iOS users who want to make use of multi-factor authentication currently have to download third-party authenticator apps like Google Authenticator, Authy, or Microsoft Authenticator. By providing a built-in system, Apple is making the setup process more accessible, thus encouraging a larger number of people to make use of it. “To have a more centralized system rather than a scattered system will change the game.” said Miranda Yan, founder of VinPit, in an email interview with Lifewire. “Though Apple is reputed for its privacy and safe handling of user data, [the] new iOS 15 will take that [to] a level above.”
Too Many Cooks
MFA, or two-factor authentication (2FA), requires you to provide more than one form of verification in order to access your accounts, like social media and email. Having to provide added identification—such as entering in a single-use numerical code sent via text message—makes taking over personal accounts more difficult for potential bad guys. Authenticator apps function in a similar way. These apps generate a random six-digit code linked to various accounts that have MFA enabled. Using them is a matter of opening an app to view the code, then entering that code when prompted while logging into the connected account. If a system’s security relies on too many separate entities to monitor and control it, more opportunities for exploitation can arise. Leaving everything up to a single company (in this case, Apple) creates a much more stable environment. Every element of the system can then have the same sets of guidelines and there won’t be any need to “translate” information between platforms. If something goes wrong, the people who know and operate the entire system will be the ones trying to fix it, rather than a third party. According to Sakinah Tanzil, cybersecurity career coach and author of Breaking the Cyber Code, the new iOS 15 built-in MFA “…gives [Apple] the ability to provide basic security services such as maintaining integrity of computing processes, controlling access to system resources and data, and providing consistent and predictable computing services.” Every time an app deals with user data, there’s a possibility that someone could steal that data. The more that data is shared and the greater the number of parties involved, the greater the chance of being compromised. If data does get compromised, it’s easier for a single entity to discover and address the problem rather than several trying to coordinate. “The introduction of the MFA/2FA feature in the new iOS 15 will help improve the security of iPhone devices by eliminating a third-party authenticating app,” said Harriet Chan, the co-founder of CocoFinder. “…It means that your data is not at the risk of mishandling in any third-party app that may expose you to several security risks and data privacy breaches.”
Nothing is Perfect
Of course, no security system is perfect, and while the addition of a built-in MFA is a definite improvement for iOS 15, users will still need to be vigilant. With a not-insignificant number of apps scamming App Store users out of millions of cumulative dollars, it’s easy to see why. “Since users will be able to use MFA security features without accessing third-party apps, this puts less pressure on app developers to do their part in safeguarding applications with cybersecurity features,” Phil Crippen, the CEO of John Adams IT, said in an email interview. “As of 2021, it’s still fairly common for a hacker to extract user data from an app without much effort,” he said. This is a similar issue to the one posed by the App Store’s strict admittance guidelines, which can provide you with a false sense of security. By dropping your guard, you can open yourself up to downloading fake apps that claim to be official, manipulative apps with boosted ratings from fake reviews, and more. The same applies to feeling too comfortable and secure with iOS 15. Yes, it has improved security features, but it’s not invincible. Experts agree that you still need to be aware of—and use—MFA when available.