Two-Step and Apple Pay: the Future of Online Security

October 16, 2014

Apple PayWith the launch of Apple Pay, Apple’s new contactless payment method on the iPhone 6 and 6 Plus, I’ve heard a lot of people asking: what’s wrong with the payment process we have now? It doesn’t take that much time to pull out a credit card.

The real issue Apple Pay solves is security, not convenience. And it’s one member of a new generation of technologies to keep your personal information safe.

Our antiquated systems

When you think of technology, you think new. The fact is that most of the security measures we have in place now have been around for decades. The magnetic stripe on credit cards has been around since the 1960s, and we’ve been using usernames and passwords to log into computers and sites for almost as long as there’ve been computers and sites to log into.

The problem with magnetic stripes and username/password combinations is that there’s no check to make sure it’s actually you using them. And as we’ve seen lately, both login information and credit card numbers can end up in the wrong hands.

But what if someone was powerless to use your login or your credit card unless you were actually there?

Two-step authentication: Proving it’s really you

Google, Facebook, Apple, and others have all embraced the option to add an additional level of security for a login. This additional step – known as two-factor authentication or a two-step login – identifies your browser or your location (by an IP address) as someone you trust. That way if someone across the country or the world gets their hands on your login, they can’t use it without your permission.

When you see someone who needs high-level clearance in a movie – think John Nash in A Beautiful Mind – it might involve a series of numbers that changes every few minutes. Luckily logins for sites don’t involve an implant into your arm, but they work in a similar way. When you log into a site from a new browser or location, you’re prompted for a number that is either sent to an app you have on your phone or texted to you. You have about a minute to enter the code, and if you do, you’re given access to the site. (Most sites remember your information so you only need to go through the process once every 30 days or longer.)

Want to get started? Read about how to add additional security to your Google, Facebook, Twitter, and Apple accounts.

Apple Pay: Purchasing with an identity check

Apple Pay is kind of like a two-factor authentication for purchases, but they’ve streamlined the process. Apple Pay uses the Visa Token Service (and similar services for other credit cards) to generate a combination of an account number unique to your device and a number that’s specific to each individual transaction. The merchant never sees your actual credit card number.

The iPhone 6 and 6 Plus use your fingerprint (via Touch ID) to make sure it’s really you requesting to pay. And it eliminates the chance that your credit card number can be intercepted by anyone during payment or from a database.

Apple Pay and two-step authentication are two ways of providing additional security for your most sensitive accounts. Here’s hoping much of today’s identity theft will soon be a thing of the past!


Justin is a web and mobile developer at Sephone. He's interested in user-driven design, social media, and web services. He also enjoys learning and exploring new ways for businesses and people to use the web.

Leave a Reply

Your email address will not be published. Required fields are marked *