The company finally switched to two-step authentication to better protect users of its iMessages and Face Time services on all Apple devices. This new security feature provides for additional protection against hacking. Now, after you have logged in with your usual name and password, you will be also asked to use a second security code to verify your account.

Two years ago, the log in protection was added to Apple’s iTunes and iCloud accounts: this means that users who have previously logged into their device with Apple ID were already protected.Now the same is applied to two more of Apple’s services. In other words, if you log out of your Face Time or iMessage account and try to log in again, or log in on another machine, you will need a security code to confirm your identity. Thus, even if hackers get your username and password for the account, they still won’t be able to access it without the extra code.

However, critics say that Apple can do even more to secure user accounts. Security experts point out that two-step authentication (which is usually a message to a mobile device or a code-generating smartphone app) is not the same as fully-fledged multi-factor authentication. The latter normally relies on something that you know (a password) plus something that you have (a swipe card) or something that you are (a fingerprint).

In fact, many banks have been using card readers or numeric key fobs with security codes for a while now. But banks are more serious institutions that Internet sites like Facebook, Twitter and Google. Social networks normally just send the code to the phone number registered to the account. In other words, their two-step authentication is two sets of something that a user knows, though the ability to enter the SMS-based password depends only on their access to the text message, rather than on their ownership of the smartphone. The problem is that if the hackers manage to divert the calls or messages of that device, such two-step authentication will be subverted (and this already happened a few times).

As for the new Apple’s two-step authentication, the system uses codes sent via text message to a registered phone or the company’s Find My iPhone app. The company also pointed out that the user could associate more than one phone number to the account in case one of them is lost or stolen. Finally, a recovery key (the one that should be kept safe for emergencies) can also be used to log into the account instead of a security code.