Apple has enabled two-factor authentication for its iCloud service, giving the company a much-needed security boost. When enabled, this new feature will require users to verify their identity every time they log into their Apple account. Lost passwords can only be reset using a verified device and recovery key; all other attempts at password recovery will be disabled, eliminating security holes like the one that allowed hackers to delete a large amount of journalist Mat Honan's digital life.
Two-step verification can be enabled on the Apple ID website (opens in new tab) by logging in and navigating to the Password and Security tab on the left. Near the top of the page, there will be a section labeled Two-Step Verification with a Get Started link immediately below.
Next, Apple will ask you to verify your identity by answering two security questions. Once these are successfully answered, Apple will verify your Apple devices by sending a 4-digit verification code to each. After this process, Apple will supply you with a recovery key, which can be used to reset the password if you lose your verified devices.
We first verified our iPhone, which sent the device a popup alert with the verification code. Once this was done, and were automatically prompted to enter and verify our phone number using an SMS code. We verified the rest of our devices and then pressed continue.
Next, Apple gives you your Recovery Key, which can be used to reset your password in case you don't have a trusted device with you. Users are encouraged not to save the code on their computer, instead printing out the code or writing it down on a piece of paper and saving it in a safe place. We were required to enter the full recovery key into a prompt on the next screen to verify that we successfully received a copy.
Apple has you verify the conditions of two-factor authentication one more time before enabling the feature. Once activated, users will receive a confirmation email and will henceforth be required to use two verification items in order to log into their accounts.