Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Apple's web of authentication

Dan Moren | July 29, 2016
Apple uses three main authentication factors: something you know, something you have, and something you are.

As someone who seems to live most of his life on the Internet, I've always appreciated Apple's thorough and thoughtful approach to security. The company realizes that we keep all sorts of important stuff in our devices, from our credit card numbers to our super-secret, handed-down-through-seventeen-generations French toast recipes. Hardly the kind of stuff we want plastered all over the world.

Like every other technology company, Apple has to weigh the fundamental tradeoff between security and convenience. In general, the higher the level of security, the less convenient it is-no surprise there, since making something more difficult for someone else to break into generally means making it more difficult for you, too.

Apple's security measures are pretty comprehensive, and they're only getting better. With the latest additions to Apple's lineup this fall, the company is getting one step closer to creating an interconnected web of authentication that should hopefully make your device security better and more transparent. 

The X factors

When it comes to security, the safest options rely on a multi-factor authentication approach. That is, you ideally want to be able to prove your identity using not just one piece of information, but several different pieces. Traditionally, there are three types of factors: something you know (such as a password), something you have (such as a key), and something you are (biometrics). 

Apple has now implemented authentication via all these factors: passwords and passcodes, your mobile phone and Apple Watch, and Touch ID. In general, when you try to take an action that requires authentication, Apple asks for at least one if not more of these factors. For example, the company's two-step verification (and now its two-factor authentication) sends a code to an iOS device or a Mac when you try to log into your iCloud account or make an iTunes purchase from a new device. So, not only do you have to know the password to that account, but you also need to be able to prove that you have the device in question.

With Apple's new two-factor authentication, that's even further improved, since all your other devices will be alerted, letting you know if someone else is attempting an unauthorized login.

My voice is my passport 

Once the thing of science fiction, biometric authentication has become pedestrian. Logging in to your phone with your fingerprint certainly makes it more convenient, especially when you do it so many times a day, and it allows you to, for example, create a far longer passcode since you hopefully won't have to enter it as frequently.

Biometric security comes with its own risks, however. Unlike a password or passcode that can be stored in your memory alone, biometrics relies on something that's easily accessible. You leave fingerprints everywhere, for example, and face-based biometrics can in some cases be circumvented via video. And once compromised, that form of security basically can't be used again: you can change your password if your account is hacked, but you can't really change your fingerprints. 

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.