Wednesday, March 27, 2013

Apple Enables Two-Step Verification to Thwart Account Hijacking

Apple Enables Two-Step Verification to Thwart Account Hijacking:

"Apple has turned to two-step verification to improve the security defenses against account hijacking for Apple iTunes and App Store.
The feature—which was announced March 21—works by sending a SMS message with a four-digit verification code in it sent from Apple that users have to enter from a "trusted device" in order to access their accounts."

Well, not quite two-factor, but getting closer.  The weakness in this is that if you are trying to make your iPhone "trusted", the SMS will go right back to that device.  For an iPad or other mobile device, This will provide another layer of verification, but if someone manages to have both their phone and other mobile device stolen, then you are back where you started.

One way to overcome this is to have a passcode on your devices. Hint -- you are NOT limited to a four digit pin.

True two-factor authentication consists of two or more of three independent elements:  Something a user knows, such as a password or a PIN; something a user possesses, such as a smartcard or ATM card; or something the user is, such as a fingerprint or other biometric data.

'via Blog this'

No comments: