A look at Apple’s new, more secure 2-factor authentication in iOS 9 and El Capitan

iOS 9 two-factor authentication teaser 001

At WWDC, Apple has made a promise to step up security with native two-factor authentication in iOS 9 and OS X El Capitan. Before today, the feature was unavailable on iOS 9 betas prior to beta 3.

But with today’s release of iOS 9 beta 3, the new system has made its debut, with some users offered the option to upgrade their Apple ID to use the new two-factor authentication.

Here’s what you need to know about this new system, how it increases your security and how it’s different from Apple’s existing two-step verification process.

How does “old” two-step verification work?

To begin with, Apple’s two-step verification has been available since March 2013.

It’s since added a growing list of countries and an expanding list of services to protect, including Apple ID and iCloud accounts, FaceTime, iMessage and more.

It introduces an additional layer of security by augmenting your Apple ID user name and password with a one-time code generated by your trusted device, basically an iPhone, iPod touch or iPad enrolled in two-step verification.

After you enable two-step verification on your Apple ID, you’ll need to verify your identity using one of your devices before you can:

  • Sign in to My Apple ID to manage your account
  • Sign in to iCloud on a new device or at iCloud.com
  • Sign in to iMessage, Game Center or FaceTime
  • Make an iTunes, iBooks, or App Store purchase from a new device
  • Get Apple ID related support from Apple

How does “new” two-step authentication work?

The new two-step authentication system in iOS 9 and El Capitan builds on that foundation in order to tighten up your security even more, by engineering two-step authentication deep into the bowels of the new operating systems.

For starters, verification codes have gone from four to six digits.

Your six-digit verification code will be displayed automatically on your trusted iOS 9 or El Capitan devices whenever you sign in with your Apple ID on a new device or browser, letting you sign in securely.

And compared to the existing two-step verification, the new two-step authentication uses different methods to trust devices and deliver verification codes while offering “a more streamlined” experience.

What’s a trusted device?

A trusted device is an Apple device running iOS 9 or OS X El Capitan that you have already signed in to using two-factor authentication.

“It is a device we know is yours and that can be used to verify your identity by displaying a verification code from Apple when signing in on another device or browser,” explains Apple.

Like before, the codes are delivered as push notifications, or you can receive them on your phone via a text message or phone call instead. You will need to verify at least one phone number to enroll in the new two-factor authentication system.

How do I manage my trusted device under the new system

You can view and manage a list of your trusted devices in the Devices section of your Apple ID account at Settings > iCloud > Account on your iOS device, or System Preferences > iCloud > Account details on your Mac.

Once a device/browser is verified and you opt to trust it going forward, you won’t have to enter a verification code the next time you sign in from that device unless:

  • You erase your device
  • Remove it from your trusted devices list
  • Need to change your password for security reasons

Removing a device from your list of trusted devices will ensure that it can no longer be used to receive verification codes.

Upgrading your Apple ID to use two-factor authentication

You can upgrade your Apple ID to use the new two-factor authentication if you run iOS 9 beta 3 or El Capitan beta 3.

“During the iOS 9 and OS X El Capitan public betas, enrollment in two-factor authentication will be limited,” says Apple. “Individual accounts will be made eligible gradually until we can offer the service to everyone.”

If you’re on iOS 9 and OS X El Capitan beta installations earlier than beta 3, and you upgrade your Apple ID to the new two-step authentication, you may no be able to sign in to services that use Apple ID.

Using two-step authentication with older OS versions

Those already enrolled in the existing two-step verification system needn’t worry as all features will continue to work separately for you.

The new two-step authentication is integrated tightly into iOS 9 and El Capitan, but using it on a device running an older version of iOS or OS X may prompt you to append a six-digit verification code to the end of your password instead of in a dedicated verification code field.

Apple says devices running older OS versions will not receive verification codes, “except in the case of an iPhone that can receive verification codes via a text message or phone call to your trusted phone number.”

Final words

If you already use Apple’s existing two-step verification service, you’re strongly discouraged from attempting to enroll in the new two-factor authentication system in iOS 9 and El Capitan until the operating systems release for public consumption this fall and the feature is offered to everyone.

Come this fall, customers who set up iOS 9 or El Capitan on their devices will be offered to upgrade their Apple ID to two-factor authentication as part of the device setup process.

Apple’s newly published FAQ, available on its portal for developers, details two-factor verification for the public betas of iOS 9 and OS X El Capitan, which are launching later this month.

In addition to the new two-step authentication, iOS 9 has security focused features like six-digit passcodes, a new default for passcodes on Touch ID–enabled iPhones and iPads.

Compared to four-digit passcodes that have about 10,000 possible combinations, six-digit ones are a lot tougher to crack with more than a million possible combinations.

Will you be checking out Apple’s new two-step authentication in iOS 9 and El Capitan or will you stick to the proven two-step verification method?