Apple launched two-step authentication for Apple IDs on Thursday, a significant increase in security for those who enable it. We're going to show you how to set it up.
Apple is following in the footsteps of other large online services, including Google and Blizzard. The company has much at stake in this arena, as Apple has hundreds of millions of credit cards on file for iTunes accounts. That has made those iTunes accounts a hot target for the bad guys, and two-step authentication should decrease incidents of compromised accounts.
With two step authentication, users will need to use their password and a security code sent to a verified iPhone or iPad to make changes to their account. Once activated, it will completely replace the security questions Apple has had in place for some time.
As of this writing, Apple is including two step authentication as an option users have to enable manually. To start, visit Apple's Apple ID management site. Once there, click the "Manage your Apple ID" button. On the left side of the screen, you'll see a link to "Password and Security."
Once you click that link, you'll see an option in the upper right corner of the webpage that looks like this:
Manage your security settings
Click the "Get started" link, and you'll be given a page of explanations:
Simple and more secure
Followed by a page of warnings:
Important things to remember
Next, you'll be shown a pictorial representation of what you're getting yourself into:
Two-step verification for Apple ID
When you continue, you'll be walked through the process of verifying your current iOS devices, as well as the phone number attached to your iPhone. Alternately, you can choose to verify any SMS-enabled phone number.
Manage your trusted devices
Note that past devices that weren't assigned to a new Apple ID will be included with your active devices. When you select a particular device, a code is sent to that device that appears in the form of an alert.
Two Step Authentication Security Code Alert on iPhone
The codes have a limited shelf life and will not be displayed until you have unlocked the screen. That means the bad guys would have to have your Apple ID, your password, physical possession of your iOS device, and the passcode for your iOS device before they could change your Apple ID account or make an iTunes purchase.
You will also be given a Recovery Code, a 14-character code you can use to reset the password and security options on your Apple ID in case you lose the verified devices.
Once you have verified your account, you have one more screen to accept before two step authentication is enabled. Once you do, there's not going back (as of this writing), but we encourage you to turn this option on.
WARNING: YOU NEED TO KEEP A COPY OF THIS RECOVERY CODE SOMEWHERE SAFE. SAY, A SAFE!
Once activated, Apple says it can not reset your Apple ID password without the recovery code. Apple prevents the recovery code from being copied from the browser, and the company makes you enter it before you can continue. Apple also warns you not to store the recovery code on your computer. That means you need to write it down and keep it somewhere secure.
And no, a sticky on your display does not cut it.