It seems that hardly a day, or certainly a week, goes by without some website being hacked and member information being stolen. Some companies (Facebook, Twitter and Dropbox to name a few) offer two-step verification to make it more difficult to hack into your account. Apple announced on March 21st that it will offer this extra security measure as well for your iTunes account.
Two-step verification is also known as two-step authentication and two-factor authentication.
According to SearchSecurity:
Two-factor authentication is a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. In this context, the two factors involved are sometimes spoken of as something you have and something you know. A common example of two-factor authentication is a bank card: the card itself is the physical item and the personal identification number (PIN) is the data that goes with it.
For iTunes, the ‘something you have’ is a trusted device and the ‘something you know’ is your password. When you set up your two-factor authentication, you will register one or more of your devices as a ‘trusted device’.
After setting the verification up, the first time that you sign into My AppleID or buy music, apps or books from a new device, you will need to enter your password and the 4-digit verification code that will be sent to your trusted device. The verification code will be sent using either Find My iPhone notifications or SMS.
While not totally foolproof, it does allow an additional level of verification and is much more secure than simply a password.
Note that two-step verification must be set up at My AppleID.
To get started…
STEP 1 – Logon to My AppleID.
STEP 2 – Select ‘Password and Security’.
STEP 3 – After logging on at My Apple ID, select Two-Step Authentication.
STEP 4 – After a few informational screens, click on the ‘Get Started’ button.
STEP 5 – You will be told that you need to wait three days to proceed. This is a security measure to ensure that no one other you, the owner of the Apple ID, can set up two-step authentication.
STEP 6 –You will receive an email to each registered email address advising you of your efforts to set up two-step authentication.
In three days, you will be able to complete the authentication.
STEP 7 – After three days, log back into My AppleID, select ‘Password and Security’ and ‘Two-Step Verification’.
STEP 8 – Next, you will identify your trusted device and have a 4-digit code sent to your device for verification purposes. You must enter the same 4-digit number on your screen.
STEP 9 – Apple will also provide you with a 14-digit Recovery Key. This can be used if you lose your trusted device or forget your password. No more security questions for password recovery. I think that’s a good thing. PRINT YOUR RECOVERY KEY AND PUT IT IN A SAFE PLACE. APPLE CANNOT TELL YOU YOUR RECOVERY KEY.
STEP 10 – The End
The next time you or anyone else tries to log on to your iTunes account from a new device, a verification code will be sent to your trusted device. This code will then be needed to complete the login process.