Apple turns on iCloud two-step verification after nude selfie scandal

Apple on Tuesday began offering an additional security protection for iCloud account users, a move the company made following the theft of nude photos from several celebrities’ accounts last month.

The defense, called two-step verification, involves entering a numerical passcode that is sent by SMS to users’ phones after they’ve entered their username and password. Apple recommends that users set up two-step verification, although it is not mandatory.

Apple has had a two-step verification feature for iTunes and App Store accounts, but for some reason the same protection wasn’t offered for iCloud.

The celebrity iCloud accounts were thought to have been accessed after hackers guessed their usernames and passwords, possibly by answering the security questions Apple poses if someone loses their password.

Apple maintained that its former implementation of two-step verification for certain account changes would have protected the victims, as a code would have been required before someone could even see the security questions.

The company came under enormous pressure after the nude photos were published on various websites. CEO Tim Cook told the Wall Street Journal on Sept. 5 that the company planned to send new warnings when account settings were changed, in addition to two-step verification for iCloud.

In an email to iCloud customers on Tuesday, Apple said that third-party applications will still be able to access data in iCloud, but users will have to set up application-specific passwords no later than Oct. 1.

Those passwords allow applications that may not support two-step verification to continue to pull data without inputting the numerical code.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk