With the new implementation, shown in the screenshot above, Apple is expanding its two-step authentication security feature beyond Apple ID management and iCloud-connected features to the iCloud.com Web app suite. Prior to the change, iCloud.com was accessible via a simple password. The feature was first spotted by reader Stephan.
AppleInsider was able to confirm the new iCloud security feature is indeed Apple's normal two-factor authentication service, though it is unclear if the feature is in testing or nearing rollout. Certain Apple ID accounts we tested required the second verification, while though others did not.
Like Apple's other two-factor methods, iCloud.com asks users who log on to enter both a password and a four-digit verification code that is sent by the system to a trusted device. Once verified, all iCloud apps are unlocked and can be accessed normally.
We found signing out of iCloud.com will, in most cases, reset the verification mechanism, forcing the secondary code on each login attempt. In some instances, however, the system does not reset itself even after clearing cookies and toggling two-factor authentication via the Apple ID management webpage.
Apple has left the "Find My iPhone" Web app accessible even without secondary authentication in case the trusted iPhone or iPad goes missing.
Apple first introduced two-factor verification in March 2013 to provide an extra layer of security to Apple ID account holders. After launching in the U.S., Australia, Ireland, New Zealand and the U.K., two-step was expanded to Apple ID holders in Canada, France, Germany, Italy, Japan and Spain.in February.