I keep reading all these articles about iTunes account security and people having their accounts hacked. I have 2-step security verification set up for Google, does Apple offer something similar for iTunes / App Store accounts?
For the longest time Apple seemed to feel that a well-selected password was sufficient for anyone’s account security, but with more and more incidents of accounts being hacked (I know of at least a half-dozen in my own circle of friends and colleagues), the company has finally jumped on the 2-step verification bandwagon with a system that requires you not only know the password but also have your cellphone handy to get a one-time cipher you also need to enter.
But you already know that if you’ve set up your Google account for two-step verification. And a smart move that is! (here’s the scoop: enable 2-step verification on your Google Gmail account)
Apple has some strange delays built into the signup process, however, so the signup process isn’t a matter of ten minutes and proving you have access to text messages sent to the specified cellphone number, as you’ll see.
This is a long, complicated process. Take a deep breath.
Now let’s begin. Go here: AppleID.Apple.com and you’ll see this:
Click on “Manage your Apple ID” (I presume you already have one and want to beef up security. If you don’t, sign up for an Apple ID and enable 2-step verification on the way. The process will be the same once you’ve set up the first few bits of data)
Yeah. Sign in. I forgot to mention that. 🙂
Now if you look on the left side once you’ve logged in, you’ll see a set of different areas you can manage and update:
You’ll want to choose “Password and Security” for this task, but while you’re here, it’s a good idea to check all your settings and make sure everything’s updated.
To proceed with the security settings, however, you’ll need to remember your security answers. Here are the ones it prompts me for at this point:
Since you survived the first gauntlet, you can now update your security questions. Here are the three I’ve picked:
The answers I selected are…
Proceed past changing or setting your security questions and you’ll finally be able to enable two-step verification for your account:
But wait, there’s a series of Burmashave-like info screens you have to proceed past, starting with…
Yup. Cool. That’s what you want. “Continue”.
Makes sense, that’s why you’re signing up, right? “Continue”.
Do pay attention to the last one: If you really get locked out, forget your secret key (you’ll see it shortly) and lose your phone so that you cannot receive text messages, you’re completely locked out of your iTunes / App Store account. Major bummer, so only proceed if you have a very high degree of confidence that you’ll always have your phone on you when you want to access iTunes, etc.
Ready? “Get Started”.
First thing it might ask you is to pick a more complex password. Apparently mine wasn’t complex enough, which is a bit of a surprise to me:
Now, because I just changed my password, Apple says “Wait!”:
The fact that this pops up after I improve my password as per their suggest is a bit frustrating but… whatever.
Meanwhile, in my inbox, Apple’s also letting me know that this 2-step verification process has been started, and even that I have to wait a few days to proceed!
Like a fine wine, we’ll have to let the 2-step request age, apparently.
… a few days pass …
It’s now three days later (see how patient I have to be to create some of these tutorials?) and, finally, we can proceed…
Even though I have iTunes on my iPhone, it apparently doesn’t automatically tie the device to the account, which is good. Instead, I need to add my cellphone, which is done by clicking on “Add an SMS-capable phone number…”
This produces the following prompt:
Carefully enter your cellphone number and click “Next” to have a test message sent to your device. You’ll need to verify it worked:
The codes are four digits, actually easier to work with than the more standard six digit verification codes that PayPal and Google are using, but since you don’t have hundreds of chances to enter it, even a two digit could would be essentially impossible to guess.
Click “Verify” and if you’ve entered it correctly, you’ll have a verified device:
Proceed by clicking “Continue”…
If you have a trusted friend, it’s probably good to enter a second number, just in case. Then again, you can also proceed with just one by clicking “Continue” any way.
Now a really important step:
You can see that I’ve blocked my recovery key, hopefully for obvious reasons. Still, this is one you want to write down and store in a secure place. If you do keep it on your computer, I encourage you to encrypt the file so that someone who could get to your computer doesn’t also find they can proceed with your iTunes account…
In a neat step, Apple has you confirm that you’ve written down your recovery key:
Confirm this and you’re just about good to go. You get one more chance to reconsider before you switch your account:
Sure you want to proceed? I mean, really sure? Then click “Enable Two-Step Verification”.
So what does it look like? To find out, I jumped onto my iPhone and went to purchase the popular game PITFALL!
A tap on ‘Buy” and it prompts me for my iTunes password as always. But then something new appears:
That’s interesting! Click on “OK” to proceed and you can have the verification code sent:
That’s my cellphone number, so we’re in good shape. A tap on “Send” (on the top right) and a few moments later an SMS message shows up:
Remember that sequence — 1 7 7 4 — and back in the iTunes you’ll have an opportunity to enter the verification code:
Finally, one more check to confirm that you still want to buy the app. I mean, it’s a whopping $0.99, that’s 1/4 of a cup of coffee at Starbucks. 🙂
To decide you want to buy, tap on “Buy”. Or tap on “Cancel”. Either way, now you can see how the Apple ID 2-step verification works. Simple, and effective.
My recommendation: Go set it up now. You’ll thank me later.