Following criticism of the shortcomings of Apple's two-step verification for iCloud, Apple has extended its security system to cover FaceTime and iMessage.
As The Guardian reports, Apple is now adding another layer of security against cyber attackers who might want to gain access to people's private communications.
The two-step authentication requires users to add another form of identity verification, such as a randomly generated code sent to the user's device, before being given access to the apps.
In this case, once iPhone and iPad owners log in to FaceTime or iMessage, Apple will be prompting them to generate an app-specific password for one-time use on the Apple ID management page. Once they have the password, users can then log in to FaceTime or iMessage using their Apple ID and the app-specific password.
This will only be available for users who have already enabled the two-step verification process for their iCloud accounts. Last year, Apple rolled out the two-step authentication following the high-profile breaches of celebrity-owned accounts that led to the leaking of hundreds of private photos online. Users who have not yet enabled two-step authentication for iCloud are encouraged to do so.
However, Apple's two-step verification system for iCloud was not without some loopholes. A Medium report last month pointed out that the two-step verification does not prevent hackers from breaking into FaceTime, iMessage, iTunes, the App Store and the online Apple Store, which may have prompted Apple to roll out the security system to its communication apps.
While other Apple apps still only require a single password to log in, security researchers, however, applaud Apple's move to beef up security for its most used apps.
"It's really great to see Apple extending its two-step authentication to cover more services, particularly person-to-person communication services such as these, which have been so widely abused in the past," said Rik Ferguson, vice president of security research at Trend Micro.
Still, Ferguson believes the two-step authentication is not the same as a two-factor authentication, which relies on two separate components to verify a user's identity. For example, an ATM uses the two-factor authentication because it requires the combination of a bank card that the user inserts into the ATM slot and the entry of a PIN to authorize a transaction.
"Multi-factor authentication typically relies on something that you know (a password) in addition to either something you have (e.g. a swipe card) or something that you are (a fingerprint)," Ferguson said. "Two-step authentication is simply two sets of something that you know."
For instance, Apple could easily implement the two-factor authentication for its apps and services by combining passwords and the use of its TouchID fingerprint sensor.