Hacking Apple: Two-Factor Authentication May Not Be Good Enough

Computer Password
Computer Password

Security problems that had been limited almost exclusively to Microsoft Corp.'s (NASDAQ: MSFT) Windows and Windows-compliant products have migrated to Apple Inc. (NASDAQ: AAPL) ones. Given the surge in the success of the Mac, and the extraordinary growth of the iPhone and iPad, this should have been expected.

CNNMoney reports on holes in Apple's security:

Apple recently beefed up its authentication system in an effort to thwart hackers, but a new report shows the security measure is lacking in one huge area.

Back in March, Apple unveiled an optional "two-factor authentication" login method for its Apple ID. It's a basic security tool already used by Google, Facebook (FB) and Dropbox that requires both a password and a piece of data, such as a string of numbers sent via text message. Twitter also recently unveiled such a system following a series of prominent hacks of Twitter accounts.

But security software company ElcomSoft explained in a blog post Thursday that Apple's new security measures protect users only in a few situations: app and music purchases, managing an Apple ID account or receiving customer support related to Apple ID. It does nothing to protect other important information, like photos and other files stored on its iCloud service.

A hacker who manages to figure out a user's Apple ID and password could log into that user's iCloud account, and download all of the potentially sensitive information stored there - even if that user has the two-factor system enabled. ElcomSoft accused Apple of doing "a half-hearted job," arguing the two-factor protection should be implemented on iCloud data backups as well.

Filed under: 24/7 Wall St. Wire, Internet, Technology Companies Tagged: AAPL, MSFT