​Apple to rollout new two-factor authentication in iOS 9 and El Capitan

Apple is aiming for a more streamlined two-factor authentication system for its next Mac and iPhone operating systems.

Apple is rolling out a new two-factor authentication scheme for iOS 9 and OS El Capitan that it claims will be smoother than the existing system, which it introduced in 2013.

The new security element will be included in the beta program for the two upcoming operating systems, and is meant to tidy up Apple's previous two-step verification and make it easier to use.

Apple patents phone where bending is a feature, not a flaw

​Apple patents phone where bending is a feature, not a flaw

Apple has been granted a patent that could lead the way to a fully flexible iPhone that's actually built to bend in your pocket.

Read More

The idea behind two-factor systems is to prevent a hacker from accessing another person's account if they've managed to get hold of their username and password details.

With two-factor, as well as account credentials, an attacker needs to input a separate verification code sent only to the user's device - which in the former Apple system was four digits long and in the new system is six digits - in order to access that person's account. As that means the attacker would have to physically have the device in their possession, it cuts down the risk of account hijacking.

Apple outlined the new scheme in a support document, noting that the service is built directly into iOS 9 and OS X El Capitan and "uses different methods to trust devices and deliver verification codes".

Developers in Apple's beta program will need to enrol their devices with Apple's new service. Once that's done, any Apple device that a user is already signed into will display a six-digit verification code whenever an attempt is made to use the same Apple ID account on a separate device.

The new service will no longer offer the Recovery Key option available in the previous system, which is designed to help users regain access to their account when they have lost a trusted device or forgot their password.

Apple confirmed the change to MacWorld, which noted that Recovery Key - a 14-character code that Apple suggests users print out and store in a safe place - had in some cases left people unable to use their Apple ID.

Alongside removing Recovery Key, Apple is also introducing a new account recovery procedure, which it says could take "a few days or longer" depending on how readily a person can verify they're the account owner.

"Simply provide a verified phone number where you can receive a text message or phone call regarding your account. Apple will review your case and contact you at the number provided when your Apple ID is ready for recovery. The automated message will direct you to iforgot.apple.com to complete the required steps and regain access to your account," Apple notes in the document.

Apple users will be able to check the status of their account recovery request at https://iforgot.apple.com.

Read more