TechSpot means tech analysis and advice you can trust. Read our ethics statement.
Apple today joined a growing list of companies who offer two-factor authentication. The move offers users the option of better security by requiring additional information while logging in, namely a four-digit verification code sent via SMS or through Apple's Find My Phone app (available on any iOS device). You can read Apple's FAQ here.
Two-step verification relies on more than just a password to authenticate an account. Most implementations boil down to something you know (i.e. password) in combination with something you have (e.g. smartphone, dongle). The idea is even if hackers discover your password, they most likely don't have your phone – or vice versa.
To enable two-step verification:
- Log in to appleid.apple.com.
- Click "Password and Security". Answer the security questions.
- Find "Two-Step Verification" and click the "Get started..." link.
- You'll be shown a few pages with information on two-step verification. Click "Continue" a couple of times and "Get Started" to begin.
- You'll be presented with a list of "trusted devices" under your account. Verify the devices you want and click "Continue" (Tip: You may need to setup "Find My iPhone" on your iOS device, unless you'll be doing SMS verifications).
- Next, you'll receive a recovery code. Apple suggests you write this down or print it out and store it somewhere safe. Without it, regaining access to your account in the future could be difficult at best and impossible at worst.
- Confirm your recovery code. Click "Enable Two-Factor Authentication."
With more data and services tied to your Apple ID than ever – iTunes purchases, iCloud data and Facetime, just to name a few – security has become increasingly important.
Wired journalist Matt Honan probably knows this better than anyone after his accounts were hijacked by a hacker who "dissolved" his digital life.
"Because I didn't have Google's two-factor authentication turned on, when Phobia entered my Gmail address, he could view the alternate e-mail I had set up for account recovery. Google partially obscures that information, starring out many characters, but there were enough characters available, email@example.com. Jackpot." Honan said.