Apple beefs up log-in security for iMessage, FaceTime

The communications services get two-step verification, aimed at preventing unauthorized access to accounts, even if the username and password are entered.

Steven Musil Night Editor / News

Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.

Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.

See full bio

Steven Musil

Feb. 12, 2015 4:09 p.m. PT

2 min read

Smile! Your FaceTime log-in procedure just became a bit more secure. Apple

Apple is strengthening the log-in process for its iMessage and FaceTime digital communications services with the aim of preventing hackers from hijacking users' accounts.

Apple announced Thursday it is adding two-step identity verification to users' accounts, stopping unauthorized people from accessing accounts, even if they know the user's password. Apple has been beefing up the security of its Internet products since last year's high-profile breaching of iCloud accounts belonging to celebrities who use the service.

Traditionally, online services have relied on the single-step process of entering a username and associated password to access an account. Two-step verification, also known as two-factor verification, provides an extra layer of security by requiring users to prove their identity by entering a second form of authentication in addition to a password to access accounts.

While there are several credential options available, many online services, including Google, Twitter and Facebook, will text a randomly generated four-digit code to users' phones as a second factor every time they try to log in to a device not already associated with the account.

However, critics are quick to point out that two-step verification isn't entirely bulletproof, noting that it usually requires a USB token, phone or other device that's easy to lose. Also, anyone with access to the device who knows your online password could also access protected accounts.

Apple has had two-step authentication since 2013 for its Apple ID account, which is used to make purchases from iTunes and the App Store and make changes to account details. Apple has pledged to increase awareness of two-factor authentication.

The changes are part of an effort sparked by the release of several private, nude images of celebrities pilfered from Apple iCloud accounts in September. After an Apple investigation determined that the image release was the result of a targeted attack on individual accounts and not poor security on its part, Apple published a new privacy policy that includes guidelines for protecting online accounts.

Apple has published an FAQ that explains how to set up two-step verification on the services and its inner workings.