Apple Finally Gets Serious About User Security, Adds Two-Step Verification

Apple is beefing up its security for users of its iTunes, App Store and iBookstore consumers. Starting today, Apple is offering two-step verification for Apple ID, the authentication mechanism it uses for customers using iPhone, iPad and Mac computers.

The move is long overdue for Apple. Two-step verification is a security feature that requires users to verify their identity in more than one way. Previously, if you bought an app in the App Store, Apple would only ask you for your password. That's a one-step verification. Two-step verification adds another hurdle -- asking users to swipe a card, for instance, or to enter a PIN texted to their phone. The idea is that each additional factor used to authenticate a customer makes it that much harder for spammers and crooks to log in as someone they're not.

Apple is enabling two-step verification as an "optional security feature" for Apple ID. To set it up, you must register one or more trusted devices -- say, your smartphone (though technically any device you control that can receive 4-digit verification codes via SMS text or the “Find My iPhone” feature of iOS will do). Apple will also send users a 14 character “Recovery Code” you can print out and save as a way of getting back into your account should you lose your smartphone or forget your password.

The Importance Of Two-Step Authentication

Many companies use multi-factor authentication. Google has offered two-step authentication to all users for more than two years. Facebook also offers it. 

The biggest cautionary tale about Apple security and two-step authentication recently is that of technology reporter Mat Honan. Honan, now a senior writer at Wired, had many of his important accounts hacked, including his Twitter, Google and Apple ID. The hackers, who Honan said were after his three letter @mat Twitter account, were able to remotely erase his iPhone, iPad and MacBook after gaining access to his Apple account. 

Apple, which lacked two-factor authentication at the time, more or less allowed the hackers into Honan’s accounts after they had tracked some personal information about him through his Amazon account. If Apple ID had two-factor authentication at the time, the malicious attack might well have stopped dead when trying to dive into Honan’s Apple accounts.

How To Set Up Two-Factor Authentication

Go to Apple’s support page here and follow the directions. It's fairly simple. First, you want to sign in to your account with “Manage your Apple ID.” Then click on “Password and Security.” Click on “Two-Step Verification” and follow the onscreen instructions.

Many smartphone users are clueless on how much access their unique IDs allow them. Many people, such as Honan, have most of their gadget and social accounts tied through Apple ID or like services. To stay safe, best to make sure that:

  • your passwords are unique;
  • your accounts aren't tied together through a single service (so that if it gets hacked, they all do);
  • you use two-step authentication whenever possible.

Lead image via Flickr user thisisanicephoto, CC 2.0