Apple today extended two-factor authentication to cover its iCloud cloud storage in response to a large-scale attack on the personal accounts of a number of celebrities.
Users with two-factor authentication will now be required to verify their identities when they sign in to iCloud on new devices, or when logging on to iCloud.com.
Apple introduced two-factor authentication for Apple IDs earlier this year. 2FA for iCloud will now be automatically enabled if users have already set it up for their Apple login credentials.
It will also be required for iTunes, iBooks and App Store purchases from new devices, as well as Apple ID related support.
The move follows the compromise of several celebrities' iCloud storage accounts which saw intimate pictures stolen and posted on internet forums last month.
Apple CEO Tim Cook was forced to admit that iCloud security was lacking and promised to bolster it.
An Apple spokesperson said third-party programs used in conjunction with iCloud such as Microsoft Outlook, Mozilla Thunderbird and BusyCal will need an app-specific password from October 1 this year.
Passwords can be generated on the My Apple ID website, under the 'password and security' section.
As with the earlier system introduced for Apple IDs, the two-factor authentication for iCloud uses a four digit code transmitted out of band via SMS to trusted mobile phones.
Enabling two-factor authentication for Apple IDs and iCloud isn’t immediate unlike other providers. It takes three days before the security measure is enabled.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
