Apple just expanded their two-step iCloud authentication to cover FaceTime and iMessage. The Guardian reports that signing into an iMessage or FaceTime account will require users to input an authentication code from a verified device on any iCloud accounts that have two-factor verification turned on.
Two-factor authentication was first introduced as an opt-in system in March 2013. Before today’s expansion, a verification code was required only when making changes to an account, signing into iCloud, or making iTunes or App Store purchases from a new device.
Two-factor authentication for iCloud was implemented last fall following the release of a batch of photos from a security breach of several celebrity iCloud accounts. Following the hacking incident, Apple made moves to improve iCloud security, also sending out emails when a device is restored, iCloud is accessed, or a password change is attempted.
Two-factor authentication appears to still be rolling out to users, as as some news outlets report bring able to login to iMessage and FaceTime accounts without a code, although they have two-factor authentication enabled. However, MacTrast has two-factor enabled on their accounts, and we were requested to enter a code.