Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Apple Makes Two Factor Authentication Available for Apple IDs

In an effort to increase security for user accounts, Apple on Thursday introduced a two-step verification option for Apple IDs.

In an effort to increase security for user accounts, Apple on Thursday introduced a two-step verification option for Apple IDs.

As the “epic hacking” of Wired journalist Mat Honan proved, an Apple ID often carries much more power than the ability to buy songs and apps through Apple’s App store.  

An Apple ID can essentially be the keys to the Kingdom when it comes to Apple devices and user maintained data, and as Apple explains, is the “ key to many important things you do with Apple, such as purchasing from the iTunes and App Stores, keeping personal information up-to-date across your devices with iCloud, and locating, locking, or wiping your devices.”

Two-step verification is a feature you can use to keep your Apple ID as secure as possible, Apple said.

“After you turn [Two-step verification] on, there will be no way for anyone to access and manage your account at My Apple ID other than by using your password, verification codes sent your trusted devices, or your Recovery Key,” a note from Apple explained.

To setup two-step verification, users need to register one or more “trusted” devices, a device that can receive a 4-digit verification code through either Find My iPhone notifications or SMS.

Once signed in using an Apple ID through My Apple ID, or through iTunes, the App Store, or iBookstore, users need to enter their password and a 4-digit verification code as shown in the diagram below.

Two Step Verification for Apple ID Process

Apple also provides a 14-digit Recovery Key they can be used to regain access to an account if a trusted device is lost or password is forgotten.

If you use your Apple ID for anything more than simply making purchase via iTunes, you’d be crazy not to take advantage of this added security measure. While it has been available for years, any Gmail users not yet using it, should be taking advantage of Google’s two-step verification security option as well. 

More information on Apple’s two-step verification is available here

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...