Last week, Apple began to roll out multifactor authentication for its iCloud service, joining many other services, including most online banking platforms, Google, and Twitter. This is not a surprising move, not only due the popularity of iCloud storage as a means for users of all iDevices to back up their data, but also due to a few high-profile vulnerabilities in their authentication procedures in the past few months. There was a thought years back (i.e. before the iPhone) that Macs couldn’t get hacked because not enough people used them for hackers to go after them. This is obviously not the case anymore.
The way the multifactor authentication, that is now being slowly rolled out to some users, will work is that an iCloud user will need to submit a username and password. After submitting the username and password, the user will need to verify a four digit code transmitted from iCloud to a trusted device. This is a long cry from the not-so-challenging challenge questions that led to the “epic” hack of Wired editor Mat Honan’s online life (a long read, but still one of the more interesting information security case studies in recent history).
While this may be an additional speed bump in between consumers, who can barely keep their own passwords straight, and their information, it also serves as an effective barrier between malicious parties and this information.