Apple has rolled out two-factor authentication support for logging into iCloud.com, its web portal for apps like Mail, Calendar, and Pages.
If a user has two-factor authentication enabled on their Apple ID, attempting to access a web app through iCloud.com will now require additional identity verification. A popup asks to verify the user by sending a temporary code to a device tied to the associated Apple ID.
Originally introduced in March of last year, Apple’s two-factor authentication feature can be enabled or disabled by managing an Apple ID on the company’s website. You will need two-factor authentication enabled for the process to work on iCloud.com. The design of two-factor authentication is supposed to make it impossible for a hacker to steal one’s identity through attempting a password recovery through Apple.
Apple’s decision to introduce two-factor authentication followed the highly-publicized story of how Wired writer Mat Honan’s online identity was stolen through a security flaw in how the company processed password reset requests.
Find My iPhone is the only web service Apple does not require two-factor authentication for, since you probably wouldn’t have access to your iPhone if you’re trying to find it. Once you verify your identity by entering the temporary code sent to your iPhone via SMS, all iCloud.com apps are unlocked.