Previewed at WWDC, launching in the fall.
Apple Increases Account Security With Optional Two-Step Verification System for Apple IDs
Two-step verification will require you to verify your identity using one of your devices before you can make changes to your account or make an iTunes or App Store purchase from a new device. You will also get a Recovery Key for safekeeping which you can use to access your account if you ever forget your password or lose your device.Once enabled, the new system replaces the standard security questions that are asked before users make purchases on a new device and password resets can only be done from the designated iPhone or iPad.
As the recovery key is used in place of security questions, keeping it secure is of the utmost importance. A lost or forgotten key can be recovered with a trusted device and a password, just as a password can be recovered with a trusted device and a recovery key.
The verification system will request a password that has one letter, one number, one capital letter, and at least eight characters. If such a password is not already in use, users will need to wait three days to fully enable two-step verification. Users with an already compliant password can move on immediately to the next step.
A security code will be sent through SMS or using the Find My iPhone app, and during setup, users can choose a single trusted device. To begin the process, users can visit the Apple ID website to implement two-step verification.