Apple has reportedly turned on two-factor authentication for iMessage and FaceTime users.
The added layer of security for iPhone, iPad, and Mac computers helps to protect against hackers—like the one who published dozens of nude celebrity images allegedly stolen from Apple’s iCloud.
Two-step verification requires users to enter their usual password plus a second security code (like numbers sent via text message) to confirm their identity before signing into certain services, including iCloud and the App Store. Now those sign-in requirements have been extended to FaceTime and iMessage for those with two-factor authentication enabled, as first reported by The Guardian.
To get started, visit My Apple ID online, select “Manage your Apple ID” and sign in, then choose “Password and Security.” Under “Two-Step Verification,” click “Get Started,” then follow the instructions.
This system eliminates troublesome security questions and answers, and allows you—and only you—to reset passwords with a trusted device and your Recovery Key. Once enabled, the only way to make changes to your account will be to sign in with two-step authentication.
So, even if an attacker steals your username and password, they can’t access it without the extra code.
The method is not foolproof, of course: As Rik Ferguson, vice president of security research at Trend Micro, told The Guardian, “If attackers can divert the calls or messages of that device, for example by calling the mobile service provider, this two-step authentication can and has already been subverted.”
Apple launched two-factor verification for iCloud and Apple IDs in March 2013, then expanded the process last fall to include iCloud backups. The company also pledged to boost security alerts for iCloud users in the wake of last year’s celebrity photo hack.