Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple activates two-step authentication for iCloud Web portal

Last updated

In a bid to secure its online consumer services, Apple on Tuesday activated two-factor authentication for access, allowing only basic access to Find My iPhone for those opted-in to the security layer.

As seen in the screenshot above, the portal is now protected by Apple's two-step authentication system, which requires users to enter a dynamically generated code sent to a trusted device prior to gaining access to the service.

Apple first tested the extra layer of security in June, more than one year following the protocol's introduction for Apple ID accounts in 2013.

In practice, two-step verification asks users logging in to provide both a password and a four-digit code, the latter of which is sent to a trusted device through text, iMessage or push notification. Apple ID owners can add trusted devices through the Apple ID management webpage.

Once a user is confirmed, all assets are unlocked until a user signs out or closes their browser window. Find My iPhone is left active by default, allowing users to remotely deactivate or wipe a trusted device that is stolen or lost.

At the time of this writing, Apple's implementation of two-factor authentication has effectively broken a number of forensics tools like ElcomSoft's iCloud backup and password breaker programs. The tools were supposedly employed by nefarious users to garnish photos from celebrity devices, which were then disseminated on the Web earlier this month.