The Cupertino-based giant in an email titled "Two-step verification now protects iCloud" detailed the new changes.
The email (via Engadget) reads, "Starting today [Tuesday], in addition to protecting your Apple ID account information, two-step verification also protects all of the data you store and keep up to date with iCloud." The company also points users to its two-step verification support page.
The company also revealed that starting October 1, app-specific passwords will be required to access to third-party apps such as Microsoft Outlook, Mozilla Thunderbird, and BusyCal, which do not support the two-step verification feature. More details can be found on Apple's support page.
The email further said, "Sign in securely with app-specific passwords: If you use iCloud with any third party apps, you can now generate app-specific passwords that allow you to sign in securely even if the app you are using does not support two-step verification."
Ars Technica reported the roll-out of two-step verification for iCloud first, and noted, "The accounts of victims of social engineering attacks or those who used passwords based on personal data could be harvested of their backup data-allowing the attacker to gain access to photos, call records, SMS records, e-mail, and other personal data."
Apple Insider points out that the new two-step verification does not include Find My iPhone by default, which allows users to deactivate or wipe data from a trusted device remotely if lost or stolen.
The move to expand the two-step verification to Apple iCloud is aimed at restoring confidence in Apple's security since the leak of racy nude celebrity photos reported earlier this month, sparking widespread criticism of Apple's security processes from all over the world.
Earlier this year, Apple expanded availability of its two-step verification feature for iCloud and Apple ID users to 59 countries, a list that included India as well.
For the uninitiated, Apple ID users can go to the Password and Security tab to enable the two-step verification. Users will also need to register one or more trusted devices. Following this, a 4-digit verification code is sent via SMS or through the Find My iPhone app, if installed.
After enabling it, users won't need to remember answers to security questions each time they set-up a new device with that ID. Apple also sends a 14-digit Recovery Key for safekeeping which users can use to access their account if they forget their password or lose their device.
Also, Apple does not allow two-step verification setup to proceed if the user had recently made any significant changes including resetting his password or selecting new security questions to his account information and puts a waiting period as a security measure.