sciencetech-blog

comments

True to its word, Apple has ramped up security on its iCloud service by including backups in its two-step verification process. 

When the security feature is enabled, users will now be sent a four-digit code to a trusted device that must be entered in addition to the iCloud account password when accessing the account online. 

Earlier this month, chief executive Tim Cook promised to strengthen security after hackers stole hundreds of celebrity selfies from the cloud service.

Scroll down for video 

The California-based tech giant's two-step verification initially covered iTunes and App Store purchases, but has now been extended to cover iCloud backups. When two-step verification is enabled, users will now need to enter a code to access their account - however, the Find My Phone feature will remain open (pictured)

The code isn't needed when a backup takes place, because the information is coming directly from a trusted device - it is only needed when users try to access their iCloud account from a web browser. 

Under the security measure, the majority of iCloud features remain locked until the user's identity has been verified.

The only feature that is enabled without verification is the Find My Phone tool, which helps locate devices if they are lost or stolen. 

It is assumed that if a user doesn't have their trusted device, they can't receive the four-digit verification code.   

Two-step verification is an optional security feature, and settings are managed through the My Apple ID page. 

Two-step verification, also called two-factor authentication, requires a user to have two of three things to access an account.

This can include a password, a separate four-digit one-time code, or a long access key given to the user when they signed up for the service. 

When a user sets up two-step verification, they register one or more trusted devices.

A trusted device is one that can receive four-digit verification codes using either SMS or Find My iPhone. 

Apple has begun emailing customers informing them of the changes, and more details are available from the official two-step verification support page.  

More than 100 celebrity iCloud account were hacked in August and photos, including nude selfies, were leaked online. 

At the start of the month, Mr Cook told the Wall Street Journal Apple will 'aggressively encourage users to take stricter security measures', and the firm will also alert users if someone tries to access their files.  

These alerts will be sent using email and push notifications each time someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time.

'When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,' Mr Cook said. 

'I think we have a responsibility to ratchet that up. That's not really an engineering thing.' 

The code is sent to a registered, trusted device (pictured). If users no longer have access to a trusted device, they can use a recovery key to add a new one. This key is issued during the two-step verification setup process

The changes come following the recent celebrity photo scandal that saw hundreds of images stolen from Apple's iCloud service. Chief executive Tim Cook (pictured) recently said Apple will also start notifying users each time someone tries to access their account

Once enabled, any time a user signs in to manage their Apple ID at My Apple ID, or make an iTunes, App Store, or iBooks Store purchase from a new device and now access their iCloud account on a browser, they'll need to verify their identity by entering both their password and a four-digit verification code.

'We want to do everything we can do to protect our customers, because we are as outraged if not more so than they are,' continued Mr. Cook.

The iCloud service lets users store photos and other content, and access it from any Apple device. 

Scammers have been taking advantage of the celebrity hacking scandal to trick people into entering their Apple ID and password details into a fake login screen. 

Jennifer Lawrence (pictured) was among the 101 celebrities who had their photos stolen from iCloud. She is said to have posted more than 60 nude selfies to the online service 

Naked photos of celebrities are leaked by hackers

Security experts recently discovered emails and text messages that claim to be from Apple, warning users about unauthorised access to their accounts.

The latest threat to people's accounts comes as both the FBI and Apple have said they are investigating the link.

The so-called phishing emails are designed to trick people into offering up their details.  

Apple already offers a high-level of security on its iCloud account.  

iCloud secures data by encrypting it when it is sent over the web, storing it in an encrypted format when kept on server, and using secure tokens for authentication (explained above). This suggests the hackers were able to obtain the login credentials of the accounts, and pretend to be the user, in order to bypass this encryption

The service secures data by encrypting it when it is sent over the web, storing it in an encrypted format when kept on server, and using secure tokens for authentication.

Tim Barajin, a technology analyst with Creative Strategies, told MailOnline: 'Security in the cloud is an issue generally - you have to completely trust Google, Apple, Samsung.

'Apple has some of the most powerful encryption tools out there - which is why they have almost a billion credit cards of file, and nobody had ever got hold of those.'