Apple is revealing another two-factor authentication scheme for iOS 9 and OS El Capitan that it claims will be smoother than the current system, which it introduced in 2013.
The new two-factor authentication will be included in the beta program for the two upcoming operating systems and is intended to clean up Apple’s past two-step verification and make it simpler to use.
The idea behind two-factor systems is to keep a hacker from accessing another person’s account if they’ve managed to get hold of their username and password details.
With two-factor, as well as account credentials, an attacker needs to input a different verification code sent just the user’s gadget – which in the previous Apple system was four digits long and in the new system is six digits – to get to that person’s account. As that means the attacker would need to physically have the gadget in their possession, it cuts down the risk of account hijacking.
Apple outlined the new scheme in a support document, taking note of that the service is built directly into iOS 9 and OS X El Capitan and “uses different strategies to trust gadgets and deliver verification codes”.
Developers in Apple’s beta program will need to enroll their gadgets with Apple’s new service. Once that is done, any Apple gadgets that a user is already signed into will display a six-digit verification code whatever an attempt is made to use the same Apple ID account on a different gadget.
The new service will no more offer the Recovery Key option available in the previous system, intended to help users regain access to their account when they lost a trusted gadget or forgot their password.
Apple confirmed the change to MacWorld, which noticed that Recovery Key – a 14-character code that Apple recommends users print out and store in a safe place – had in some cases left people not able to use their Apple ID.
Alongside removing Recovery Key, Apple is likewise presenting another account recovery method, which it says could take “a couple of days or more” depending upon how promptly a person can verify they’re the account owner.
“Basically give a verified telephone number where you can get an instant message or telephone call with regarding your account. Apple will review your case and contact you at the number provided when your Apple ID is ready for recovery. The automated message will guide you to iforgot.apple.com to finish the required steps and regain access to your account,” Apple notes in the report.
Apple users will be able to check the status of their account recovery request at https://iforgot.apple.com.