For the security of your Apple device, please remember to enable the "two-factor authentication" function

Sometimes, having your Apple ID hacked can be as serious as having your iPhone stolen. Today’s article will start with an incident that happened to a friend recently.

[[244144]]

A friend of mine and his family went on a trip abroad. As soon as they arrived, they found that their iPhones were suddenly locked. While they were still confused about what had happened, they received the following email on their backup phone, and then they realized that their Apple ID had been stolen.

It was bad enough that his phone was locked when he was abroad, but what was even worse was that he and his family's iPhone were bound to the same Apple ID, so both of their iPhones were locked.

Why does this happen?

The reason for this situation was that his email password was stolen.

He used his regular email address when registering his Apple ID. He also used this email address to register many other network services. At the same time, he used the same password when applying for these network services. As long as the login information of one network service is stolen, the hacker can try to use this account and password to log in to other more valuable services by "crashing the database", which is why his Apple ID was stolen.

The hacker used his account password to log into his iCloud management page directly, then used the "Find My iPhone" function to remotely lock his phone and change his Apple ID password. He then sent a message to his email address to extort money.

Although this friend successfully unlocked his phone by contacting Apple customer service, it took half a year for the review to be completed and the phone to be unlocked after a long process of submitting information and undergoing review. Moreover, the previously bound Apple ID and the information in it could not be retrieved.

In fact, he can avoid the loss of time and data by simply adding one more function to his Apple ID, which is Apple's "two-factor authentication."

What is Two-Factor Authentication?

When logging in to an online service registered with a mobile phone number, even if you have already entered your account and password, the system will send you a text message verification code. You can only log in to your account after entering the verification code.

This form of multiple identity confirmation is called "two-step authentication". "Two-step authentication" is equivalent to adding an extra barrier to your account password to prevent account theft caused by password leakage. Currently, many mainstream network services provide "two-step authentication" function. It is recommended that you enable this function in the account settings to reduce the risk of account theft.

Related reading: Upgrade your online account security, a comprehensive guide to two-step verification

The nature of Apple's "two-factor authentication" service is similar to "two-step authentication", except that it does not send verification information in the form of a text message verification code. When you log in to your Apple ID at a new location or device, Apple will pop up a login reminder directly on your iOS device or Mac and generate a 6-digit verification code. You can only continue the operation after entering the correct verification code.

How to enable Apple ID "two-factor authentication"?

Enabling two-factor authentication cannot be done on the web. You must use an iOS or macOS device that has your Apple ID logged in.

Turn off Two-Step Verification

If you have previously set up the "Two-Step Verification" feature in your Apple ID, you will need to log in to the Apple ID association page to turn off this feature before setting up "Two-Factor Authentication".

On iOS devices

Go to "System Settings", click on the top personal information page, enter the "Password Security" option, and click the "Turn on two-factor authentication" function;

Then follow the system instructions, enter your mobile phone number for verification, and continue to the next step after entering the verification code;

At this point, the "two-factor authentication" function is set up.

On macOS devices

• Go to "System Preferences - iCloud - Account Details" option;
• Select the "Security" tab and click the "Turn on two-factor authentication" button below;
• After that, just follow the instructions to set it up.

Also pay attention when using

When turning on "two-factor authentication", it is best to first check the security settings in the Apple ID, such as whether the bound mobile phone number is the one you are currently using. At the same time, check whether the device bound to the Apple ID is the device you are currently using. If there are devices that have been given to others or are no longer with you, remember to remove them from the "trusted devices".

In addition, it should be noted that you cannot turn off "two-factor authentication" after turning it on, unless you have recently updated your account, then you can restore the previous security settings within two weeks through the corresponding link in the registration confirmation email. However, under normal circumstances, for the sake of everyone's account security, it is not recommended that you turn off this feature.

This story also tells us...

Although turning on "two-factor authentication" can solve the problem of account theft, we can still find many other security risks when our friends encounter this incident. If you have similar behavior, it is strongly recommended that you take corresponding preventive measures.

Use a separate email address for your Apple ID

When using Apple devices, Apple ID plays a very important role. It can not only help you remotely lock your phone and erase the data of stolen devices, but also protect the contacts, calendars, memos and other information stored in iCloud.

When registering an Apple ID at first, many people use their regular email addresses. As Apple ID becomes more and more important, we can actually use a separate email address for Apple ID to reduce the risk of email theft. Apple updated its Apple ID policy last year. Users who previously used third-party email addresses as Apple ID accounts can convert their email addresses to iCloud email addresses. All you have to do is log in to the Apple ID management page and follow the instructions.

Don't share your Apple ID with others

Whether it is family or friends, sharing an Apple ID is not a good choice. This not only increases the risk of account information leakage, but if you are using iCloud to sync your photo albums or contact information, sharing an account will cause information confusion.

Even if you want to share paid apps with your family, Apple now provides a complete "Family Sharing" feature. Not only can you share photos and apps with them, you can also purchase the Apple Music Family Edition to share music services with everyone.

A password "traveling around" is very dangerous

This should be a problem that many people will encounter. When registering for all network services, the same account is used. This will cause the account of one service to be stolen, and the hacker will use "database collision" to steal more of your network service accounts, resulting in greater losses. The best way is to "one site, one code", set a different login password for each website. If this is not possible, at least set it according to the importance, and set a separate password for very important services such as Apple ID.

In the upcoming iOS 12, Apple has further enhanced the system's built-in password management tool. It can automatically generate a strong password when you apply for an account and save it in the "Keychain". It can also help you find out which account information currently saved in the "Keychain" uses the same password, so that you can change it in time.

If you are an Apple device user, your Apple ID may be one of your most important account information. If your Apple ID is stolen, it will not only leak your personal information stored in iCloud, but may also lead to the situation mentioned at the beginning of the article, causing you huge losses. Therefore, if you are not using the "two-factor authentication" function yet, it is strongly recommended that you turn on this function immediately to add an extra lock to your Apple ID.