to get the additional PIN unless you have an iPad registered as well. It makes sense

        Like

  5. Arturo Luis says:

    once someone have stole your iP… you can message him/her saying “you crab of a hell..:” or “reward you.. I’ve lost mi iP… can you giti it back”? She o the is join to give s*it and delete everything with his/her itunes an chinese usb and you, poor are going to spend another 600bucks or so… wit a damn in your tongue

    Like

  6. I don’t know why there is a “finally” in the headline. This sounds like an awful feature for most people and only useful to a tiny few paranoids who don’t mind the bother.

    Like

  7. just worked for me. apparently Apple has fixed the issue. Before I was receiving an “unknown error occured” after verifying my Recovery Key. But it works now.

    Like