According to a report on 9to5 Mac, Apple has begun training support personnel in advance of rolling out two-step authentication for iCloud and Apple ID. This is a significant step towards enhanced security for Apple accounts as it requires both a trusted device and an extra security code in addition to a password. Other cloud providers currently providing two-step authentication include Dropbox and Google.
Apple's relatively weak security for its online services came under the spotlight last year when tech writer Mat Honan suffered a hack attack that compromised his iCloud account. It appears that 9to5 Mac may have jumped the gun in terms of posting this information, as the My Apple ID website referenced heavily in their post displays placeholders instead of actual text and links (see image at the top of this post).
The way the system will work is that whenever you log in to manage your Apple ID on My Apple ID or make a purchase via iTunes, the App Store or iBookstore from a new device, you'll be asked to enter your password and a four-digit verification code. Without entering both the password and verification code correctly, account access is denied.
Apple will also provide a 14-digit Recovery Key that they recommend printing and keeping in a safe place. This allows Apple ID users to regain access to their accounts if they lose their devices or forget their password. One other good feature -- you'll no longer need to create or remember any security questions.
Two-step verification will initially be available in the US, UK, Australia, New Zealand and Ireland, with additional countries added over time.