Adding a Second Layer of Security Online

Recent hacks exposing nude photographs of Jennifer Lawrence and other celebrities are prompting calls for people to fortify their online accounts with a second layer of security.

Thieves broke into the celebrity accounts at online storage services such as Apple's iCloud. Although Apple's systems weren't compromised, the hackers were able to figure out passwords and answers to personal security questions, according to the company.

In response, Apple urged users not only to set a strong password, but also to enable the second security layer, often known as two-step verification. It's a technique offered by most major services, including Google and Facebook. Amazon and its Cloud Drive service are notable exceptions.

Two-step verification typically works this way: When you log in from a new device, you must enter a code that is sent to your main phone. That way, a hacker who guesses your password would still need physical possession of the phone. You're usually able to bypass the check the next time you use that same device, on grounds that you've already proven that device is yours.

The catch is you need to turn the feature on. And it means occasionally getting off your couch to retrieve your phone when you're using a new Web browser, tablet or other gadget. But it beats having naked photos and other sensitive information stolen.

Here's a closer look at what the major services offer and how to enable two-step verification:


The Apple ID is the key to not just iCloud, but the Apple app store, iTunes, iMessage, Facetime and more.

To set up two-step verification, you need at least one phone that can receive texts. It doesn't have to be an iPhone.

Go to and log in with your Apple ID. Go to the "Password and Security" tab. Click "Get started..." under "Two-Step Verification."

In some cases, you have to...

Comments are closed.