Apple rolls out two-step verification for iCloud.com Web apps
Apple on Monday appears to have rolled out a new implementation of its two-factor Apple ID authentication system with iCloud.com, requiring users who have the additional layer of security enabled to enter a special code before accessing the Web apps.
With the new implementation, shown in the screenshot above, Apple is expanding its two-step authentication security feature beyond Apple ID management and iCloud-connected features to the iCloud.com Web app suite. Prior to the change, iCloud.com was accessible via a simple password. The feature was first spotted by reader Stephan.
AppleInsider was able to confirm the new iCloud security feature is indeed Apple's normal two-factor authentication service, though it is unclear if the feature is in testing or nearing rollout. Certain Apple ID accounts we tested required the second verification, while though others did not.
Like Apple's other two-factor methods, iCloud.com asks users who log on to enter both a password and a four-digit verification code that is sent by the system to a trusted device. Once verified, all iCloud apps are unlocked and can be accessed normally.
We found signing out of iCloud.com will, in most cases, reset the verification mechanism, forcing the secondary code on each login attempt. In some instances, however, the system does not reset itself even after clearing cookies and toggling two-factor authentication via the Apple ID management webpage.
Apple has left the "Find My iPhone" Web app accessible even without secondary authentication in case the trusted iPhone or iPad goes missing.
Apple first introduced two-factor verification in March 2013 to provide an extra layer of security to Apple ID account holders. After launching in the U.S., Australia, Ireland, New Zealand and the U.K., two-step was expanded to Apple ID holders in Canada, France, Germany, Italy, Japan and Spain.in February.
With the new implementation, shown in the screenshot above, Apple is expanding its two-step authentication security feature beyond Apple ID management and iCloud-connected features to the iCloud.com Web app suite. Prior to the change, iCloud.com was accessible via a simple password. The feature was first spotted by reader Stephan.
AppleInsider was able to confirm the new iCloud security feature is indeed Apple's normal two-factor authentication service, though it is unclear if the feature is in testing or nearing rollout. Certain Apple ID accounts we tested required the second verification, while though others did not.
Like Apple's other two-factor methods, iCloud.com asks users who log on to enter both a password and a four-digit verification code that is sent by the system to a trusted device. Once verified, all iCloud apps are unlocked and can be accessed normally.
We found signing out of iCloud.com will, in most cases, reset the verification mechanism, forcing the secondary code on each login attempt. In some instances, however, the system does not reset itself even after clearing cookies and toggling two-factor authentication via the Apple ID management webpage.
Apple has left the "Find My iPhone" Web app accessible even without secondary authentication in case the trusted iPhone or iPad goes missing.
Apple first introduced two-factor verification in March 2013 to provide an extra layer of security to Apple ID account holders. After launching in the U.S., Australia, Ireland, New Zealand and the U.K., two-step was expanded to Apple ID holders in Canada, France, Germany, Italy, Japan and Spain.in February.
Comments
I'm not sure I need to be THAT secure. Seems like it might quickly become a nuisance.
Not that I think it's a bad idea. It's a GREAT idea. I'm just not sure my account is at great enough risk to warrant an ongoing extra step. I log out every time I finish buying something, so I'd be doing the number dance a lot.
I'd wish Apple would hurry up and add more countries to 2-step verification to other countries. Google and others already have this globally.
But hey. Do whatever you want.
Just returned from Vancouver. Expensive and wet but wow what a fantastic city. Loved it.
Now, as to your comment, come on, anything Apple can do to make the only eco system is worth a shit, safer .....
jobs would not have approved of this... adding 'steps' to any process is to accommodate a lack of creative thought. well done gay boy - you're making me wish gill amelio or scully were back at the helm. at least we would know that we have a 100% tried and true buffon at the helm - and save a lot of time before finally installing someone with jobs' approach. at least we've still got ive. wonder what he thinks of cookie boy.
This is called keeping up with the times. Security is a big deal to a lot of people and adding 2 step is a great feature for those that WANT to take advantage of it. This will be an opt-in feature, not forced, just like all 2 step security.
Apple may be working on QR codes or maybe using their finger print scanner to authenticate without having to wait for a text with a 4 digit code.
Since you are So unhappy with apple and Tim cook, why don't you move on to android and windows since obviously security isn't an issue for you and get off Apple News sites.
If you have some creative way to have 2 step without adding "steps" why don't you head to apple.com/feedback and tell them how to do it better?
Oh wait, you live in moms basement and just complain, you don't have any better ideas....
Trolls. So broke they can't even pay attention to the Shift key.
edit: deleted original trollish post
Trolls. So broke they can't even pay attention to the Shift key.
I've flagged him. If he left out the 'gay boy' part, I would have let his post slide.
You're a better man than me; I made the error of responding, something I don't think I should have done as these troll posts get repeated throughout a thread. Good thing a mod deleted my post, including the OP.
edit: I agree on your "if he left out..."
edit 2: I thought the post was deleted, apparently not. Oh well, now edited out the OP. Mods can delete it altogether for all I care.
Well this change screwed me over this weekend. I was updating all my devices IOS and OSX to the latest versions and this came up, it requirement me to verify my AppleID and icloud accounts. Since I have been a long time Apple user my Apple ID have never change form the early days when you needed an ID for the discussion communities as well as registering your Apple products. I had a simple ID which did not include an email address it was just my first initial and last name, been using it since the 90's it was my ID for itunes, AppleSeed program, as well as .mac me.com and then icloud. Everything I ever did with apple was under this one account, including all my itune purchases.
Well over the weekend since my email account with this ID was not verified they forced me to do that as well as change my password since they did not like my password and also put in a cell phone number to do a mobile verification. Well in middle of this process Apple converted my simple ID to an ID with an email address since now all Apple ID must use an email address which is verified. Since my verified email address was not the same as the icloud or .mac one I have it somehow unlink the .mac email account with the simple ID I was using. I use to be able to log into icloud with either the simple ID or the [email protected] email address without an issue. After the whole process I went through I now have two Apple IDs the originally one I has since the 90's which was now converted to the personal email address and now the .mac/icloud account email based account.
Here is where the real issue came in all the purchases on all my iOS devices was done in the simple ID account, I go to update them yesterday and as usually Itunes ask you to log in withing the ID they were purchased with, well the simple ID is now gone, I can no longer log in with my simple ID it says it no longer exists. I spent an hour on the phone last night with Apple Support linking things back together, grant it I no longer have my simple ID I once had, I now have to log in with new email address based ID, but I can now update all my apps and such which were bought with the simple ID thanks to Apple support.
I give this as a warning to others who may have old Apple ID which were not based on an email address, Apple will force you to do away with this and if you do not pay close attention to what you are doing you will be hosed and require a call to Apple. My suggestion if to verify any old ID with either your .mac or icloud email accounts so they are one and the same, otherwise you will have two Apple ID accounts. Everything I said here about the ID and new verification process was confirmed by the Apple support person, Apple has put in new rules about User ID and passwords and such.
Last time I was in Vancouver thieves broke into our vehicle. Yeah... what a city. ???? ...but it is nice-looking.
Just returned from Vancouver. Expensive and wet but wow what a fantastic city. Loved it.
Coming from Florida, you won't have the same perspective on the weather we have here. My wife and I grew up on the prairies, so we refer to the rain as "not snow." Whenever someone complains, we remind them "at least you don't have to shovel it!" That gets us through the winter. It's harder to be so positive in the summer.
Now, as to your comment, come on, anything Apple can do to make the only eco system is worth a shit, safer .....
Definitely. Like I said, I think it's a great idea. I just decided not to do it because, since I log in and out all the time, I'd be doing the verification all the time. That would get old in a hurry. I rationalize my decision by believing that the risk of my account being hacked is low enough that I don't need to bother with the extra hassle.
It seems like if they made this optional everyone would be happy.
It's no good having that 2 step verification if you are allowed unlimited password attempts on the login screen. As soon as you've cracked the password then you can do a backup on a "fresh" iphone.
Also - I'm over in the UK and I use 2-step verification for my appleid, but it doesn't prompt me for this when i log in to the icloud website.
Looks like Apple will have their tail between their legs with this one!