iOS 9, OS X El Capitan to beef up your Apple account security

The latest beta releases of Apple's upcoming desktop and mobile OS dispense with the annoying Recovery Key and will let you use one device to verify another.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Lance Whitney
3 min read

Look for tighter account security in iOS 9 and OS X El Capitan if you forget your password. CNET

Apple is shaking up the way it confirms whether you're the rightful owner of your iOS device or Mac.

Built directly into iOS 9 and OS X El Capitan, a system called "two-factor authentication" will add an extra layer of security that can keep your Apple account more secure, even if someone gains access to your password. On a support page for developers, Apple explained that the new process will verify your identity through both a password and a six-digit code whenever you sign into a new device using your Apple ID. That code will pop up on any Apple mobile device or computer in which you are already signed in. And once signed in, you won't be prompted for the verification code again.

Further, in iOS 9 and El Capitan, Apple is giving the boot to the Recovery Key, a 14-character code employed in the current two-step verification process but which has proven difficult to remember and use. Although, there will be a downside if you forget your password and need to regain access to your account.

Apple is touting the new system as more secure than the current process. Presently, Apple uses something called two-step verification if you need to access or verify your account. This process relies on Apple's Find My Phone and Find My Mac features, while the new two-factor authentication is part of the OS itself. The current process also uses a four-digit code to verify your account, while the two-factor authentication will use a stronger six-digit code. And once the code is passed to any devices running iOS 9 or El Capitan, that device automatically becomes trusted, meaning no further verification will be required. Your account credentials will also be better protected as Apple has said that the new authentication "uses different methods to trust devices and deliver verification codes."

There is one aspect to the new authentication that has both an upside and a downside. Apple will eliminate the 14-digit Recovery Key, which users are required to enter if they forgot their password or lose a trusted device and need to regain account access. The Recovery Key has been a poor solution as it requires users to write it down lest they easily forget it. And without that key, your account credentials can be irrecoverable.

Instead, of the Recovery Key, however, you will have to call Apple if you need to recover your account using iOS 9 or El Capitan. As Apple explains it, you will have to provide a verified phone number through which you'll receive a text or phone call regarding your account. Apple will review your case and contact you with an automated message with steps on how to recover your account. That is a more reliable and secure system than the current Recovery Key.

The downside?

"Account recovery will take a few days -- or longer -- depending on how much information you can provide to verify that you are the account owner," Apple said. "The process is designed to get you back into your account as quickly as possible while denying access to anyone who might be pretending to be you."

So, yes, the new process is designed for your own security. But being without your Apple account for a few days -- or longer -- could pose a problem for those who need access on a daily basis.

The new process won't be available to Apple users until iOS 9 and OS X El Capitan officially roll out in September. So we'll see at that point just how smoothly it will work.