“Another known device” authentication for remote erase?
Mat Honan has a pretty sad story on how more or less all his (important) digital identities got hacked the other day. Maybe the worst part of this story was the remote erase feature of iCloud, which the hacker(s) used to remotely wipe all data on all his (iCloud connected) devices. Turns out that social engineering was the culprit, but nevertheless it got me thinking…
Why isn’t there some kind of two-factor authentication in place, using another known device for this feature [1]? Some people have multiple iPhones/Macs/iPads - you could have iCloud send erase verification codes to any of these, requiring you to unlock them to be able to see the code(s). Another (not very practical) twist could be to require the device you’re using for verification to be within some kind of geo-fence (like “at home”, “at work” etc.). They’re not airtight (someone could steal multiple devices), but they would probably protect against casual hackers without access to any of your devices.
Or for those with only one iCloud connected device - why not provide iCloud (during setup?) with some other phone number (like to a friend, your wife etc.) which Apple can call and verify with if someone should try to remotely erase your device?
I bet there are multiple implementations that would have saved Mat’s data without too much pain.
[1] It’s not uncommon to offer this kind of functionality - Google and Facebook does it already.