Apple launches two-factor authentication for Apple IDs
Apple has started to introduce two-factor authentication for its centralised Apple ID, which controls access to iCloud, iTunes and Apple's online store and is used by FaceTime and iMessage. US users have reported the appearance of a corresponding setting on Apple's My Apple ID web site. The new feature, listed under "Password and security", uses temporary PINs which have to be entered together with the password and are distributed to users via a second channel as an additional security credential.
Apple sends out temporary PINs in one of two ways – either by text message to a nominated phone or, in iOS, via Apple's own Find My iPhone app. Both options for transmitting a PIN to a trusted device require prior authorisation, but Apple does allow multiple devices. Installing the Find My iPhone app may be unnecessary – activating the Find My iPhone service in the iOS settings on the device in question may be sufficient to enable PINs to be received.
A temporary PIN is not, however, required every time the password is entered. According to Apple, a PIN is only required when managing an Apple ID on the My Apple ID web site and the first time a purchase is made from iTunes, the App Store or iBookstore on a new device. In addition to two-factor authentication, Apple also provides a 14 figure recovery key for use where the trusted device is no longer available.
According to Apple, the new service will initially be available in the US, UK, Ireland, Australia and New Zealand. Even in these countries, however, the roll-out appears to be proceeding slowly. More details on the new temporary PIN can be found in Apple's support document; Macstories has also put together an illustrated how-to guide.