Apple finally has enabled two-factor authentication for its iCloud storage service, more than a year and a half after the company first turned the protective measure on for iTunes purchases and Apple ID.
The extension of 2FA–which Apple calls two-step verification–to iCloud comes two weeks after the company faced public scrutiny for the security of its iCloud service in the wake of the publication of photos belonging to dozens of celebrities. The attack initially was thought to have been a breach of iCloud itself, but Apple officials said there were no indications of a compromise of iCloud. Instead, the company said it was the result of a “very targeted attack on user names, passwords and security questions”.
On Tuesday, Apple sent an email to users informing them that the 2FA system it employs for iTunes and Apple ID is now enabled for iCloud.
“Starting today, in addition to protecting your Apple ID account information, two-step verification also protects all of the data you store and keep up to date with iCloud,” the email says.
The system also enables users to generate app-specific passwords for third-party applications that employ iCloud. The system, which is similar to one Google has for Gmail, which allows users to generate long random passwords that are used for each specific app.
Apple’s 2FA system also is similar to the Gmail two-factor infrastructure. When logging in to iCloud or iTunes a user enters her Apple ID and password and then a verification code that Apple sends either via SMS or through the Find My iPhone app. This presents an extra hurdle for an attacker trying to take over a user’s account, as it essentially requires that the attacker have physical access to a target’s device.