Thursday, June 29, 2017

Apple ID Two-step vs Two-factor Authentication

I recently had a slew of unauthorized attempted logins on my iCloud account which kept locking me out, requiring a password reset. I called AppleCare and the CSR asked me if had turned on two-factor authentication. I told him that I did and, after looking at my account details, he told me that I didn't have two-factor authentication turned on. Instead, he said that I had two-step authentication enabled. Hmm, I didn't know there was a difference.

The key difference is that Apple's two-factor authentication is more secure than two-step authentication. Two-factor authentication is built into iOS. However, if you have an Apple ID for, say, the iTunes Store, but you don't have any Apple devices then you can't take advantage of two-factor authentication; instead, you can use two-step authentication.

Throughout history, people have authenticated themselves in one of three ways (knows, has, is):
1. Something a person knows (a combination to a lock).
2. Something a person has (a key to a house).
3. Something a person is (I walk though the front door of my house and my family recognizes me).

With two-factor authentication, a person needs two things to prove who they are. We experience this when we withdraw money from an ATM since we need our ATM card (first factor) plus our PIN (second factor). With a two-factor Apple ID login, I need to know both my password and I need to have my iPhone handy so I can see a verification code sent to me when I log in.

Without realizing it, we might use three-factor authentication to get into our home by entering a code to drive into an apartment complex, followed by using a key to open our front door, and finally being recognized by another family member or roommate once we enter our home.

Once I switched over to two-factor authentication, which the CSR at AppleCare walked me through, the password resets immediately ended.

No comments: