On Apple's Upcoming Two-Factor Authentication


It’s half-baked.

I am clearly in the minority that thinks of two-factor auth in and by itself as security voodoo to appease the unwashed masses – especially if you don’t follow it up with privilege separation – and I’m going to stick to my guns on this one.

This because from what I’m reading it only applies to purchasing content and managing your Apple ID, and therefore makes it half a solution for those of us who find it incredibly backwards that there is no separation whatsoever between iCloud service access (mail, calendaring, storage) and billing info.

The way things stand right now (and even after two-factor auth such as described above is active), once your account is compromised via a bug in one of those services or malfeasance and your password is exposed, it’s completely compromised.

Yes, that’s right. Sure, with two-factor auth you’d be able to regain control of your account, but nightmare wipeout scenarios like Matt Honan’s are still possible, since with your password a hacker can delete your mail account, calendars, contacts and whatnot – and, horrifically, it looks like remote wipe of Macs and iOS devices isn’t protected by two-factor auth (but at this stage there is still little info, and I might well be wrong).

Like I wrote a while back, it is positively idiotic that the very same Apple ID and password I use for the App Store or to manage my iCloud account is also used to access my e-mail and Messages. Google (for all their whimsy regarding service life cycles) does this right by allowing me to manage service passwords.

Also of note is the utter lack of grouping for Apple IDs, or being able to set up family accounts in iCloud.

My ideal scenario would be to have a single username and password for purchasing apps and content – which would indeed have two-factor auth – and completely separate user/service accounts for iCloud (which might or might not). That way I could segregate apps, data and services to minimize risk and manage my family’s stuff.

Again, Google does this right – in Apps for Domains, where a master account can manage a set of services for accounts under the same domain, and where you can set up two-factor auth for any account1.

But one requirement for this that I don’t see Apple doing anytime soon is being able to migrate all my purchases (and my wife’s) to another Apple ID. I’d actually pay to be able to maintain my current Apple ID for mail, Messages and iCloud and transfer all my purchases to a family account ID that held no services whatsoever.

But I digress.

The way I see it, Apple’s two-factor auth will be a dud not because it prevents people who know your password from buying apps and content on other devices without your consent, but because besides making it harder to perform legitimate purchases2 it won’t improve security of your mail or your iCloud data3 one whit – your contacts, calendars, documents, and whatnot are still out on a limb.

Remember that once you start fiddling with Find my iPhone to get a verification code for purchasing the next Angry Birds.

And back up often, just in case.


  1. My e-mail for this domain (and a few other things) are hosted in Google Apps for Domains, and I use two-factor auth and separate IMAP passwords because the whole thing is well thought out and well implemented. ↩︎

  2. Ironically, I can see most people I know (even security-conscious folk) switching it off after they find it inconvenient to jump through hoops to grab the latest trendy €1.99 game.  ↩︎

  3. And between someone downloading a €1.99 game with your account or having access to those documents your bank/broker/bookie/whatever e-mailed you, which would you pick? ↩︎


See Also: