After Wired writer Mat Honan was hacked last year, Apple and Amazon amended their security practices to close some loopholes. Now, Apple has added two-factor authentication: an additional layer of security which works by combining something a user knows with something they have.
Eight months ago, Wired writer Mat Honan's iCloud account was hacked. By exploiting some loopholes in Apple's and Amazon's security practices, the hackers were able to remotely wipe Honan's iPhone, iPad, and Macbook, and take over his Twitter and Google accounts as well. Mr. Honan's story spread, and in response to the concerns of other users Apple and Amazon quietly took measures to increase their security.
This week, Apple introduced two-factor authentication to iCloud, adding an additional layer of security that addresses some of the lingering flaws exposed by the Honan hack.
Two-factor authentication works by requiring both something you know, and something you have, before you can get into an account. Right now iCloud accounts require only a password, which is backed up by security questions (think of standards like "What was your mother's maiden name?"). Two-factor authentication introduces a device -- like a phone or tablet -- into the equation. When someone tries to access an account from an unrecognized device, Apple sends a verification code to that account's "trusted" device, and the code must be entered in order to open the account. In theory, hackers can't get in without having physical access to the trusted device.