Credit: REUTERS/Eric Thayer Apple on Tuesday began offering an additional security protection for iCloud account users, a move the company made following the theft of nude photos from several celebrities’ accounts last month.The defense, called two-step verification, involves entering a numerical passcode that is sent by SMS to users’ phones after they’ve entered their username and password. Apple recommends that users set up two-step verification, although it is not mandatory.Apple has had a two-step verification feature for iTunes and App Store accounts, but for some reason the same protection wasn’t offered for iCloud.The celebrity iCloud accounts were thought to have been accessed after hackers guessed their usernames and passwords, possibly by answering the security questions Apple poses if someone loses their password. Apple maintained that its former implementation of two-step verification for certain account changes would have protected the victims, as a code would have been required before someone could even see the security questions.The company came under enormous pressure after the nude photos were published on various websites. CEO Tim Cook told the Wall Street Journal on Sept. 5 that the company planned to send new warnings when account settings were changed, in addition to two-step verification for iCloud. In an email to iCloud customers on Tuesday, Apple said that third-party applications will still be able to access data in iCloud, but users will have to set up application-specific passwords no later than Oct. 1.Those passwords allow applications that may not support two-step verification to continue to pull data without inputting the numerical code.Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk Related content news analysis Water system attacks spark calls for cybersecurity regulation The Iranian CyberAv3ngers group’s simplistic exploitation of Unitronics PLCs highlights the cybersecurity weaknesses in US water utilities, the need to get devices disconnected from the internet, and renewed interest in regulation. By Cynthia Brumfield Dec 11, 2023 11 mins Regulation Cyberattacks Critical Infrastructure feature Accenture takes an industrialized approach to safeguarding its cloud controls Security was once a hindrance for Accenture developers. But since centralizing the company's compliance controls, the process has never been simpler. By Aimee Chanthadavong Dec 11, 2023 8 mins Application Security Cloud Security Compliance news analysis LogoFAIL attack can inject malware in the firmware of many computers Researchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics. By Lucian Constantin Dec 08, 2023 8 mins Malware Vulnerabilities news Google expands minimum security guidelines for third-party vendors Google's updated Minimum Viable Secure Product (MVSP) program offers advice for working with researchers and warns against vendors charging extra for basic security features. By John P. Mello Jr. Dec 08, 2023 4 mins Application Security Supply Chain Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe