<?xml version="1.0" encoding="UTF-8" standalone="yes"?><oembed><version><![CDATA[1.0]]></version><provider_name><![CDATA[Gigaom]]></provider_name><provider_url><![CDATA[http://gigaom.com]]></provider_url><author_name><![CDATA[Kif Leswing]]></author_name><author_url><![CDATA[http://search.gigaom.com/author/kifleswing1/]]></author_url><title><![CDATA[iMessage just got secure: Apple expands iCloud two-factor authentication]]></title><type><![CDATA[link]]></type><html><![CDATA[<p>Since the <a href="http://techcrunch.com/2014/09/02/apples-two-factor-authentication-doesnt-protect-icloud-backups-or-photo-streams/?ncid=rss">embarrassing revelation</a> that iCloud&#8217;s two-factor authentication didn&#8217;t actually cover many of Apple&#8217;s online services, <a href="https://gigaom.com/2014/09/16/two-factor-authentication-for-icloud-now-protects-user-backups/">partially responsible</a> for a rash of leaked celebrity photos last year, Apple has been <a href="https://gigaom.com/2014/09/16/two-factor-authentication-for-icloud-now-protects-user-backups/">gradually</a> <a href="https://gigaom.com/2014/07/01/pick-four-two-factor-authentication-appears-in-apples-icloud-apps/">adding</a> the security setting to many of its other services. On Thursday, users with iCloud&#8217;s two-factor authentication enabled will need to complete extra steps when logging into iMessage and FaceTime, <a href="http://www.theguardian.com/technology/2015/feb/12/apple-enables-two-step-authentication-for-imessages-and-facetime?utm_medium=twitter&amp;utm_source=dlvr.it">the Guardian reported</a>. The feature is rolling out now, but may not be available for your specific devices yet.</p>
<p>For users who have two-factor turned on, when you log into iMessage on a new iPhone or Mac, your Apple ID password won&#8217;t be enough to gain access. According to MacRumors, FaceTime and iMessage are <a href="http://support.apple.com/en-us/HT6186">using app-specific passwords</a>, in which you generate a unique code on Apple&#8217;s website, instead of having a four-digit PIN texted to your device.</p>
<p>Now, a miscreant with your Apple ID password &#8212; possibly gained through phishing, other social engineering, or even a lucky guess &#8212; won&#8217;t be able to set up iMessage or FaceTime and pretend to be you without your phone. Because of the way <a href="https://www.apple.com/br/privacy/docs/iOS_Security_Guide_Oct_2014.pdf">iMessage uses encryption</a>, simply logging into a new device doesn&#8217;t recover old iMessages, even before Apple turned on the new two-factor authentication.</p>
<p>If you don&#8217;t have <a href="https://appleid.apple.com/">two-factor turned on</a> for your iCloud account, you should do it. <a href="http://support.apple.com/en-nz/HT204152">Here&#8217;s Apple&#8217;s guide</a>. After all, even if you&#8217;re not a celebrity, you don&#8217;t want to <a href="http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/all/">get hacked</a> and have your life turned upside down.</p>
<p><em>This post was updated on 2/13 to clarify that iMessage and FaceTime are using app-specific passwords, and not two-factor authentication with a PIN code. </em></p>
<p>&nbsp;</p>
]]></html><thumbnail_url><![CDATA[https://i2.wp.com/gigaom2.files.wordpress.com/2015/02/screen-shot-2015-02-03-at-11-41-41-am-e1422985467586.png?fit=440%2C330&quality=80&strip=all]]></thumbnail_url><thumbnail_height><![CDATA[292]]></thumbnail_height><thumbnail_width><![CDATA[440]]></thumbnail_width></oembed>