Apple activates 2FA after iCloud photo theft

Apple has activated a two-factor authentication process for iCloud access, requiring users to enter a dynamically generated pass code in addition to login and password details.

After coming under scrutiny following last month's much-hyped online nude celebrity photo leak , Apple has activated a two-factor authentication process for iCloud access.

The two-factor authentication process requires the input of an additional dynamically generated four-digit pass code, sent to a user's trusted device, on top of login and password details.

Users are required to verify at least one SMS-capable phone number for their accounts in order register a trusted device and use the security system.

Apple said on its website that the two-factor authentication is aimed at preventing anyone from accessing users' iCloud accounts, even if their passwords are known.

A user's identity must be verified using the two-step system in order to sign into a My Apple ID account; make iTunes, App Store, and iBooks Store purchases from a new device; and get Apple ID-related support from Apple.

Once a user is confirmed, iCloud assets are unlocked until the user closes the browser window or logs out.

In a message to users, Apple said that if iCloud is used with any third-party apps such as Microsoft Outlook or Mozilla Thunderbird, they could now create app-specific passwords that allow the user to sign in securely, even if the app in question does not support two-factor verification.

The company said that app-specific passwords would be required from October 1.

The move comes only weeks after a hacker allegedly cracked the iCloud accounts of a number of celebrities, leaking their private photos online.

The photos showed up immediately after an Apple Find my iPhone online service exploit was revealed , resulting in public scrutiny of Apple's iCloud security.

Apple considered the photo theft serious enough to release a statement saying that it was investigating the incident, with the company at the time denying a breach .

"When we learned of the theft, we were outraged and immediately mobilised Apple's engineers to discover the source," said Apple in a statement published on September 2. "Our customers' privacy and security are of utmost importance to us.

"After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on usernames, passwords, and security questions, a practice that has become all too common on the internet.

"None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved," the company said.