Apple enables two-step verification for iCloud accounts
Apple has joined the growing list of companies offering two-step verification to secure user accounts. By enabling two-step verification, whenever you attempt to log in on a new device with your Apple ID, you will be asked to enter a 4-digit verification code. This code will be sent to a device that you have registered as a trusted device, such as your iPhone, via a Find My iPhone notification or SMS.
Your Apple ID can be used for personal information services like iCloud and commercial transactions through iTunes. Two-step verification ensures that if your Apple ID and password are somehow compromised, an attacker would not be able to log in with it unless they also had access to your trusted device. This drastically reduces the risk of a compromised Apple ID being abused in a few ways, such as not being able to make unauthorized purchases and not allowing access to your personal email and contacts. The part about iCloud is especially critical in light of stories like Wired's Mat Honan, where a compromised iCloud account resulted in his devices being remotely wiped by an attacker. With two-factor verification, a malicious act like that would require an attacker to also have obtained access to one of Honan's trusted devices.
Users who choose to enable two-step verification will also want to create a Recovery Key and keep it in a safe place. This Recovery Key will ensure that even if you lose your trusted devices, you will still be able to regain access to your account. It’s a little bit like trusting a neighbor with a spare house key in case you ever lose yours and can’t get into your house.
People interested in turning on two-step verification can head over to Apple’s support document for more information.