by Dan Moren
Two-factor authentication comes to FaceTime and iMessage
The security feature adds an extra layer of protection against hackers trying to access users’ accounts. After logging in with their usual name and password, two-factor asks account holders to use a second security code to verify their messaging and video chat accounts.
I’m a big proponent of two-factor authentication, but I don’t love the way this is implemented. Rather than requiring a verification code, as happens when you try to log in to your iCloud account, FaceTime and iMessage will instead prompt you for an app-specific password (essentially a randomly generated one-time password) when you try to login. To do that you have to go to a website, log in, verify that login with a two-factor code, and then get the app-specific password and paste it back into the originating application. Seems like it could be a little less clunky.
App-specific passwords are good because they’re disposable and you can always revoke them and create a new one if an account is accessed, but they can be a pain to manage. Most people don’t want to spend their time keeping track of all the different one-time passwords they’ve created.1
All of that said, it’s good to see Apple taking proactive steps to ensure security on its many services, instead of playing catch-up after the fact.
- My Google account currently has 28 app-specific passwords associated with it, at least half of which are probably out of date, but is it worth my time going through and trying to figure out which are which? ↩