Two-Factor Authentication strengthens the security of your Apple ID by preventing anyone from accessing or using it, even if they know your password. With Two-Factor Authentication, one of your trusted devices generates a one-time code when you make a purchase or sign in to your Apple ID, iCloud, iCloud.com, iMessage, FaceTime or Game Center account on a new device. Two-Factor Authentication is also required for Auto Unlock so you can unlock your Mac by wearing an Apple Watch.
In this tutorial we’ll show you how to protect your Apple ID with Two-Factor Authentication or, if you’re still using the older and less secure Two-Step Verification, upgrade to Two-Factor Authentication.
Two-Factor Authentication vs. Two-Step Verification
Two-Factor Authentication is the preferred protection system for Apple IDs.
It replaces Two-Step Verification and is more secure because it’s integrated deeply into the bowels of iOS and macOS. The older, less reliable Two-Step Verification system relies on different methods to trust devices and deliver verification codes.
With Two-Factor Authentication enabled, a six-digit code is required to verify your identity using one of your devices or another approved method before you can:
- Sign in to your Apple ID account page on the web
- Sign in to iCloud on a new device
- Sing in at iCloud.com in a web browser
- Sign in to iMessage, Game Center or FaceTime or a new device
- Make an iTunes, iBooks or App Store purchase from a new device
- Get Apple ID related support from Apple
See Apple’s support document for more information about Two-Factor Authentication, including an up-to-date list of countries where this feature is available.
System requirements for Two-Factor Authentication
In order to use Two-Factor Authentication, you must own one of the following devices:
- iPhone, iPad or iPod touch with iOS 9 or later
- Mac with OS X El Capitan or later and iTunes 12.3 or newer
- Apple Watch with watchOS 2 and up
- Windows PC with iCloud for Windows v5.0 or later and iTunes 12.3.3 and up
Logging into your Apple ID on a device that has software earlier than specified above may yield a message saying Two-Factor Authentication is unavailable so make sure your gadgets meet the requirements and run the latest software.
Protecting Apple ID with Two-Factor Authentication
If your Apple ID is protected with the older Two-Step Verification method, you must first disable it before you can opt in to Two-Factor Authentication, Unfortunately, Apple does not provide a direct upgrade path for Two-Factor Authentication.
If you already use the newer Two-Step Verification system, skip this section and proceed with the steps outlined in the section titled “Enabling Two-Factor Authentication”.
Disabling Two-Step Verification
1) Sign in to your Apple ID account page using a desktop web browser.
2) Click Edit under the Security heading.
3) Click Turn Off Two-Step Verification, then create three new security questions and verify your birth date and phone number when asked.
You will receive an email from Apple confirming that Two-Step Verification for your Apple ID account has been turned off and the Apple ID account page will reflect the change.
You can now protect your Apple ID with Two-Factor Authentication.
Enabling Two-Factor Authentication
1) Go to System Preferences → iCloud → Account Details → Security on your Mac. Alternatively, open Settings → iCloud → your Apple ID → Password & Security on your iPhone, iPad or iPod touch.
2) Click Set Up Two-Factor Authentication and follow the onscreen instructions.
You must provide three security questions and answers, verify your birth date, add a rescue email and verify a mobile phone number where Apple will send you verification codes when your trusted devices are unavailable.
If you see a message that some of your devices are incompatible with Two-Factor Authentication, hit Turn On Anyway to continue. Enrolling in Two-Factor Authentication will replace your iCloud Security Code with your device passcode.
To enable Two-Factor Authentication on the web: log into the Apple ID account page, click Edit under the Security heading, hit the link “Get Started…” below the Two-Step Verification heading and follow the onscreen instructions.
The Apple ID account page lists under the Trusted Devices heading all your Apple devices which are capable of generating Two-Factor Authentication codes. Any iOS device with Find My iPhone enabled can generate these codes.
Now all that’s left for you to do is double-check that Two-Factor Authentication has really been enabled by following the instructions below.
Verifying that Two-Factor Verification is enabled
To double check that you’re using Two-Factor Authentication or that you’ve successfully upgraded your Apple ID from the older Two-Step Authentication system to the more secure Two-Factor Verification, do the following:
1) On your Mac, open System Preferences → iCloud, click the Account Details button, then click the Security tab and make sure Two-Factor Authentication is on.
2) On your iPhone, iPad or iPod touch, go to Settings → iCloud, tap your name to reveal account details, then tap Password and Security and make sure that Two-Factor Authentication is on.
3) If you own an Apple Watch, open the companion Watch app, go to My Watch → General → Apple ID and verify your Apple ID is showing.
That’s it, your Apple ID account is now protected with Two-Step Verification.
How to use Two-Factor Authentication
With Two-Factor Authentication enabled, you’ll verify your identity by entering both your Apple ID password and a six-digit verification code any time you sign in to the Apple ID page or iCloud.com, make an iTunes, iBooks or App Store purchase from a new device or sign in to iMessage, FaceTime or Game Center on a new device.
A prompt that goes up on your trusted devices includes a mini-map showing you where the sign-in attempt is coming from. Tap Allow to get a one-time six-digit verification code that you must type into your other device to verify the login attempt.
How to manually generate Two-Factor Authentication codes
You can also manually generate a verification code at any time:
On your iOS device, go to Settings → iCloud, tap on your account name at the top, then hit Password & Security and select Get Verification Code.
On your Mac, click the Account Details button in System Preferences → iCloud, then click the button labeled Get A Verification Code found under the Security tab.
Now enter your six-digit verification code into your other device to sign in.
With Two-Step Verification enabled, your Apple ID account will be more secure than ever and you will be able to use advanced features like Auto Unlock in macOS Sierra and watch OS 3 which lets you get into your Mac simply by wearing an authenticated watch.