Apple enables two-step verification for iCloud accounts

Apple has joined the growing list of companies offering two-step verification to secure user accounts. By enabling two-step verification, whenever you attempt to log in on a new device with your Apple ID, you will be asked to enter a 4-digit verification code. This code will be sent to a device that you have registered as a trusted device, such as your iPhone, via a Find My iPhone notification or SMS.

Your Apple ID can be used for personal information services like iCloud and commercial transactions through iTunes. Two-step verification ensures that if your Apple ID and password are somehow compromised, an attacker would not be able to log in with it unless they also had access to your trusted device. This drastically reduces the risk of a compromised Apple ID being abused in a few ways, such as not being able to make unauthorized purchases and not allowing access to your personal email and contacts. The part about iCloud is especially critical in light of stories like Wired's Mat Honan, where a compromised iCloud account resulted in his devices being remotely wiped by an attacker. With two-factor verification, a malicious act like that would require an attacker to also have obtained access to one of Honan's trusted devices.

Users who choose to enable two-step verification will also want to create a Recovery Key and keep it in a safe place. This Recovery Key will ensure that even if you lose your trusted devices, you will still be able to regain access to your account. It’s a little bit like trusting a neighbor with a spare house key in case you ever lose yours and can’t get into your house.

People interested in turning on two-step verification can head over to Apple’s support document for more information.

Source: Apple via 9to5Mac

Nick Arnott

Security editor, breaker of things, and caffeine savant. QA at Double Encore. Writes on neglectedpotential.com about QA & security, and as @noir on Twitter about nothing in particular.

More Posts

 

0
loading...
0
loading...
0
loading...
0
loading...

← Previously

Apple executive talks about renewable energy and environmental goals

Next up →

Apple Podcasts app updated with custom stations, on-the-go playlists, new design, more

There are 17 comments. Add yours.

kch50428 says:

http://support.apple.com/kb/HT5570

2-Step Authentication is available to set up only if you have a password that meets requirements of at least 8 characters - one of which has to be a number, and another a capital letter... if you change your password today to meet those requirements, there's a waiting period to finish the set-up to further deter account hijacking.

BigLan says:

Ok, thanks for the additional info. This is definitely something I need to check out!

ame says:

Ohhhh I am VERY pleased with this news. *runs to check it out*

asuperstarr says:

You can never have enough security in today's climate. I have no complaints about this decision.

entwined82 says:

Glad to see this is implemented. Painless setup as usual.

One question though, has anyone seen if they have to do this with their Apple TV as well?

Emeroid says:

Great, but my biggest complaint is, 'Why can I still not merge AppleIDs' ?

SFCMM_Spuds says:

One more selling point for Apple and why it ranks over other services

wvayens says:

This is supposed to be easy to implement? As I understand it, I have to be able to receive a security code on any device that I want to use to access my account or make purchases. On my iPhone with SMS, not a big deal. It appears on my iPad I have to have my iPhone with me and be able to receive an SMS message. Same with my Mac. For the other iPhone in my house (which doesn't have SMS messaging) and the iPad they use, I haven't the faintest idea how to accomplish this.

After about 20 minutes, I turned off two-step verification.

Nick Arnott says:

Did you try Find My iPhone on those other devices? Sounds like you should be able to receive verification code push notifications through Find My iPhone on any device.

wvayens says:

Couldn't figure out how to do that (there doesn't appear to be an option to send the code there) and the FAQ was not helpful.....

asuperstarr says:

Contact apple support they should be able to walk you through it.

BigLan says:

Here's a question, what if you have 2 IDs?
One for the App Store & one for iCloud. Which one is the real Apple ID?

melwan says:

I need to know this as well. Can we enable it for both accounts on the same devices?

Jaguarr40 says:

I just used it and enabled my device and iCloud. Can't have too much security

AdrianGabeChen says:

the more security the better i say. hopefully it is seamless and easy to use

shinuyuki says:

The more security, the better. I am always paranoid someone is going to snatch my phone away from me. Anything to make it more secure is better.