Apple extends two-step authentication to iCloud web apps

Apple has extended its two-factor Apple ID authentication system to include iCloud.com web apps.

The extra layer of security, which is already in place for Apple ID management and iCloud-connected features, will now also be implemented before users can access web apps. Prior to the change, iCloud.com was accessible with just a password.

Read more: Apple places iCloud at the forefront of iOS 8 plans

Mirroring Apple's other two-factor methods, the new security feature requires both a password and a four-digit verification code sent to a trusted device. Once this code has been verified, then all iCloud apps are unlocked and can be accessed by the user.

When signing out of iCloud, it seems that usually the verification mechanism is reset, although AppleInsider found that that this was not always the case, even when clearing cookies and toggling two-factor authentication with the Apple ID management webpage.

It is also unclear if the new security feature is currently in testing or nearing launch, as some Apple ID accounts that were tested required second verification, while others did not.

The firm has left the Find My iPhone web application accessible without the two-step authentication process, in the event that the trusted iPhone or iPad is lost.

Read more: iCloud hasn't been compromised with iPhone and iPad hijack attacks

The two-factor verification system was first introduced by Apple in March 2013 as an extra security layer for Apple ID holders. It was initially available in the US, Australia, Ireland, New Zealand and the UK, before being released in other regions in February this year.

It is not clear if the new web app security measure is only available in the US or if it has launched globally.