Apple enables two-step verification for iCloud accounts

Apple has joined the growing list of companies offering two-step verification to secure user accounts. By enabling two-step verification, whenever you attempt to log in on a new device with your Apple ID, you will be asked to enter a 4-digit verification code. This code will be sent to a device that you have registered as a trusted device, such as your iPhone, via a Find My iPhone notification or SMS.

Your Apple ID can be used for personal information services like iCloud and commercial transactions through iTunes. Two-step verification ensures that if your Apple ID and password are somehow compromised, an attacker would not be able to log in with it unless they also had access to your trusted device. This drastically reduces the risk of a compromised Apple ID being abused in a few ways, such as not being able to make unauthorized purchases and not allowing access to your personal email and contacts. The part about iCloud is especially critical in light of stories like Wired's Mat Honan, where a compromised iCloud account resulted in his devices being remotely wiped by an attacker. With two-factor verification, a malicious act like that would require an attacker to also have obtained access to one of Honan's trusted devices.

Users who choose to enable two-step verification will also want to create a Recovery Key and keep it in a safe place. This Recovery Key will ensure that even if you lose your trusted devices, you will still be able to regain access to your account. It’s a little bit like trusting a neighbor with a spare house key in case you ever lose yours and can’t get into your house.

People interested in turning on two-step verification can head over to Apple’s support document for more information.

Source: Apple via 9to5Mac

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Nick Arnott

Security editor, breaker of things, and caffeine savant. QA at POSSIBLE Mobile. Writes on about QA & security, and as @noir on Twitter about nothing in particular.

More Posts



← Previously

Apple executive talks about renewable energy and environmental goals

Next up →

Apple Podcasts app updated with custom stations, on-the-go playlists, new design, more

Reader comments

Apple enables two-step verification for iCloud accounts


2-Step Authentication is available to set up only if you have a password that meets requirements of at least 8 characters - one of which has to be a number, and another a capital letter... if you change your password today to meet those requirements, there's a waiting period to finish the set-up to further deter account hijacking.

Glad to see this is implemented. Painless setup as usual.

One question though, has anyone seen if they have to do this with their Apple TV as well?

This is supposed to be easy to implement? As I understand it, I have to be able to receive a security code on any device that I want to use to access my account or make purchases. On my iPhone with SMS, not a big deal. It appears on my iPad I have to have my iPhone with me and be able to receive an SMS message. Same with my Mac. For the other iPhone in my house (which doesn't have SMS messaging) and the iPad they use, I haven't the faintest idea how to accomplish this.

After about 20 minutes, I turned off two-step verification.

Did you try Find My iPhone on those other devices? Sounds like you should be able to receive verification code push notifications through Find My iPhone on any device.

Couldn't figure out how to do that (there doesn't appear to be an option to send the code there) and the FAQ was not helpful.....

Here's a question, what if you have 2 IDs?
One for the App Store & one for iCloud. Which one is the real Apple ID?

The more security, the better. I am always paranoid someone is going to snatch my phone away from me. Anything to make it more secure is better.