Recently Apple began offering a new security option with two-step verification using a phone or registered Apple mobile device. Two-step verification means when making purchases or changing user information, a code is sent to the registered device to be used in addition to the normal password. This method improves security by adding a layer of protection. This is a welcome option those using an Apple ID for iTunes purchases or iCloud and have one or more mobile devices.
An Apple ID provides access to information and potentially dangerous abilities including remotely wiping out the contents of a device as one reporter learned after a hacker used social engineering to gain access to his account (Mashable.) If someone gains access to your Apple account, that person can make purchases and remote lock your devices. An intruder using social engineering and some detective work can potentially gain access to everything through your login or by calling Apple support for a password reset. Two-step verification helps protect against social engineering by replacing pass phrases along with an authentication code.
Using two-step verification with an Apple ID requires at least one device supporting SMS or the Find my iPhone app for iPhone or iPad using iCloud. This is the device that will receive a four-digit code after entering the normal password when purchasing or changing account information. As a backup if the device is lost, there is an authentication key. Learn more at support.apple.com.
Keep the authentication code in a very safe place away from your devices such as in a safe or locked cabinet. If your registered device is lost, remove it from the list of registered devices as soon as possible.