Hacking Apple: Two-Factor Authentication May Not Be Good Enough

By Douglas A. McIntyre Published May 31, 6:50AM EDT

Follow 24/7 Wall St. on Google

This post may contain links from our sponsors and affiliates, and Flywheel Publishing may receive compensation for actions taken through them.

Security problems that had been limited almost exclusively to Microsoft Corp.’s (NASDAQ: MSFT) Windows and Windows-compliant products have migrated to Apple Inc. (NASDAQ: AAPL) ones. Given the surge in the success of the Mac, and the extraordinary growth of the iPhone and iPad, this should have been expected.

CNNMoney reports on holes in Apple’s security:

Apple recently beefed up its authentication system in an effort to thwart hackers, but a new report shows the security measure is lacking in one huge area.

Back in March, Apple unveiled an optional “two-factor authentication” login method for its Apple ID. It’s a basic security tool already used by Google, Facebook (FB) and Dropbox that requires both a password and a piece of data, such as a string of numbers sent via text message. Twitter also recently unveiled such a system following a series of prominent hacks of Twitter accounts.

But security software company ElcomSoft explained in a blog post Thursday that Apple’s new security measures protect users only in a few situations: app and music purchases, managing an Apple ID account or receiving customer support related to Apple ID. It does nothing to protect other important information, like photos and other files stored on its iCloud service.

A hacker who manages to figure out a user’s Apple ID and password could log into that user’s iCloud account, and download all of the potentially sensitive information stored there — even if that user has the two-factor system enabled. ElcomSoft accused Apple of doing “a half-hearted job,” arguing the two-factor protection should be implemented on iCloud data backups as well.

About the Author Douglas A. McIntyre →

Douglas A. McIntyre is the co-founder, chief executive officer and editor in chief of 24/7 Wall St. and 24/7 Tempo. He has held these jobs since 2006.

McIntyre has written thousands of articles for 24/7 Wall St. He is an expert on corporate finance, the automotive industry, media companies and international finance. He has edited articles on national demographics, sports, personal income and travel.

His work has been quoted or mentioned in The New York Times, The Wall Street Journal, Los Angeles Times, The Washington Post, NBC News, Time, The New Yorker, HuffPost USA Today, Business Insider, Yahoo, AOL, MarketWatch, The Atlantic, Bloomberg, New York Post, Chicago Tribune, Forbes, The Guardian and many other major publications. McIntyre has been a guest on CNBC, the BBC and television and radio stations across the country.

A magna cum laude graduate of Harvard College, McIntyre also was president of The Harvard Advocate. Founded in 1866, the Advocate is the oldest college publication in the United States.

TheStreet.com, Comps.com and Edgar Online are some of the public companies for which McIntyre served on the board of directors. He was a Vicinity Corporation board member when the company was sold to Microsoft in 2002. He served on the audit committees of some of these companies.

McIntyre has been the CEO of FutureSource, a provider of trading terminals and news to commodities and futures traders. He was president of Switchboard, the online phone directory company. He served as chairman and CEO of On2 Technologies, the video compression company that provided video compression software for Adobe’s Flash. Google bought On2 in 2009.