Given that so many of the details of our digital lives are either with us (on our smartphones) or easily accessible (via the web), you should be doing everything you can to protect that information and data. On iPhones and iPads, data is largely kept in a vault, sealed behind strong encryption and (hopefully) a strong password. Even if the device is lost or stolen, chances are good that encryption will keep data safe. (That vault is secure enough to frustrate even the FBI.)
Although iOS devices are designed and built to be secure, data is also stored and accessible online. With security breaches occurring routinely, your data is vulnerable to anyone in the world with an internet connection and a halfway decent browser. If a breach occurs and thieves gain access to your email and password, they can easily reset any account linked to that email, change the password, and lock you out of your own data.
How do you avoid that kind of breach from someone who doesn’t even need access to your device? Two-factor authentication.
What is two-factor authentication?
With two-factor authentication enabled, whenever you log into your iCloud account on the web, for example, you’ll receive an alert with a temporary code on one (or more) of your trusted devices. (Trusted devices are those devices you register to receive notifications if you or anyone attempts to log into one of your accounts — in this case, iCloud.) This code has to be entered to grant access to your account and will only show up on devices you’ve deemed trustworthy. This helps alleviate unauthorized access to your data from someone who has access to your username, password, and email; as long as that person doesn’t have access to one of your trusted devices too, you’ll be alerted to any attempts and can block the attempt.
[ To comment on this story, visit Computerworld's Facebook page. ]
Two-factor authentication isn’t the be-all to security, but it’s a good step in making your data more secure. And it’s easy to set up.
How to enable two-factor authentication
To enable two-factor authentication on Apple devices, your iPhone/iPod touch/iPad needs to be running iOS 9 or later; Macs need to have macOS X El Capitan or later. You’ll also need to be OK with sharing the phone number to your mobile device, since the initial alerts are received through that number, either via text or phone call. (Afterwards, you can add additional trusted devices such as desktop and laptop Macs so you can confirm/deny alerts from any of your primary Apple devices.)
To turn two-factor authentication on if your devices are using iOS 10.3 or later, go to the Password & Security section of the Settings app and turn on two-factor authentication. If you’re using iOS 10.2 or earlier, you’ll find the Password & Security section under iCloud within the Settings app. (You may have to answer security questions to proceed.)
Next, enter the phone number for the device that will get alerts (your iPhone, for instance). You’ll receive a verification code to that provided number; entering that code confirms your device is legit and turns on two-factor authentication.
To enable two-factor authentication on a Mac, go to the Apple Menu > System Preferences and then click on iCloud > Account details. Click on Security, and then click on "Turn on two-factor authentication." The next steps are similar to setting up on iOS. Once the setup is done, this lets your Mac act as a trusted device.
(If you’re using older software but want to add more security to your iCloud account, you can use two-step verification, Apple’s solution for their older devices. More information on how that works is available online.)
If you’re already using two-factor authentication but want to make changes to the assigned phone number or your trusted devices list, you can do so at Apple ID site online. The phone number and trusted devices can be changed under the Security section and the Devices section on the site, respectively.
Something to keep in mind: Enabling two-factor authentication will also force you to use app-specific passwords to third-party services. (You can create passwords for supported apps on The Apple ID site.)
Two-factor authentication is yet a weapon you can use to keep data secure and cyberthieves at bay. But it’s just one step in a never-ending quest to stay ahead of the bad guys. Apple embraces a variety of technologies to shield data from prying eyes — with the Secure Enclave and Touch ID combo, end-to-end Message encryption, and, as noted, iOS security that’s strong enough to confound government agencies. But the security chain is only as reliable as the weakest link, which starts with strong passwords. Two-factor authentication helps, but it’s up to each user to make sure his or her devices remain secure.