Two-step verification is available for iMessage and FaceTime, after coming to iCloud last year.
FaceTime is Apple's video call feature available on iOS devices and Macs, where as iMessage is the company's messaging service also available across its devices and computers, and both now take advantage of two-step verification, which requires you to enter a unique code along with a password before being able to access your accounts.
According to The Guardian, Apple has just quietly expanded two-step verification to iMessage and FaceTime. It works like this: if you're already signed into FaceTime or iMessage, you won't have to verify your identity right now, but if you should ever log out and attempt to sign back in, Apple will prompt you to use two-step verification.
With FaceTime, for instance, Apple requires you to log into your account through the web and generate an app-specific password in order to regain access. Apple has a different two-step setup with iCloud; once you sign in to manage your Apple ID at My Apple ID or attempt to make an iTunes purchase from a new device, you have to verify your identity.
To verify your identity through iCloud, Apple makes you enter both your password and a 4-digit verification code (which is sent to the mobile phone number filed for your account). The idea is that it's harder for a hacker to breach your account if they must obtain two sign-in credentials rather than just a single, typical password.
Prior to today's expansion, Apple only guarded iCloud. FaceTime and iMessage were unprotected, meaning all you needed was an Apple ID email address and a typical password to gain access.