If you feel that your personal security has been compromised, or find out the security of a service you do business with has been, like Apple’s developer website, then you should update the account passwords you have with those services as soon as possible. It is always a good idea to change all of your account passwords on a regular basis anyway; every 60 days, according to the Defense Information Systems Agency.
It may surprise you that there is no app for managing your various Apple account IDs and passwords. But here’s a quick primer on updating your iTunes and iCloud passwords, and on enabling two-step verification on your Apple ID — if you have not done so already.
Managing your Apple ID
At core of every Apple account, be it your iCloud, iTunes, Apple Online Store, Support Forums or Developer account, is an Apple ID. You use your Apple ID to opt in and gain access to each of Apple’s many online services. You manage your Apple ID at https://appleid.apple.com. You can also get to this site directly from Apple’s support page.
Update your account info
The information you provide to Apple when setting up your Apple ID will be used in situations to verify your identity with Apple’s support technicians.
So it is a good idea to keep your account information as accurate and up-to-date as possible — this includes your real name, address and phone numbers in addition to the following:
Choose a new password: Select “Password and Security” from the Apple ID’s main management web page. Here you can update your password to a new, more secure password.
Change your security question: Create a security question that only you know the answer to.
Add an alternate email: After you update your password, go back to the “Name, ID and Email Addresses” and make sure you have at least one alternate address set up on your account.
Two-step verification is an additional layer of security that requires you to verify you are who you say you are before you can use your account. To activate two-step verification, you need first log on to the Apple ID management site detailed above, select “Password and Security” and follow the steps after clicking on the “Get started…” link.
Four-digit PIN: When you first set up two-step verification, there will be a three-day waiting period before you can complete the process with a trusted device and create a four-digit PIN. This pin will be used any time you make an iTunes, App Store or iBookstore purchase from a new device. To complete the setup process, simply return to https://appleid.apple.com after the three days have passed as indicated in the reminder email that Apple will send you. Your PIN will then be sent to one of the trusted devices listed via SMS or via a Find My iPhone alert message.
14-digit recovery key: Equally as important as the PIN that you will receive is the 14-digit Recovery Key. Print this out and keep it safe with all of your other important paper documents. This recovery key will be used if you ever forget your password or lose one of the devices you have configured with your Apple ID. Losing this key due to a hardware malfunction like a corrupt hard drive. Note: Apple Support can not reset your password on your behalf. To reset your password, you must have your Recovery Key and access to at least one of your trusted devices.
Not everything is secure
Even after setting up two-step verification, all of your data and information is still not totally secure. Shortly after going live with two-step verification for your Apple IDs it was discovered that your iCloud backups were not totally protected. Protect your password and personal information as much as possible, but realize nothing is ever totally secure.