Apple on Monday appears to have rolled out a new implementation of its two-factor Apple ID authentication system with iCloud.com, requiring users who have the additional layer of security enabled to enter a special code before accessing the Web apps.
With the new implementation, shown in the screenshot above, Apple is expanding its two-step authentication security feature beyond Apple ID management and iCloud-connected features to the iCloud.com Web app suite. Prior to the change, iCloud.com was accessible via a simple password. The feature was first spotted by reader Stephan.
In the latest versions of OS X and iOS, Apple's new iCloud Keychain provides one of the most important pieces of functionality for security-conscious users: a password manager.
Unfortunately, it's kind of a mess. iCloud Keychain does accomplish the most basic things you'd expect a password manager to do, but it often does so in an awkward manner. Important functionality is hard enough to find that it may be effectively hidden from the average user, particularly on iPhones and iPads.
Russian security researcher Vladimir Katalov analyzed Apple's secretive iCloud and Find My Phone protocols to discover that neither are protected by two-factor authentication, and iCloud data can be downloaded remotely without a user ever knowing.
Smartphones carry a lot of sensitive data that in theory should be accessible only to their owners. In practice, a lot of it can be exfiltrated from the devices and from the backups either stored on the device or in the cloud by employing different forensic methods.
Apple revealed at its Worldwide Developers Conference on Monday that it will be releasing a new version of iWork for iCloud, enabling remote access to the productivity suite with nearly full functionality offered in a Web client.
In an exploration of the beta, AppleInsider found that its overall function was very smooth, with quick loading times and no hiccups or bumps in its animation or responsiveness.