iOS 9 and OS X El Capitan bring Two-Factor Authentication to MacBook, iPad and iPhone devices

According to an Apple support document pertaining to both public betas of iOS 9 and Mac OS X El Capitan, Apple users will be able to use two-factor authentication to secure their devices.

The method, which was first pioneered by Google, then embraced by Microsoft, in much of a similar way, relies on the ability of users to receive text messages on a trusted phone number.

Each new devices accessed with an Apple ID can be registered by inserting a 6-digit code which is sent to said number. Once a device is registered, there will be no need to input anymore codes, as said device will be listed within that particular ID’s trusted devices list.

Apple’s new two-factor authentication method comes with a few redundancies that reduce the risk of accidentally locking a device, permanently. For instance, if the iPhone used to authenticate other devices is lost, or stolen, users will be able to submit a request directly to Apple, with a reliable, and trusted phone number. Apple will take a couple of days to evaluate the request and eventually allow the new number to be used to take back control of the devices registered under the same Apple ID.

Legacy devices

As we mentioned in previous articles, legacy devices as far back as the iPhone 4 will be supported by iOS 9, which means that the new security feature will also apply to owners of older devices.

Different methods

Two-factor authentication is not a new technology, but its implementation varies across different devices and operating systems. At a glance, Apple’s way of implementing this security feature seems the most viable, as it doesn’t rely on mobile apps. All that’s needed is a working mobile device capable of receiving text messages.

Google first implemented this method through its Authenticator app, which automatically generates new codes every 60 seconds, however, this method requires the app to be working on any Android device, which could allow a thief to take control of just any Android device registered under a particular account, to gain access to a Google account and steal all information. This prompted Google to add text messaging to the mix, enabling users to restrict authentication to a single smartphone.

In Microsoft’s court, authentication is done through a mobile app bound to a particular phone, which can be either a Windows Phone, Android or iPhone, in a way that still requires a number to be registered as trusted.

Implementation

From what can be gathered, Apple’s method seems to be the most secure and easy to manage for users, as it doesn’t require apps to be installed, or special hoops to jump through. Signing into an Apple ID into a new device for the first time will prompt the user to enter their regular credentials, as well as a randomly generated six-digit verification code, sent to a trusted phone number. From then on, that device will be listed as trusted, and won’t need further verification, unless the user removes it from the list, or changes password.