Need another reason to activate two-factor authentication on your Apple device? Ars Technica and Apple Insider report that the security check now extends to cover iCloud device backups too, something it didn't do before. That means if someone gets your password, or is able to reset it, they could pull down the data with a tool like Elcomsoft Phone Password Breaker and have access to anything stored there -- it's thought that many of the stolen personal photographs of celebrities recently posted online were obtained by this method. With two-factor authentication, they'd need access to your trusted device to generate a four digit code to get in. Another security tweak Apple just turned on is a notification that lets users know when their account has been accessed, to make sure it's for legit reasons. Before your new iPhone and Watch show up to handle your selfies, payments and anything else better kept private -- hit Apple's website and turn the extra level of security on.
Update: Tonight Apple sent out an email to Apple ID accounts detailing the change. It also mentions that beginning October 1st, app-specific passwords will be necessary for third-party apps that don't support two-factor (like Outlook or Thunderbird) to access iCloud. If you have an account it should be in your inbox, or you can check out the text after the break.