Should you enable two-step authentication on your Apple ID?
2013-03-21 16:27:17
The short answer is yes, but carefully.
Two-step authentication greatly improves the security of your online accounts. In a nutshell, you have to know something (a password) and have something (usually your mobile phone) to perform certain sensitive operations.
Apple clearly explains all this in detail with their new support document
Two-step authentication makes it very difficult for a stranger to gain access to your account. They would have to guess or steal your password, and also steal your phone (or somehow hijack messages being sent to your phone).
However, you do have to be careful. After setting up 2-step, you'll have three things: a password, your phone (or phones) and a recovery key, which is a very long password. If you manage to forget or lose 2 of these three things, you are locked out of your account, probably permanently.
Even if you don't lose two of the three things, if you are prone to forget your password, you'll need the recovery key and your device to reset the password. Which can be inconvenient, since the recovery key is not something you should store on a computer or phone, and you probably should not carry it with you. You would need to keep it in a safe place like, um, a safe or something, and thus resetting your password would be annoying.
The other part of it might not affect you. I like to use auto-generated, impossible to remember passwords, and I use a special password manager program to create and use them. This is fine for bank, email and facebook passwords. I don't have to type those very often.
But I have to type my Apple ID password all the freakin time. So I have one that is long and strong, but still easy to type. However, it's not 'strong' enough according Apple's arbitrary password strength rules. So I need to think up another super Apple ID password that I will never forget, so I can turn on 2-step.
Proceed cautiously, but don't procrastinate. It's important to secure your online IDs.
Update: apparently there is a three day waiting period after you request two-step. This is to minimize the chances that someone will lock you out of your account.
All the more reason to set up two-step authentication: you'll always be at risk of someone taking over your account permanently if you don't. Imagine you don't check your email for three days because you are on vacation...