Become a MacRumors Supporter for $25/year with no ads, private forums, and more!
  • Did you order new AirTags? We've opened a dedicated AirTags forum.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
52,392
14,090



Apple recently emailed Apple ID users with two-step verification enabled to inform them that, upon installing iOS 11 or macOS High Sierra, they will be automatically updated to its newer two-factor authentication method.

ios_11_two_factor_authentication.jpg

Apple introduced two-factor authentication in 2015 as an improved version of its two-step verification method for securing an Apple ID account with both a password and a secondary form of verification. Two-factor authentication requires an Apple device with iOS 9, OS X El Capitan, watchOS 2, any tvOS version, or later.

The two security methods are similar in many ways, but two-factor authentication automatically sends a six-digit verification code to all trusted devices registered to a given Apple ID, whereas two-step verification manually prompts users to send a four-digit code to any SMS-capable trusted device registered.

Two-factor authentication also displays a map on all trusted devices with an approximate location of where an Apple ID sign-in attempt occurred when a user is trying to access the account from an unknown device or on the web.

macos-sign-in-2fa.jpg

Apple's two-factor authentication method disables the Recovery Key by default, since offline verification codes can be generated on trusted devices in the Settings app. On iOS, users can still enable the Recovery Key as a backup method in Settings > Apple ID > Password & Security > Recovery Key.

The full text of the email is copied below:
If you install the iOS 11 or macOS High Sierra public betas this summer and meet the basic requirements, your Apple ID will be automatically updated to use two-factor authentication. This is our most advanced, easy-to-use account security, and it's required to use some of the latest features of iOS, macOS, and iCloud.

Once updated, you'll get the same extra layer of security you enjoy with two-step verification today, but with an even better user experience. Verification codes will be displayed on your trusted devices automatically whenever you sign in, and you will no longer need to keep a printed recovery key to make sure you can reset a forgotten password.
iOS 11 and macOS High Sierra public betas will be available in late June through the Apple Beta Software Program. The software updates will be available for all eligible iOS devices and Macs in the fall.

Article Link: Apple Migrating iOS 11 and macOS High Sierra Users With Two-Step Verification to Two-Factor Authentication
 
  • Like
Reactions: MOU

splitpea

macrumors 65816
Oct 21, 2009
1,017
245
Among the starlings
So... does that mean that those of us who use our Apple IDs with devices that remain on older OS versions will no longer be able to authenticate on those older devices if we upgrade any of the others?
 
  • Like
Reactions: John.B
Comment

Amazing Iceman

macrumors 601
Nov 8, 2008
4,155
1,818
Florida, U.S.A.
So... does that mean that those of us who use our Apple IDs with devices that remain on older OS versions will no longer be able to authenticate on those older devices if we upgrade any of the others?
There's a workaround for older devices. The instructions to authenticate are slightly different. Just pay attention at the prompt and make sure to understand it and then follow the instructions.
 
Comment

LordQ

Suspended
Sep 22, 2012
3,582
5,651
So... does that mean that those of us who use our Apple IDs with devices that remain on older OS versions will no longer be able to authenticate on those older devices if we upgrade any of the others?
I have an iPad 1 and an Apple TV 3, In order to authenticate Apple will send you the 4-digit access code, you will then need to type your usual password followed by the 4 numbers. Easy :)
 
Comment

hagar

macrumors 65816
Jan 19, 2008
1,010
2,072
I got that email last week and it was not at all clear what they were saying or what the difference is between the two methods. Very un-Apple.

This article makes it clear. I hope it's based on an updated form of the mail.
 
Comment

Joe Rossignol

Editor
Staff member
May 12, 2012
686
1,943
🇨🇦
I got that email last week and it was not at all clear what they were saying or what the difference is between the two methods. Very un-Apple.

This article makes it clear. I hope it's based on an updated form of the mail.
They only sent the one email. I received it too, and did some research into it. Glad it helps!
 
Comment

DCYorke

macrumors member
Apr 7, 2010
38
171
None of my devices have the option for a recovery key (Settings > Apple ID > Password & Security > Recovery Key). I know MacRumors is in Canada, I'm in the states. Could this be a regional thing?
 
Comment

kavi91

macrumors newbie
Jun 12, 2017
2
0
"Apple's two-factor authentication method disables the Recovery Key by default, since offline verification codes can be generated on trusted devices in the Settings app. On iOS, users can still enable the Recovery Key as a backup method in Settings > Apple ID > Password & Security > Recovery Key."

There is NOT an option to generate a recovery key as a backup method. The recovery key only applies to 2 Step users not 2 Factor.
[doublepost=1497284910][/doublepost]
None of my devices have the option for a recovery key (Settings > Apple ID > Password & Security > Recovery Key). I know MacRumors is in Canada, I'm in the states. Could this be a regional thing?

There is NOT an option to generate a recovery key as a backup method. The recovery key only applies to 2 Step users not 2 Factor.
 
Comment

atbaldwin

macrumors newbie
Sep 24, 2014
10
2
What if you only own one or only currently have access to one Apple device? I must be misunderstanding because it seems like a prerequisite to using an Apple ID going forward is that you own - and have reliable/frequent access to - at least two Apple devices.

Please tell me I'm wrong. Please?
 
Comment

vmachiel

macrumors 68000
Feb 15, 2011
1,746
1,298
Holland
So... does that mean that those of us who use our Apple IDs with devices that remain on older OS versions will no longer be able to authenticate on those older devices if we upgrade any of the others?

Nothing. Factor auth works since iOS 9.
[doublepost=1497285180][/doublepost]
What if you only own one or only currently have access to one Apple device? I must be misunderstanding because it seems like a prerequisite to using an Apple ID going forward is that you own - and have reliable/frequent access to - at least two Apple devices.

Please tell me I'm wrong. Please?

It's not mandatory to use two factor, it's just an upgrade from two step.
 
Comment

kavi91

macrumors newbie
Jun 12, 2017
2
0
You should be able to use two factor with just one device, because remember you set up a phone number as a backup and apple will be able to send SMS to that number.
 
Comment

GrumpyMom

macrumors G3
Sep 11, 2014
9,494
13,616
What if you only own one or only currently have access to one Apple device? I must be misunderstanding because it seems like a prerequisite to using an Apple ID going forward is that you own - and have reliable/frequent access to - at least two Apple devices.

Please tell me I'm wrong. Please?
Welcome to the forum. I have difficulty understanding any of this myself. It's not the type of information I can process on only one cup of tea like I limited myself to this morning. I need one and a half cups of coffee and to actually be attempting to do the whatevers and whatsahoozits involved. I'm a learn as I do kind of person, usually.

Fortunately when my husband isn't available to help me the staff and members here have so far been able to get me out of all the jams.

This would hopelessly confuse my elderly inlaws. We don't even password protect their iPad anymore. That was a complete disaster when my sister in law did that to them. They only use the iPad to play card games and read the news.
 
  • Like
Reactions: centauratlas
Comment

Joe Rossignol

Editor
Staff member
May 12, 2012
686
1,943
🇨🇦
"Apple's two-factor authentication method disables the Recovery Key by default, since offline verification codes can be generated on trusted devices in the Settings app. On iOS, users can still enable the Recovery Key as a backup method in Settings > Apple ID > Password & Security > Recovery Key."

There is NOT an option to generate a recovery key as a backup method. The recovery key only applies to 2 Step users not 2 Factor.
[doublepost=1497284910][/doublepost]

There is NOT an option to generate a recovery key as a backup method. The recovery key only applies to 2 Step users not 2 Factor.
That's odd.

I have Two-Factor Authentication enabled and see the Recovery Key option still on the iOS 11 developer beta.
 
Comment

drjeffsykes

macrumors newbie
Jun 23, 2010
9
0
You should be able to use two factor with just one device, because remember you set up a phone number as a backup and apple will be able to send SMS to that number.

I can attest to this. My wife's iCloud account is used only for her phone. When we bought new phones last month, the two-factor authorization was required to complete the setup. When the new phone asked for the code that was sent to her trusted device, we simply responded that no code was received and were then given the option of having it sent by text to her number. The new phone received the code and automatically processed it, allowing the setup to proceed.
 
Comment

danmart

macrumors 65816
Apr 24, 2015
1,446
849
Lancs, UK
I wonder if the map will show an accurate location for UK users other than just showing London? I'm almost never in London.

This confuses my dad no-end when he gets a message.
 
  • Like
Reactions: 69650
Comment

Apple_Robert

Contributor
Sep 21, 2012
24,394
29,479
In the middle of several books.
I have iOS 11 installed and don't recall getting an email from Apple. Haven't upgrades to MacOS High Sierra, yet. Would have been good if Apple left a message on the Developer account as well. I would have definitely seen it then.
 
Comment

justperry

macrumors G4
Aug 10, 2007
11,579
8,265
I'm a rolling stone.
"Apple's two-factor authentication method disables the Recovery Key by default, since offline verification codes can be generated on trusted devices in the Settings app. On iOS, users can still enable the Recovery Key as a backup method in Settings > Apple ID > Password & Security > Recovery Key."

There is NOT an option to generate a recovery key as a backup method. The recovery key only applies to 2 Step users not 2 Factor.
[doublepost=1497284910][/doublepost]

There is NOT an option to generate a recovery key as a backup method. The recovery key only applies to 2 Step users not 2 Factor.

That's odd.

I have Two-Factor Authentication enabled and see the Recovery Key option still on the iOS 11 developer beta.

Same here, it's there, even on iOS with Two Factor enabled.
 
Comment

MJedi

macrumors 6502a
Dec 16, 2010
815
231
I had to switch from to 2 Factor in order to use the Unlock with Apple Watch feature on Sierra. I wish there was an option to choose which devices get the verification code. Right now, it gets sent to EVERY DEVICE where my iCloud account is logged in. That's annoying, and could potentially be a security issue.
 
Comment

PBG4 Dude

macrumors 68040
Jul 6, 2007
3,306
2,807
So... does that mean that those of us who use our Apple IDs with devices that remain on older OS versions will no longer be able to authenticate on those older devices if we upgrade any of the others?
So far, I cannot log into my Apple ID on my iPad 1, the very first model from 2010. It's a bit frustrating.
The message says to input the two factor code but there is no way to do so.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.