SAN FRANCISCO – Apple is shaking up the way it confirms whether you’re the
rightful owner of your iOS device or Mac.
Built directly into iOS 9 and OS X El Capitan, a system called
“two-factor authentication” will add an extra layer of security that
can keep your Apple account more secure, even if someone gains access to your
password. On a support page for developers,
Apple explained that the new process will verify your identity through both a
password and a six-digit code whenever you sign into a new device using your
Apple ID. That code will pop up on any Apple mobile device or computer in which
you are already signed in. And once signed in, you won’t be prompted for the
verification code again.
Further, in iOS 9 and El Capitan, Apple is giving the boot to the Recovery
Key, a 14-character code employed in the current two-step verification process
but which has proven difficult to remember and use. Although, there will be a
downside if you forget your password and need to regain access to your account.
Apple is touting the new system as more secure than the current process.
Presently, Apple uses something called two-step verification if you need to
access or verify your account. This process relies on Apple’s Find My Phone and
Find My Macfeatures, while the new two-factor authentication is part of the OS itself. The
current process also uses a four-digit code to verify your account, while the
two-factor authentication will use a stronger six-digit code. And once the code
is passed to any devices running iOS 9 or El Capitan, that device automatically
becomes trusted, meaning no further verification will be required. Your account
credentials will also be better protected as Apple has said that the new
authentication “uses different methods to trust devices and deliver
verification codes.”
There is one aspect to the new authentication that has both an upside and a
downside. Apple will eliminate the 14-digit Recovery Key, which users are
required to enter if they forgot their password or lose a trusted device and
need to regain account access. The Recovery Key has been a poor solution as it
requires users to write it down lest they easily forget it. And without that
key, your account credentials can be irrecoverable.
Instead, of the Recovery Key, however, you will have to call Apple if you
need to recover your account using iOS 9 or El Capitan. As Apple explains it,
you will have to provide a verified phone number through which you’ll receive a
text or phone call regarding your account. Apple will review your case and
contact you with an automated message with steps on how to recover your
account. That is a more reliable and secure system than the current Recovery
Key.
The downside?
“Account recovery will take a few days – or longer – depending on how
much information you can provide to verify that you are the account
owner,” Apple said. “The process is designed to get you back into
your account as quickly as possible while denying access to anyone who might be
pretending to be you.”
So, yes, the new process is designed for your own security. But being
without your Apple account for a few days – or longer – could pose a problem
for those who need access on a daily basis.
The new process won’t be available to Apple users until iOS 9 and OS X El
Capitan officially roll out in September. So we’ll see at that point just how
smoothly it will work.
This story was published by CNET.Com. To subscribe, click onwww.cnet.com
