It feels like every day we hear a new story about a major internet company like Evernote, Twitter or Facebook getting hacked. And when it happens, user passwords, personal information and uploaded content are all compromised.
With this in mind, it’s nice to hear that Apple has given its account security a boost today with a new two-step verification process. The safeguard requires users to verify their identity on a trusted device before making any changes.
First spotted by 9to5Mac, the new verification process is an optional security feature for your Apple ID that requires you to verify your identity using one of your devices before you can make account changes or iTunes purchases.
Setting up two-step verification takes place at My Apple ID (appleid.apple.com). Once logged in, you’ll register one or more of your devices that can receive a 4-digit code either via an SMS or a Find My iPhone app notification (if installed).
9to5Mac also reports that Apple has begun training its AppleCare phone support employees today on the new verification process. And according to the training materials, they are no longer allowed to reset passwords over the phone.
“Two-step verification simplifies and strengthens the security of your account. After you turn it on, there will be no way for anyone to access and manage your account at My Apple ID other than by using your password, verification codes sent your trusted devices, or your Recovery Key. You must be responsible for:
– Remembering your password.
– Keeping your trusted devices physically secure.
– Keeping your Recovery Key in a safe place.
If you lose access to two of these three items at the same time, you could be locked out of your Apple ID account permanently.”
The Recovery Key mentioned above is a 14-digit code for you to print and keep in a safe place. You will use this code to regain access to your account if that’s ever needed. If you ever lose it, it can be replaced through your Apple ID.
Apple took some heat last fall when Wired writer Mat Honan took the hacking of his iCloud account public. Apparently, someone had convinced an AppleCare rep they they were him, and got them to reset his Apple ID password.
While this new two-step verification method should do well to prevent that from happening again, Apple still really dragged its feet on implementing the measure. Google has been offering two-step verification for a few years now.