As promised by Tim Cook, more robust two-factor verification has started rolling out to iCloud.com users. We put together some instructions on how to set it up (below).
Users with two-factor authentication enabled are prompted for a verification code when logging in to iCloud.com, as first reported by MacRumors . In addition, users are alerted by email when their account is accessed online. Those email alerts include the date and time to help you know whether or not it was actually you.
Two-factor authentication or 2FA, is a security method that requires, well, two items. In Apple's case, one of those items is the "knowledge" factor (something you know, like a password), and the other is the "possession" factor (something you have, like an iOS device).
Here's how it works: You log in to a website with a user ID and password. If that's successful, then a code is sent to your mobile device. You enter that code into the website, proving your password and your phone are in the same place—presumably with the same user. At that point, the login is considered successful and you are allowed in to the site.
Pro Tip: This is another reason it's a REALLY good idea to have a passcode on your phone.
Apple's two-step verification screen for Apple IDs.
Here's how to enable 2FA for your Apple ID, from Apple's FAQ page:
- Go to My Apple ID.
- Select Manage your Apple ID and sign in.
- Select Password and Security on the left hand side.
- Under Two-Step Verification, select Get Started and follow the onscreen instructions.
While useful, this will also add an extra step sometimes. When you want to manage your Apple ID (like change a password/update info) or make a purchase from the iTunes/iBooks/App Stores from a new device for the first time, you'll need to use this method for verification. Only the first time, but you won't be allowed to continue otherwise, so make extra sure when you're unboxing that new iPhone and setting it up you have a device handy to catch that verification code!
If you have data from other providers, you wish to secure, you can set up Google's two step verification, and if you want to set it up with Yahoo!, you can do so by going to Yahoo.com and logging in, then hovering the cursor on your name, then Account Info, and setting it up under "Sign-in and Security."