Need another reason to activate two-factor authentication on your Apple device? Ars Technica and Apple Insider report that the security check now extends to cover iCloud device backups too, something it didn't do before. That means if someone gets your password, or is able to reset it, they could pull down the data with a tool like Elcomsoft Phone Password Breaker and have access to anything stored there -- it's thought that many of the stolen personal photographs of celebrities recently posted online were obtained by this method. With two-factor authentication, they'd need access to your trusted device to generate a four digit code to get in. Another security tweak Apple just turned on is a notification that lets users know when their account has been accessed, to make sure it's for legit reasons. Before your new iPhone and Watch show up to handle your selfies, payments and anything else better kept private -- hit Apple's website and turn the extra level of security on.
Update: Tonight Apple sent out an email to Apple ID accounts detailing the change. It also mentions that beginning October 1st, app-specific passwords will be necessary for third-party apps that don't support two-factor (like Outlook or Thunderbird) to access iCloud. If you have an account it should be in your inbox, or you can check out the text after the break.
Thank you for using two-step verification to protect your Apple ID. This email provides information about recent updates to your service.
Two-step verification now protects iCloud
Starting today, in addition to protecting your Apple ID account information, two-step verification also protects all of the data you store and keep up to date with iCloud. For more information, read the Two-Step Verification FAQ.
Sign in securely with app-specific passwords
If you use iCloud with any third party apps such as Microsoft Outlook, Mozilla Thunderbird, or BusyCal, you can now generate app-specific passwords that allow you to sign in securely even if the app you are using does not support two-step verification.
To generate an app-specific password:
Sign in to My Apple ID (https://appleid.apple.com)
Go to Password & Security
Click Generate App-Specific Password
App-Specific passwords will be required starting on October 1, 2014.
For complete instructions and answers to common questions, read Using App‑Specific Passwords. If you need additional help, visit Apple Support.