Apple is strengthening the log-in process for its iMessage and FaceTime digital communications services with the aim of preventing hackers from hijacking users' accounts.
Apple announced Thursday it is adding two-step identity verification to users' accounts, stopping unauthorized people from accessing accounts, even if they know the user's password. Apple has been beefing up the security of its Internet products since last year's high-profile breaching of iCloud accounts belonging to celebrities who use the service.
Traditionally, online services have relied on the single-step process of entering a username and associated password to access an account. Two-step verification, also known as two-factor verification, provides an extra layer of security by requiring users to prove their identity by entering a second form of authentication in addition to a password to access accounts.
While there are several credential options available, many online services, including Google, Twitter and Facebook, will text a randomly generated four-digit code to users' phones as a second factor every time they try to log in to a device not already associated with the account.
However, critics are quick to point out that two-step verification isn't entirely bulletproof, noting that it usually requires a USB token, phone or other device that's easy to lose. Also, anyone with access to the device who knows your online password could also access protected accounts.
Apple has had two-step authentication since 2013 for its Apple ID account, which is used to make purchases from iTunes and the App Store and make changes to account details. Apple has pledged to increase awareness of two-factor authentication.
The changes are part of an effort sparked by the release of several private, nude images of celebritiespilfered from Apple iCloud accounts in September. After an Apple investigation determined that the image release was the result of a targeted attack on individual accounts and not poor security on its part, Apple published a new privacy policy that includes guidelines for protecting online accounts.
Apple has published an FAQ that explains how to set up two-step verification on the services and its inner workings.