Protecting your Apple account from unauthorized users is vital. If someone gets access to your Apple ID, they might be able to access your data, wipe your devices, and more.

Strong passwords are always recommended to keep your Apple ID account secure, but you can boost your security even more by enabling two-factor authentication on your Apple account. Here’s how to use it and avoid potential pitfalls.

What Is Two-Factor Authentication?

Two-factor authentication (2FA) is a second layer of protection you can add to many accounts and services, which provides additional verification whenever you log in to your account.

If you have two-factor authentication enabled, you’ll enter your password like normal whenever you access your account on a new device for the first time. But then the 2FA system will send you a code on a trusted device (like your phone). Entering this code on an unfamiliar device will allow you to log in.

Thus, even if someone steals your password, they can’t get into your account unless they also have one of your trusted devices. This makes it significantly harder to break into accounts than with a password alone. This isn’t just for your Apple account—we also have a guide to enabling 2FA for social media accounts.

How Does Apple’s Two-Factor Authentication Work?

Apple’s two-factor authentication works similarly to other 2FA methods. Unsurprisingly, it’s very Apple-centric, so you won’t be able to use a 2FA authenticator app, as other companies use.

Whenever you log on to your Apple ID account on a new device, you’ll need to verify or approve a new login using a trusted Apple device that you’ve previously approved. Once it’s all set up, it’s pretty easy to use.

Two-factor authentication can be used while logging in to any iPhone, iPod, iPad, Mac, Apple Watch, Apple TV, or Windows device. However, you’ll only be able to approve logins from trusted iPhones, Macs, or Apple Watches. We’ve explained how to set up two-factor authentication on your Apple devices below.

Turning On Apple Two-Factor Authentication on Your iPhone

We’ll start with how to enable two-factor authentication on an iPhone. On your iPhone, navigate to Settings > [Your Name] > Password & Security. You’ll be prompted to enter your Apple ID password to proceed.

On the Password & Security screen, tap Turn On Two-Factor Authentication. You’ll see an Apple ID Security screen. Tap Continue, then enter your phone number and how you want to verify (text or phone call).

Once you set up a verification phone number, you’ll receive a verification code via your chosen method. After you verify, you may need to enter your iPhone’s passcode to complete the setup. Once you’ve set up two-factor authentication, you can confirm it’s turned on in the Password & Security settings.

Now you can use your iPhone to get verification codes. You’ll get one if you use your Apple ID on another device or sign in to iCloud.com.

Turning On Apple Two-Factor Authentication on Your Mac

Enabling two-factor authentication on your Mac is also fairly straightforward. On your Mac, open System Preferences and click on Apple ID, then select Password & Security from the left-hand pane.

iCloud Settings in System Preferences

Next, select Turn On Two-Factor Authentication. On the next screen, click Continue. Enter your verification phone number and click Continue again. Once two-factor authentication is set up on your Mac, you’ll see a green light confirming this. At this point, you can use your Mac to get verification codes just like you would with your iPhone.

Two Factor Authentication Mac

Turning on Apple Two-Factor Authentication From the Apple Website

You can also enable two-factor authentication directly from Apple’s website. To do this:

  1. Log in to appleid.apple.com using your Apple ID and password.
  2. Answer the security questions that are prompted, then select Continue.
  3. You’ll see an option to upgrade your account’s security. Click on Continue.
  4. Click on Upgrade Account Security.
  5. Enter the phone number you want to receive verification codes on when you sign in. You can choose to receive the security codes by either text message or via an automated phone call.
  6. Click on Continue, and enter the verification code to verify your phone number and enable two-factor authentication.

If you don’t have any trusted devices set up on your Apple ID, you’ll get a code on your trusted number to log in on any new device.

How to Use Two-Factor Authentication on Your Apple Device

Whenever you log into a new device with your Apple ID, your trusted device will display a message saying, “Your Apple ID is being used to sign in to a new device.”

Two Factor Authentication Approval Mac

If you Allow the new device, a resulting verification code will appear on the trusted device (in this case, an iPhone).

Next, enter the code and log in from the new device. If it seems simple, that’s because it is, and it works pretty well, most of the time.

An example 2FA might not help is if your trusted device stops working, you lose your phone, you’re locked out of it, or something similar, then it can cause major headaches. We’ll show you how to avoid disaster shortly.

Can You Turn Off Apple Two-Factor Authentication?

Apple used to give users an option to turn off two-factor authentication, but that’s no more. Once you’ve enabled 2FA on your account, you’ll have to stick with it. Apple says this is because some integral iCloud features on iPhones and Macs need two-factor authentication to run properly.

If You Can’t Receive Two-Factor Authentication Codes

If you can’t receive two-factor authentication verification codes, you need to use another method to access your Apple ID account. To do this, click Didn’t get a verification code after you try to log into your account on Apple’s website. Then choose More Options from the resulting dialog.

Two Factor Authentication Apple website

Next, click start account recovery to see the three available verification options. You can use the first two with your trusted device, assuming you have it. If your device is offline, you can still generate a verification code from the Password & Security settings. Similarly, if you can’t receive phone calls or texts to your account phone number, you can add another one.

Additional Verification Methods Mac

If you cannot use these methods to access your account, you’ll have to recover it through Apple using the last option on the recovery screen. When you request to recover your account through Apple, you will have to wait “several days or more” to update your phone number, so this requires some patience.

Obviously, there isn’t much you can do to prevent losing your device. If you are simply changing devices or your phone number, we recommend having at least a secondary phone number added to your account in case you need it.

Apple’s Two-Factor Authentication: Good but Flawed

When Apple’s two-factor authentication works, it works well. But you might encounter those times when it can be a little iffy. It seems like it’s always the time when you need to really access your Apple ID when it suddenly becomes an impediment. Fortunately, important iCloud features such as Find My can be accessed without two-factor authentication, allowing you to save some time and hassle if you don’t have access to a device.

If you do use two-factor authentication enabled (and you really should), then be sure to take those few extra steps to ensure that you’re never locked out of your account. It could be as simple as adding a secondary phone number.