Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple activates two-step authentication for iCloud Web portal

Last updated

In a bid to secure its online consumer services, Apple on Tuesday activated two-factor authentication for iCloud.com access, allowing only basic access to Find My iPhone for those opted-in to the security layer.

As seen in the screenshot above, the iCloud.com portal is now protected by Apple's two-step authentication system, which requires users to enter a dynamically generated code sent to a trusted device prior to gaining access to the service.

Apple first tested the extra layer of iCloud.com security in June, more than one year following the protocol's introduction for Apple ID accounts in 2013.

In practice, iCloud.com two-step verification asks users logging in to provide both a password and a four-digit code, the latter of which is sent to a trusted device through text, iMessage or push notification. Apple ID owners can add trusted devices through the Apple ID management webpage.

Once a user is confirmed, all iCloud.com assets are unlocked until a user signs out or closes their browser window. Find My iPhone is left active by default, allowing users to remotely deactivate or wipe a trusted device that is stolen or lost.

At the time of this writing, Apple's implementation of two-factor iCloud.com authentication has effectively broken a number of forensics tools like ElcomSoft's iCloud backup and password breaker programs. The tools were supposedly employed by nefarious users to garnish photos from celebrity devices, which were then disseminated on the Web earlier this month.