Apple is finally ramping up security around Apple ID / iCloud accounts with the introduction of two-step verification. The new safeguard requires users to verify their identity on a trusted device before making changes to their personal information. Much like the way Google and other companies handle the two-step login process, Apple will send out a verification code to one of your devices that must be entered before your sensitive data can be accessed or changed. Users will also receive a recovery key that serves as a last-ditch verification method if they forget their main password or lose a trusted mobile device.

In offering the new measure, Apple is addressing critiques that the company hasn't gone far enough to protect its users. Senior Wired writer Mat Honan's Apple account was compromised in a high-profile hacking incident last year, which led both Amazon and Apple to reevaluate their authentication practices.

Apple yesterday rolled out two-step verification, a security measure that promises to further shield Apple ID and iCloud accounts from being hijacked. Unfortunately, today a new exploit has been discovered that affects all customers who haven't yet enabled the new feature. It allows anyone with your email address and date of birth to reset your password — using Apple's own tools. We've been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple's iForgot page. It's a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand. Out of security concerns, we will not be linking to the website in question.