Today Apple quietly expanded its use of two-factor authentication to protect iCloud users. Now those who have enabled the added security measure will be asked to verify their identity with a secondary device when logging into iCloud.com.
For the first time, two-factor authentication also protects iOS device backups from being accessed by hackers. Ars Technica tried using a forensics tool to extract data from a device backup protected by two-factor authentication, and nothing was accessible. Backups tied to iCloud accounts that don’t have two-factor enabled are still hackable.
Another minor security addition is the option to forcibly logout of all browsers currently logged into iCloud.com. Two-factor authentication was enabled for iCloud on the web earlier this year, but only briefly. It was turned back on today.
Apple has been taking steps to enhance iCloud security following the recent hacking of numerous celebrity accounts. Tim Cook said Apple would start alerting users via email and push notification when someone tries to change their account password, restore iCloud data to a new device, or when a device logs into an account for the first time. Apple recently started notifying users via email when iCloud is accessed via the web.