A new security option gives Apple’s customers a way to secure their Apple ID password using their phone.


Cross-posted from Cnet:

Apple today added an extra layer of security to its Apple ID system that can harden the password people use to log in to various Apple services.

Users with an Apple ID can now sign up for two-step verification of their password, a system that sends a four-digit passcode by text message to a user’s phone, and must be used on top of a regular password. In practice, this could keep an account from being compromised by an attacker, unless that person had access to the mobile device too.

The move comes a little less than a year after Apple required users to set up security questions for their online accounts, a common security measure that was notably absent. Once two-step verification is enabled, there are no longer security questions to remember.

“Apple takes customer privacy very seriously, and two-step verification is an even more robust process to ensure our user’s data remains protected,” an Apple spokesperson told CNET. “We are now offering our users the choice to take advantage of this additional layer of security.”

Of note, the feature is currently available only in the U.S., U.K, Ireland, Australia and New Zealand.

Apple is the latest tech company to employ the security feature, which was discovered earlier by 9to5mac, as an option. Google, which has quite a few more online services than Apple, added it as an option in early 2011. Others, including Facebook, Yahoo, PayPal, and Dropbox already had the option.

The need for that extra layer of security was highlighted in the woes of journalist Mat Honan, who was targeted in a cascade of account hacking last year. That all kicked off with Honan’s iCloud account and eventually led to access of his personal e-mail and Twitter accounts. That ultimately led to Apple reviewing its security processes for resetting account passwords. Evernote also said it plans to add it later this year, following a cyberattack earlier this month.

More recently, Apple itself was the target of a coordinated attack that used a vulnerability in the Java plug-in to gain access to corporate systems as well as employee computers. In a statement last month, the company said there was no evidence any data was taken. Apple was just one of several companies involved in a series of attacks that also targeted Facebook, The New York Times, The Wall Street Journal, and The Washington Post.

Apple’s user base at its various stores and other online stores continues to grow. Its last official number, released in January, put it at “over 500 million active accounts.”