Gear

Apple Finally Adds Two-Step Verification to iCloud and Apple ID

Apple begins rolling out two-step authentication for Apple ID and iCloud users, highlighting the growing importance of security as our digital lives move to cloud-based services. Here's how to set it up (and why it's important).
Image may contain File Text and Webpage
Apple added an additional layer of security in the form of two-step authentication.Apple adds an additional layer of security in the form of two-step authentication.

Apple began rolling out two-step authentication for Apple ID and iCloud users Thursday, highlighting the growing importance of security as our digital lives move to cloud-based services. You can set it up here.

Two-step, aka two-factor, authentication provides an additional layer of security by requiring users to enter an automatically generated code from a secondary device in addition to a password when logging on from a new device. As long as a hacker hasn't gained physical access to your device, they will have a far more difficult time trying to access your personal accounts than with single-step authentication. Google has long championed two-factor authentication as a security feature. It is an important and far more effective way to secure accounts than with a password alone.

Apple's two-step verification requires you to validate your identity using a mobile device before being able to make iTunes or App Store purchases, make changes to an account or get a password reset from a new device. After entering your password, a verification code is sent to one of your trusted devices via either SMS or Find My iPhone notifications. You enter that code to validate your identity and gain access to your account. You'll need to verify each of your personal ("trusted") devices in order for verification codes to be delivered to them. Along with knowing your password and needing access to your mobile device, Apple will also give you a recovery key that is needed to reset your password. Setup is relatively easy, and can be done in a matter of moments.

The faults of the fragile and easily overcome traditional password system were exemplified back in August of last year when Wired senior writer Mat Honan was subject to hacking via account resets. Two-step authentication could have stopped that process dead in its tracks. If you have an Apple ID, this is a great feature that you should enable on your account.

Update: Some people are reporting a three day waiting period before being allowed to implement two-step. According to Apple's FAQ:

As a basic security measure, Apple does not allow two-step verification setup to proceed if any significant changes have recently been made to your account information. Significant changes can include a password reset or new security questions. This waiting period helps Apple ensure that you are the only person accessing or modifying your account. While you are in this waiting period, you can continue using your account as usual with all Apple services and stores.

Most Popular