It may soon be harder for bad guys to order apps, e-books, songs or old episodes of Mad Men on iTunes using your account, if you take advantage of Apple's new two-step authentication option.
Once you have turned on the feature, purchasers must first send a special code to their phone and then input that code with the purchase. If the would-be hacker or thief doesn't have your device or access to e-mail, he or she is out of luck.
'As Secure as Possible'
The option is often used by banks or credit cards, and not optionally, when someone tries to access an account from a device that has never been used before by that customer. Typically options include sending the code via automated phone call, text or e-mail. Apple ID will only send the code via the Find My iPhone feature or text message.
"Your Apple ID is the key to many important things you do with Apple, such as purchasing from the iTunes and App Stores, keeping personal information up-to-date across your devices with iCloud, and locating, locking, or wiping your devices," Apple writes on its Apple ID FAQ list. "Two-step verification is a feature you can use to keep your Apple ID as secure as possible."
In addition to blocking purchases, the two-step feature also prevents unauthorized persons from managing accounts, including changing passwords, or accessing support for Apple ID. Designated devices are set up beforehand and if they are all somehow lost, you can use a 14-digit recovery key to regain access to your account.
Tech companies are increasingly responding to the need to safeguard user accounts as hackers run amok. Google also uses two-step authentication for its user accounts. Last month, after Twitter reset the passwords of thousands of accounts it said were likely compromised, the company placed a help-wanted ad on the Jobs section of its home page seeking experts in product security specializing in two-factor identification (2FA).
A 2FA system combines a password with another obstacle, such as a security question or an image that the user must recognize. They are also routinely used by banks and credit card companies, but social media may be slow in implanting them since it slows logging in.
With Apple, perhaps the world's most prominent consumer tech company, taking a lead role in increasing authentication, others may soon follow suit.
"Hopefully more and more companies are going to roll out similar systems in the future," said Graham Cluley, a senior consultant at Sophos International. "It makes it harder for people to crack into your account.
"By making a physical device (the mobile phone) an essential part of the verification process -- a hacker doesn't just need to know the name of your first pet, or the first album you ever bought, to unlock your passport. They will need access to your mobile phone."
If a hacker happens to be in the other side of the world in, say, China, he told us, "that makes things much trickier."