In a few weeks Apple is going to launch iCloud and ask users to trust it with much more personal data than it has had before. I assume that many thousands of users will willingly upload their photos and documents and many others will start using Apple's own mail service. However, it seems that Apple will still only allow users to protect their accounts using a basic email address and password combination. In 2011, we have seen that this is just not good enough. Passwords are vulnerable to all sorts of attacks, especially when the same ones are used across multiple services. To me, Google seems to be leading the way in this area. Earlier in the year it launched a quite fantastic two step authentication system that ensures that even if a hacker knows a user's password, they won't be able to log in to their account. More information in this video: I've been using this since it launched and I haven't had one issue getting a code or logging in to my account. Valve also offers a similar system, where a code is emailed to a user's registered email address when they (or a hacker) logs in on a new computer. A hacker would need a user's password AND access to their email account to be able to access their Steam account. Many banks also offer users free code generation devices to ensure that hackers also can't access accounts if they know the user's password. My question is - why is Apple not doing more in this space to develop security options that benefit users and also educate them about keeping their accounts secure?