A few days ago, it was reported that a hacker group was claiming that they had obtained millions of Apple's user credentials: both usernames and passwords, apparently.
We are advised to enable _two-factor authentication_ for login to Apple's services (iCloud, etc.).
Oddly, as of Friday morning 24 March 2017, a day or so after the hack was announced (and some allegedly stolen IDs confirmed), Apple's web site seems completely silent on the subject. It is worth noting that in other places Apple has denied that _it_ was hacked; speculated that the materials came from elsewhere.
Even so, bad enough. The suggestion is that users engage _two-factor authentication_ (2FA), which means that each time you log into an Apple service, a second device must be used to verify your identity.
This is not the same as having to involve the second device each time a service is _used_; most of our interactions occur without having to log in again; a login session can persist for days or weeks. (Consider your email client; it can silently check for mail in the background because it remains logged into the mail server over days or weeks or more.)
Even so, it can seem like a minor additional hassle, because it requires ready access to two modern Apple devices simultaneously. A code will be sent to the "other" one, which must then be entered into the one being signed in. I assume that the two must be on the same Apple ID (and that having the spouse's device/s on that ID could be even more problematic than it already is). (Spouses should have their own Apple IDs, to keep network things from tangling.)
Engaging 2FA
------------
• Modern devices (things that can run the latest Macintosh OS or iOS): <https://support.apple.com/en-us/HT204915>
• Less-modern (vintage; legacy) devices: <https://support.apple.com/en-us/HT204152>
We should all do this. I will have made the change by the time the ink has dried on this post.
Mark_
24 March 2017
