Protecting your Apple ID from unauthorized use is vital. At the least, you hopefully have a memorable but strong password.
To take your account security even further, you need to add two-factor authentication as well. Here’s how to use it and avoid potential pitfalls.
What Is Two-Factor Authentication?
Two-factor authentication (2FA) is a second layer of protection you can add to many accounts and services.
With it, when you access your account on a new device for the first time, you’ll enter your password like normal. But then the two-factor authentication system will provide you a code on a trusted device (like your phone). Entering this on the unfamiliar device will allow you to log in.
Thus, even if someone steals your password, they can’t get in unless they have one of your trusted devices. This makes it significantly harder to break into accounts than with a password alone.
This isn’t just for your Apple account—we also have a guide to enabling 2FA for social media accounts.
How Does Apple’s Two-Factor Authentication Work?
Apple’s two-factor authentication works similarly to other 2FA methods. Unsurprisingly, it’s very Apple-centric so you won’t be able to use a 2FA authenticator app.
If you have it turned on, whenever you log into a new device with your Apple ID, your trusted device(s) will display a message. This is shown below on a Mac:
If you allow the new device, a resulting verification code will appear on the trusted device (in this case, an iPhone).
Next, enter the code and log in from the new device.
If it seems simple, that’s because it is and it works pretty well, until it doesn’t. For example, if your trusted device stops working, you lose your phone, you’re locked out of it, or similar, then it can cause major headaches. We’ll show you how to avoid disaster shortly.
First, let’s cover how to actually turn on your Apple ID’s two-factor authentication.
Turning On Apple Two-Factor Authentication (iPhone)
You can only enable two-factor authentication using an iOS device such as an iPhone or iPad, or on a Mac.
We’ll start with how to turn it on with an iPhone. First, open Settings > [Your Name] > Password & Security. You’ll be prompted to enter your Apple ID password to proceed.
On the Password & Security screen, tap Turn On Two-Factor Authentication. You’ll see an Apple ID Security screen. Tap Continue, then enter your phone number and how you want to verify (text or phone call).
Once you set up a verification phone number, you’ll receive a verification code via your chosen method. After you verify, you may need to enter your iPhone’s passcode to complete setup. Once you’ve set up two-factor authentication, you can confirm it’s turned on in the Password & Security settings.
Now you can use your iPhone to get verification codes. You’ll get one if you use your Apple ID on another device, or sign into iCloud.com or AppleID.apple.com.
Turning On Apple Two-Factor Authentication (Mac)
As mentioned, you can only use two-factor authentication on your Apple devices, which includes Macs. If you have a Mac, open System Preferences and click on iCloud > Account Details.
Next, select Turn On Two-Factor Authentication.
On the next screen click Continue. Enter your verification phone number and Continue again.
Once two-factor authentication is set up on your Mac, you’ll see a green light confirming this.
At this point, you can use your Mac to get verification codes just like you would with your iPhone.
Turning Off Apple Two-Factor Authentication
While you must turn on two-factor authentication using your Apple device, you can only turn it off at >AppleID.apple.com. There are two methods to do this.
The first method assumes you know your Apple ID, password, and have one of your trusted devices handy to receive or generate a verification code.
If You Can Access Your Apple ID Account
First log into the Apple ID website (you’ll have to verify first) and click the the Edit button in the upper-right corner of the Security section.
On the resulting page, click Turn Off Two-Factor Authentication. Confirm by clicking Turn Off Two-Factor Authentication again on the next screen.
Now it’s time to select some security questions. You want select and answer these questions carefully. If you forget your password (which is easy to do), you will need to know the answers to these questions to get back into your Apple ID account.
Confirm your birthday and supply a rescue email. This is necessary should you ever need to reset your Apple ID password and security questions if you forget them. Click Continue to finish.
On the final screen, you’ll see a verification that 2FA has been disabled on your Apple ID. At this point, your account is only protected with your password and security questions.
If You Cannot Access Your Apple ID Account
The second way to turn off two-factor authentication is a worse scenario: you’ve forgotten your Apple ID and/or password and do not have any trusted devices.
On the Apple ID login screen, click Forgot Apple ID or password at the bottom of the page. Enter your Apple ID (if you don’t remember it, you can look it up here) and choose Continue.
You will need to confirm your phone number. Since this scenario assumes you don’t have your iPhone available, click Don’t recognize this number and then Turn Off.
Next, click Continue to confirm you want to turn off 2FA. You’ll then need to verify your birthday.
At this point, remembering the answers to your security questions is vital. If you cannot remember your answers, you may need to recover your account through Apple.
If you can answer them, all you need to do is create a new Apple ID password. You can then turn off two-factor authentication.
If You Can’t Receive Two-Factor Authentication Codes
If you can’t receive two-factor authentication verification codes, you need to use another method to access your Apple ID account.
To do this, click Didn’t get a verification code after you try to log into your account. Then choose Need Help from the resulting dialog.
Next, click start account recovery to see the three available verification options. You can use the first two with your trusted device, assuming you have it.
If your device is offline, you can still generate a verification code from the Password & Security settings.
Similarly, if you can’t receive phone calls or texts to your account phone number, you can add another one.
If you cannot use these methods to access your account, you’ll have to recover it through Apple using the last option on the recovery screen.
When you request to recover your account through Apple, you will have to wait “several days or more” to update your phone number, so this requires some patience.
Obviously, there isn’t much you can do to prevent losing your device. If you are simply changing devices or your phone number, it might be a good idea to temporarily disable two-factor authentication first until you have the new device completely set up.
Apple’s Two-Factor Authentication: Good but Flawed
When Apple’s two-factor authentication works, it works well. But you might encounter those times when it can be a little iffy. It seems like it’s always the time when you need to really access your Apple ID when it suddenly becomes an impediment.
If you do use two-factor authentication (and you really should) then be sure to take those few extra steps to ensure that you’re never locked out of your account. It could be as simple as adding a secondary phone number.
All two-factor authentication systems have definite pros and cons, but since getting hacked is always a concern, more security is always better.