Why you need to enable two-step verification on your Apple ID right now
Summary: Because you don't want to get hacked. That's why.
If you're an iPhone or iPad user (and who isn't?), you probably use iCloud. If you use iCloud, you probably (and should!) use Find My iPhone. If you use iCloud, you probably also use it to sync your email, calendars, contacts, and photos between devices. Maybe even Documents and Data too.
If you use iCloud for any (or all) of the features above, you need to protect your iCloud account — and the Apple ID behind it — with all the tools at your disposal. After all, you don't want someone else reading your email or browsing your contacts and photos. Just ask Wired senior writer Mat Honan, who was victimized in an epic hack enabled by compromising his Apple ID and Amazon accounts.
Obviously, you need to use strong passwords (and never recycle them on multiple sites) but this is exponentially more important for the email service that you use for password recovery. The reason is simple: If a hacker gets access to your primary email account, it's trivial for them to wrest control of your bank and financial accounts simply by clicking on the "forgot my password" link and answering the resulting emails.
If you use an Apple email account (@mac.com, @me.com, @icloud.com) as your primary email account, there's an important step you need to take to protect your account. And you should enable it right now.
It's called two-step verification (aka, multi-factor authentication).
It's a brilliantly simple security concept that requires two "factors" in authenticating your identification to an online service: 1) something you know (like a password), and 2) something you have in your possession (typically, your smartphone). When enabled, the site you're attempting to access will require your password and a one-time-use PIN that it sends to your smartphone via text or push notification.
Multi-factor authentication has recently been popularized by Google, Facebook, and Dropbox, and now Apple has jumped onboard.
It works like this:
Go to the My Apple ID page
Select "Manage your Apple ID" and sign in
Select "Password and Security"
Under Two-Step Verification, select Get Started and follow the onscreen instructions.
From here, you'll be asked to strengthen your existing password, and, in an interesting extra piece of security, you'll need to wait three days before it's enabled. According to Apple, this is done to ensure that all of your registered email accounts are notified so that someone else doesn't turn on two-step on your behalf — making it even harder to recover a compromised account.
Luckily, Apple's implementation isn't too onerous. After enabling two-step verification for your Apple ID, you will need to enter both your password and a four-digit verification code any time you sign in to manage your Apple ID at My Apple ID or make an iTunes, App Store, or iBookstore purchase from a new device.
More information can be found in the Apple knowledgebase article: Frequently asked questions about two-step verification for Apple ID.
Do you use multi-factor verification on your Apple ID? Anywhere else?
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
The only thing bad about apple,
Apple Store?
fat chate
Fat chance!
Would Apple merge my old purchased tunes with my new tunes, like hell they would!
Do I purchase much through iTunes, not any more, you don't really purchase anything anyway and as for lending a book or disc to a friend...
Your dumb spell check messed up the previous reply btw...
Don't bother
You can protect your other accounts, but you'll need to use SMS to get the codes instead of the Find My Phone app.
Apple's two step protection is kind of half-assed though. You need to provide a code to make purchases or change your password, but you don't need it to access your iCloud mail or even log in to iCloud. So if someone gets your username and password, they can still access your mail and data, they just can't change your password or make purchases.
two step process
Well...
If you have Find My Phone enabled one of the options is to reset the data on it. I'm pretty sure that clears out the phone connection, but if not, presumably you will have called your wireless carrier to let them know and they will take the phone offline. At least that's where I would start, but I've never done it, so I don't know if they can actually help or not.
Google is in the state of art about two steps verification...
IMO two verification steps should be a standard security process to all the cloud.
Google TVS works pretty fine even outside US.
"If you're an iPhone or iPad user (and who isn't?)..."
Same here
I'm not an iPhone user only because
Really? That's silly!
Oh, come on now! I have an iMac and an iPad. I don't worship Apple. I just happen to like these two products. I know people who use OS X and/or iOS, and people who use Android, Linux, and Windows, and as people, one group is no different than another. The real people who are unpleasant to be around are those who judge others by their race, religion, sexual orientation, language, or choice of products.
On the topic of the article, making use of all available security options is always a good idea when it's practical for your situation. (Obviously, someone without a text-capable cell phone cannot use texting as a security factor.)
No cell service at home
Doesn't protect your data
If you have one AppleId for iCloud and one for iTunes, you have to choose to protect iCloud since it uses Find My Phone, which means only password changes are protected. You can protect multiple Apple IDs, but you need to use SMS for all non-iCloud Apple IDs.
If you're an iPhone or iPad user (and who isn't?)
So if want to believe a company whose only interest is in your money with all your info have fun I will never own or use anything from apple now or if the future since they cannot be trusted for any help of safety of any kind!!