Anybody with knowledge of your Apple ID password has a huge amount of power. Assuming the device is registered with the Find My iPhone/iPad service a person can remotely wipe your device from the Apple website, for example, by reporting it as being stolen.
A sad fact of modern life is that passwords—even sophisticated ones—should no longer be considered safe on their own. Hackers not only show great ingenuity in cracking them, but the technology for doing so is getting better every day.
Because of this, Apple offers optional two-step verification. This means that managing your Apple account - performing tasks such as adding a new device, for example, or remotely wiping another - isn’t possible without both your Apple ID password and a PIN, which is sent to your iPad or iPhone, or which can be sent by SMS to any phone.
Other than for account administration, however, two-step verification is unobtrusive - it’s not used when purchasing apps, for example, or when viewing your iCloud email online.
Setting up two-step verification is easy. Here’s how - it’s best done on a desktop computer.
1. Log in at the Apple ID website and click Manage your Apple ID, then log in when prompted.
2. Click the Password and Security section at the left, then click the Get Started link under the Two-Step Verification heading.
3. After reading about the benefits of two-step verification, clicking Continue each time, you’ll be shown a list of Apple devices registered on your account. By clicking the Verify link alongside a device, you can set it up as a “trusted” device, meaning that in the future you’ll be able to choose to send a PIN to it as part of two-step verification.
4. Verification works by sending a PIN to the device, which you should then enter at the website when prompted, as the following figure shows.
5. When registering an iPhone, you’ll also be prompted to enter its phone number to act as a backup should there be a problem sending the verification code. You can skip this step if you wish, but it’s a good idea to type in your number. (Those living outside the United States with phone numbers beginning with zero should leave off any opening zero from the number.) To confirm the cell-phone number you’ll be sent a PIN by SMS, which you should confirm by typing into the website as prompted.
Alternatively, if you don’t have an iPhone you can click the Add an SMS-Capable Phone Number link to set up a different device. Again, you’ll need to enter the PIN on the website after it’s sent to the phone. If somebody you know well has a cell phone, it’s worth considering adding that phone’s number here as an insurance policy in case you lose your Apple devices—obviously that person will need to be available when you set up two-step verification because he’ll have to confirm the PIN he receives.
6. When you click Continue you’ll see a recovery key. If you lose your Apple devices, you can use this key to reset all the security details. For this reason, you should keep the key in a very secure place. My favorite way of recording details like this is to write them on the back page of a favorite book that lives on my bookcase. Only I know which book, and burglars have very little interest in books!
7. When you click Continue you’ll be asked to confirm the code by typing it, so do so.
8. After checking the box to confirm that you understand the implications of two-step verification, and how it works, click the Enable Two-Step Verification link to activate it.
To deactivate two-step verification at a later date, repeat the preceding steps to log into the Password and Security section of the Apple ID website and click the Turn Off Two-Step Verification link.