Skip to main content

Apple adds two-factor authentication option to FaceTime and iMessage

In the wake of a report last month that multiple Apple services remained insecure against hacking attempts, Apple has turned on two-factor authentication for the FaceTime audio/video calling service and iMessage text/picture/voice messaging service, notes The Guardian. Two-factor authentication was previously offered optionally by Apple to secure iCloud accounts against access from previously unknown computers, but other Apple services such as iMessage, FaceTime, the iTunes Store, the App Store, and Apple.com itself were left with only simple passwords for security.

Apple’s two-factor authentication system blocks new devices from accessing a user’s account by requiring more than just a simple password. Instead, it requires both the selection of a relatively complex, hard-to-crack password and a verification of a PIN code displayed briefly on a trusted device.

After the optional two-factor system is activated, an unauthorized user who gets someone else’s email address and password would still need to enter the trusted device’s temporary PIN code to access Apple’s services from a new device, reducing the likelihood of identity fraud.

If you’ve already set up two-factor authentication on your iCloud account, you’ll find that it’s active when you go to change settings in the FaceTime or Messages apps. Adding the security to the iMessage service will limit access to current and stored text, photo, and voice messages sent through Apple’s servers, while locking down FaceTime will keep unauthorized devices from receiving or making calls using a registered accountholder’s identity.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. Taste_of_Apple - 10 years ago

    Awesome news.

  2. revanmj - 10 years ago

    I wish they would add this to Find My iPhone/Mac. After a fail where hacker wiped remotely journalist phone I disabled them in hope Apple would finally secure them with 2FA, yet they still haven’t done that.

    • johnmfoley (@johnmfoley) - 10 years ago

      Most people won’t be subject to a malicious attack where people are content to just wipe their phone for fun. Notable figures are in a position–but if they use a complex password it takes an extremely dedicated attacker.

      Most people are known to have their phones lost or stolen. In these situations sensitive data/photos may be on their phone. Typically you won’t have a secondary device handy–backup phone number or iPad to use 2 factor on the device you’re using for Find My iPhone. Time is of the essence and it would be extremely inconvenient and frustrating to need 2FA for this feature.

      Even if you are a notable figure and someone is going to extreme lengths to obtain your password, the worst they could do is wipe your phone. If you have an iCloud backup or regularly backup to iTunes, you’ll be able to restore it without issue. If you have this feature turned off though, there is a much greater chance of not being able to recover a lost phone. I don’t think it’s worth it for you having this feature turned off. Additionally, it would be a mistake for Apple to even give the option. As I think many users would accidentally turn this on thinking they are getting max protection and then actually be harmed when they need to use Find my iPhone.

    • Steven Fisher - 10 years ago

      How would that work? Two Factor requires your phone, so you’re not going to be able to sign in to use Find My iPhone.

      • Smigit - 10 years ago

        Two factor authentication can be implemented without requiring a phone. They could use a secondary email address for an example, with the hope being that a user hasn’t used the same password on both services. Steam when I log in from a new device uses a one time code emailed to me as a second authentication gate.

        While this does use a phone, other ways might include nominating a phone number other than yourself, such as allowing the number to be sent to any other phone associated with family sharing or whatever. While you still use a phone in that case, it isn’t the same device that is locked and presumably you already trust any device associated with family sharing since you’ve granted those phones the ability to make purchases with the account owners credit card.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications