Apple on Thursday unveiled two-step authentication for Apple and iCloud IDs. As first reported by 9to5 Mac, you can now add the extra level of security to your accounts by heading to Apple's website.
Two-factor authentication requires that you not only know your password to log in to a service; you also need access to something else that's linked to you. Many times, this is a cell phone; that's precisely how Google's two-step authentication works.
[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
Apple's approach requires that you have an iOS device or cell phone handy. To configure two-factor authentication, start by clicking the Manage button on Apple's account management website. Then, after logging in, click on Password and Security. Be quick --Apple logs you out after just a minute or two.
You may then need to answer your security questions to prove that you're really you. Then click the Get Started button under the Two-Step Verification section, and click through several screens of information. Apple stresses that it won't be able to reset your password for you if you enable two-step authentication, and that you'll always need at least two of the following three things: your password, your recovery key, and a compatible device.
Apple further requires that you change your password before enabling two-step authentication, should it decide that your existing password isn't secure enough.
Once you've gotten this far, you may need to wait. Apple requires that you wait three days before you can finish enabling the two-step process--if you were forced to change your password earlier in the process.
If you don't get the big time-out sign, you simply follow the remaining steps that Apple's site presents to confirm your cell phone number.
From then on, when you attempt to log in using your Apple ID, a unique numeric code will be sent to your devices; you'll in turn need to enter that code to complete the login process.
The recovery key Apple provides is a one-time use mechanism to log in to your account if you somehow lose all your associated iOS devices. Apple recommends that you print the recovery code and store it in one or more safe places. (Once you use it, you can get a new one.)
The advantage of two-step authentication is that it's far more secure than a simple password alone, as former Macworld staffer and now Wired senior writer Mat Honan can attest: It makes it considerably more complicated for a malicious user to break into your accounts, since they'll need possession of your device to complete the log in process.