iCloud's two-factor authentication silver lining

Last August, a trove of private images leaked online following a series of targeted brute force attacks against celebrity accounts in iCloud, says Silvio Kutic.

Silvio Kutic, CEO at Infobip
Silvio Kutic, CEO at Infobip

Yesterday marked the one year anniversary of 2014's iCloud hack. Last August, a treasure trove of private images leaked online following a series of targeted brute force attacks against celebrity accounts. Through this method, hackers were able to successfully pull data from Apple's cloud storage service, leading to one of the most high profile invasions of privacy in recent years.

The news made headlines around the world and became the focal point for countless data protection discussions in the months that followed. But has it changed our collective approach to online security? To fully answer this question, we need to consider the business and consumer implications of such a mainstream data breach, starting with the immediate fallout.

Tackling the business of account security                       

Apple's response to the iCloud breach was by the book. Recognising the need to improve security and regain the trust it had lost, Apple rolled out two-factor authentication (2FA) for all its online services.

Yet this had much wider implications than first expected.

Apple's decision grew to represent far more than just a knee-jerk reaction to protecting user data in the wake of a celebrity scandal – it's since had a lasting impact on the technology and security industries. Businesses of all size and scale saw Apple's reputation dive, albeit temporarily, as a result of the controversy and reacted to avoid a similar fate.

As threats from hacking, phishing, and other security challenges grow more sophisticated, 2FA has become a necessity for account authentication. Retailers, online storage providers, and social networks are all adopting 2FA since it's now widely recognised that a simple username and password combination is not enough to guarantee security, particularly in the wake of the Apple iCloud hack.

This is driven in part by a universal need to offer another layer of protection for the often sensitive information today's users place online, but also an overarching desire for online businesses to avoid suffering a similar data breach to the one Apple endured.

Why 2FA?

When it comes to protecting users from the most common form of data breach – a stolen email address or password – 2FA holds the key. It works by requiring a unique one-time PIN in addition to a user's aforementioned details at the point of log in. Granted, two-factor authentication existed long before the iCloud scandal. But after such a major household name was hit by a hack of this nature, and turned to two-factor authentication as the most logical solution, it has become the de facto standard ever since.

SMS-based two-factor authentication, in particular, has seen widespread growth following the iCloud hack, especially with online services that have a global user base to protect. Not only is SMS-based 2FA quick to deploy, it's a consumer-friendly approach to introducing additional account security that causes little disruption when rolled out. It's also capable of being used with any mobile phone and is far cheaper for businesses to introduce than alternative methods. All that's required is a partnership with the right messaging provider – there's no need for expensive third-party hardware, like key fobs.

Consumers challenge security norms

However, although businesses were quick to realise the benefits of 2FA following the events of last August, this was only ever one piece of the puzzle. To work as intended and deliver the desired outcome consumers, too, needed to buy into the extra security benefits offered by 2FA. Fortunately, Apple's security breach also had a positive impact on consumer opinions around data privacy. It raised awareness among online and mobile users about the importance of comprehensive security measures in order to protect their data.

As a result, many users are now apprehensive about signing up for a new service, downloading an app, or making a digital purchase without the promise their personal information will be kept safe and confidential. Yet, despite this new concern over account security, few are willing to adopt any extra security measure that affects the flow of the online and mobile services they use. It's a paradox. Consumers want it all – assurance that their data is safe without the responsibility to protect it falling on their shoulders. The importance placed on the user experience, therefore, has largely contributed to the growth of SMS-based 2FA. Capable of blending into any mobile or online user experience, the SMS approach all but guarantees consumer adoption of two-factor authentication.

SMS security

Although the iCloud hack represents far bigger issues over the amount of trust consumers place in online business, there was a silver lining. The iCloud hack by no means stands on its own – there have been countless data breaches since – but it was a turning point for online security. It went a long way to raising awareness of the importance for more advanced security measures, not only among businesses but also the users of online services. Many have come to expect extra security for their online accounts as a result, with 2FA being the cornerstone of this.

Contributed by Silvio Kutic, CEO at Infobip.