On Apple's Upcoming Two-Factor Authentication

It’s half-baked.

I am clearly in the minority that thinks of two-factor auth in and by itself as security voodoo to appease the unwashed masses – especially if you don’t follow it up with privilege separation – and I’m going to stick to my guns on this one.

This because from what I’m reading it only applies to purchasing content and managing your ID, and therefore makes it half a solution for those of us who find it incredibly backwards that there is no separation whatsoever between service access (mail, calendaring, storage) and billing info.

The way things stand right now (and even after two-factor auth such as described above is active), once your account is compromised via a bug in one of those services or malfeasance and your password is exposed, it’s completely compromised.

Yes, that’s right. Sure, with two-factor auth you’d be able to regain control of your account, but nightmare wipeout scenarios like Matt Honan’s are still possible, since with your password a hacker can delete your mail account, calendars, contacts and whatnot – and, horrifically, it looks like remote wipe of Macs and iOS devices isn’t protected by two-factor auth (but at this stage there is still little info, and I might well be wrong).

Like I wrote , it is positively idiotic that the very same ID and password I use for the App Store or to manage my account is also used to access my e-mail and Messages. (for all their whimsy regarding service life cycles) does this right by allowing me to manage service passwords.

Also of note is the utter lack of grouping for IDs, or being able to set up family accounts in .

My ideal scenario would be to have a single username and password for purchasing apps and content – which would indeed have two-factor auth – and completely separate user/service accounts for (which might or might not). That way I could segregate apps, data and services to minimize risk and manage my family’s stuff.

Again, does this right – in Apps for Domains, where a master account can manage a set of services for accounts under the same domain, and where you can set up two-factor auth for any account1.

But one requirement for this that I don’t see doing anytime soon is being able to migrate all my purchases (and my wife’s) to another ID. I’d actually pay to be able to maintain my current ID for mail, Messages and and transfer all my purchases to a family account ID that held no services whatsoever.

But I digress.

The way I see it, two-factor auth will be a dud not because it prevents people who know your password from buying apps and content on other devices without your consent, but because besides making it harder to perform legitimate purchases2 it won’t improve security of your mail or your data3 one whit – your contacts, calendars, documents, and whatnot are still out on a limb.

Remember that once you start fiddling with Find my iPhone to get a verification code for purchasing the next Angry Birds.

And back up often, just in case.

  1. My e-mail for this domain (and a few other things) are hosted in Apps for Domains, and I use two-factor auth and separate passwords because the whole thing is well thought out and well implemented. ↩︎

  2. Ironically, I can see most people I know (even security-conscious folk) switching it off after they find it inconvenient to jump through hoops to grab the latest trendy €1.99 game. ↩︎

  3. And between someone downloading a €1.99 game with your account or having access to those documents your bank/broker/bookie/whatever e-mailed you, which would you pick? ↩︎