How to Secure Your Apple ID Using Two-Factor Authentication

Discussion in 'Guides, How Tos and Reviews' started by MacRumors, Feb 5, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Apple introduced two-factor authentication (2FA) in 2015 to provide an enhanced level of security when accessing Apple ID accounts. With 2FA enabled, you'll be the only person who can access your account, regardless of whether someone learns your password - as the result of a hack or a phishing scam, for example - so it's well worth taking the time to enable the feature. In this article, we'll show you how.

    How Two-Factor Authentication Works

    2FA offers hardened security during login attempts by requesting that the user provides an extra piece of information only they would know.

    [​IMG]

    With 2FA enabled on your Apple ID account, the next time you try to log in you will be automatically sent a six-digit verification code to all the Apple devices you have registered to that Apple ID. If you try to access the account from an unknown device or on the web, 2FA also displays a map on all registered devices with an approximate location of where the Apple ID login attempt occurred.

    In basic terms, this is an improved version of Apple's older two-step verification method, which prompted users to send a four-digit code to a registered SMS-capable device. Apple automatically upgraded most two-step verification users to 2FA as of iOS 11 and macOS High Sierra, but if you're still on two-step verification for some reason, follow the steps below to manually upgrade to 2FA.

    How to Turn Off Two-Step Verification


    1. Open a browser and go to appleid.apple.com

      Enter your Apple ID and password in the login fields.

      In the Security section of your account page, click the Edit button on the right.

      Check to make sure two-step verification is enabled rather than two-factor authentication, and click Turn off two-step verification.
    How to Turn On Two-Factor Authentication in iOS

    To turn on 2FA using an iPhone or iPad, it needs to be running iOS 9 or later. Note that if you're running iOS 10 or later and you have any other, older devices tied to your Apple ID that aren't compatible with 2FA, you'll receive a compatibility warning during the setup process.

    On top of that, you'll also be asked to append a six-digit code to the end of your password whenever you authenticate a login on your older devices in future. You can potentially avoid this hassle by updating those devices to the latest version of iOS or macOS where possible.

    With that in mind, perform the following steps on your iOS device:

    1. Open the Settings app and tap your Apple ID banner at the top of screen.

      Tap Password & Security.

      Tap Turn On Two-Factor Authentication, and then tap Continue on the next screen.

      Tap Turn On Anyway if you see a compatibility warning about older devices.

      Check your phone number is correct. (If it isn't, tap Use a Different Number at the bottom of the screen and input a new number.)

      Select Text message or Phone call for verification, and then tap Next.

      Enter your Passcode.
    [​IMG]

    How to Turn On Two-Factor Authentication on a Mac

    If it's a Mac you're using to enable two-factor authentication then make sure it's running OS X El Capitan or later. To turn on 2FA on Mac, follow these steps:
    1. Click the Apple (?) symbol in the menu bar at the top left of the desktop, and select System Preferences.

      Click the iCloud preferences pane.

      Click the Account Details button and select the Security tab.

      Click Turn on Two-Factor Authentication, and then click Continue in the drop-down pane.

      Check your phone number is correct and click Continue.
    [​IMG]

    Verification Codes

    With 2FA enabled, you'll be prompted to enter a new verification code every time you log in to your Apple ID account using iCloud.com or another Mac or iOS device. These codes will automatically appear on devices that are already logged into your Apple ID, but you can also request them manually using an iPhone or iPad, like so:
    1. Open the Settings app and tap on your Apple ID banner at the top of the screen.

      Tap Password & Security.

      Tap Get Verification Code.
    [​IMG]


    Article Link: How to Secure Your Apple ID Using Two-Factor Authentication
     
  2. jaaraya macrumors newbie

    Joined:
    Feb 5, 2018
    #2
    User BEWARE!!
    There's currently no way to recover your account using two factor authentication if you lose or forget your password and or the recovery key.
    Without the recovery key the account and all its contents will be lost completely (all purchases)
    The recovery key must be store in a "safe deposit box" outside the residence in case your house burns down i.e. Cal Wild Fires, floods, etc. and your recovery key was stored at home in a "safe" place.
    DO NOT USE TWO FACTOR AUTHENTICATION if you do not store your password and recovery key outside the residence or in another cloud account where it can be readily accessed.
     
  3. twennywonn macrumors regular

    Joined:
    Mar 15, 2012
    #3

    This is obviously by design for security reasons.
     
  4. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #4
    Glad to see MR posting a much needed tutorial for those who may not know all that is involved.
     
  5. Primejimbo macrumors 68040

    Joined:
    Aug 10, 2008
    Location:
    Around
    #5
    Yes there is. With the old way (2 step verification) you needed a recovery key. This way they are doing now, you don’t. I’m actually helped a person recover their data and they got a phone call in 12 days and got their account unlocked.

    Personally, I rather have it so I need a recovery key.
     
  6. timborama macrumors 6502

    timborama

    Joined:
    Oct 12, 2011
    #6
    No way to recover if you lose your phone while travelling. Apple should allow two factor with a secondary email rather than phone number.
     
  7. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #7
    You can set up more than 1 trusted phone number.
     
  8. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #8
    Yep... you can even add your home phone and Apple will robo call you with the six digit code.
     
  9. MacknTosh macrumors regular

    Joined:
    Oct 24, 2015
    #9
    When I log in using 2FA, the map that pops up always shows a log in attempt near London.

    I live in Scotland, as do all my devices.

    Anyone else have this issue?
     
  10. timborama macrumors 6502

    timborama

    Joined:
    Oct 12, 2011
    #10
    I only have one phone/number. Seems like another devious lock-in by Apple.
     
  11. Primejimbo macrumors 68040

    Joined:
    Aug 10, 2008
    Location:
    Around
    #11
    Then get a google voice number.
     
  12. timborama macrumors 6502

    timborama

    Joined:
    Oct 12, 2011
    #12
    Better yet, don’t even bother activating it.
     
  13. Primejimbo macrumors 68040

    Joined:
    Aug 10, 2008
    Location:
    Around
    #13
    And these people will be ther 1st to cry “why didn’t Apple better protect my data?”:rolleyes:
     
  14. timborama macrumors 6502

    timborama

    Joined:
    Oct 12, 2011
    #14
    You mean people like you? If it’s an Apple breach then absolutely then Apple is to blame. If it’s a password breach then it’s on you. 2 factor won’t help again Apple server breach.
     
  15. ignatius345 macrumors 68000

    Joined:
    Aug 20, 2015
    #15
    If you set someone up as a "trusted" number, do they get notified every single time you get an access code to get into an iCloud setting or whatever?

    For whatever reason, every single time -- for example -- that I open iCloud.com in a browser I'm prompted for a code from a trusted device... even though I've checked "remember me" over and over.
     
  16. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #16
    Use a relatives number or trusted friend.
     
  17. timborama macrumors 6502

    timborama

    Joined:
    Oct 12, 2011
    #17
    I trust no one, especially Apple. :cool:
     
  18. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #18
    If you didn't trust Apple, you wouldn't be using their product(s). If you want to make it hard for yourself, you can, even though it doesn't need to be.
     
  19. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #19
    No it defaults to the main iCloud account. You would need to manually tell it to use one of the other numbers for the other person to get the code.
     
  20. fairuz macrumors 68000

    fairuz

    Joined:
    Aug 27, 2017
    Location:
    Silicon Valley
    #20
    Should be required, not just for security reasons but also for simplicity. I hate how there are multiple different tiers of authentication.
     
  21. lederermc macrumors 6502

    lederermc

    Joined:
    Sep 30, 2014
    Location:
    Seattle
    #21
    You internet provider probably has a private route to London before actually connecting you to the Internet. My location shows up about 20 miles south of where I actually live (Seattle, USA). BTW: I lived in Aberdeen a long time ago and loved it.
     
  22. timmyh Contributing Editor

    timmyh

    Joined:
    Mar 18, 2016
    Location:
    Liverpool, UK
    #22
    Do you run a VPN? As lederermc says, some networks re-route all traffic to a centralized server, which can show up as the approximate location.
     
  23. fairuz macrumors 68000

    fairuz

    Joined:
    Aug 27, 2017
    Location:
    Silicon Valley
    #23
    You could check your IP address on one of those IP address geolocation sites and see if that's what you get. I think IP address is the only thing that login attempt locator is based on.
     
  24. Eric5273 macrumors 6502a

    Joined:
    Apr 12, 2009
    Location:
    New Jersey
    #24
    I have a question:

    I have two-factor authentication turned on and I own 2 apple devices, my iPhone and iPad Pro. Let’s suppose for some reason both devices were to get destroyed at the same time, for example in a house fire. What happens then?

    Obviously I would still own the same phone number, and I could get a replacement phone, but how would I sign that new replacement iPhone into iCloud? Would Apple send the authentication code by regular text message to my new phone? (Because obviously without being signed into iCloud, I would not receive the authentication code in the normal push notification way)
     
  25. ke-iron macrumors 65816

    Joined:
    Aug 14, 2014
    #25
    How does 2FA work if you only have one Apple device?
     

Share This Page