How to Set Up Two-Factor Authentication for Multiple Apple IDs on One Device

[MacRumors]

As of February 27, 2019, Apple is requiring that all Developer accounts with an Account Holder role be secured with two-factor authentication in order to ensure that only the account owner is able to sign into the account.

Two-factor authentication involves a pop-up code being generated on trusted devices linked to an Apple ID any time a login attempt is made unless you've logged with that same browser within the past 30 days and selected the option to trust it. That verification code from the trusted device must then be entered for the login to be approved.

The requirement has caused some confusion among developers who have multiple Apple IDs, particularly those who use a dedicated Apple ID for their Developer account that is separate from their primary iCloud account used on their devices.

Apple has posted a developer support document that outlines a few ways to enable two-factor authentication on a non-primary Apple ID, but Apple's suggestion for iOS involves signing out of your primary iCloud account. That can be a hassle as your phone unsyncs and tries to delete content associated with that account, so it's better to use other methods if you can.

Turning on two-factor authentication for an alternate Apple ID and getting it to work properly with trusted iOS devices without signing out of your primary Apple ID requires a few steps, but once they're done the feature should work seamlessly.

Activating Two-Factor Authentication on an Alternate Apple ID

For this portion of the process, you'll need access to a Mac where you have permissions to create new user accounts.

1. Open System Preferences and click on Users & Groups.
2. Click the lock at the bottom left corner and enter your administrator password to allow changes.
3. At the bottom of the user list on the left, click the + button and set up a new Standard user account, entering a name, account name, and password and clicking on "Create User."
   
   
   If you have fast user switching activated, click on your name or icon near the right side of the menu bar, and choose the new user account you just set up. If fast user switching is not active, you'll need to either turn it on in the Login Options section of Users & Groups in System Preferences or completely log out of your current account and then choose the new account.
   
   
   Enter the password to log into the new account, and skip through the setup steps as quickly as possible, unchecking options or selecting "set up later" for various features whenever possible.
4. Once the user account is configured and you've reached the Mac desktop, head to System Preferences and click on iCloud.
   
   
   Sign in with the Apple ID you want to activate two-factor authentication for. Once you've entered the password, the system will ask if you want to set up two-factor authentication. Select Continue.
   
   
   Enter a phone number where you can receive a text message or phone call to verify your identity.
   
   
   When you receive a verification code at that number, enter it on your Mac and finish the setup steps, unchecking all options. Two-factor authentication is now up and running on your Mac for your desired Apple ID. Keep this user account open on your Mac for the next step unless you want to use a text message verification code to the phone number you entered as a fallback.

Setting Up an iPhone or iPad as a Trusted Device

You don't want to leave this unneeded user account up and running on your Mac as the only method for approving logins that doesn't require a text message, so you'll want to set up an iPhone or iPad as a trusted device for this Apple ID.

1. Open the Settings app on your iOS device and tap on Passwords & Accounts
   
   
   Tap on Add Account and choose iCloud, then enter the Apple ID and password for the account you just set up two-factor authentication for on your Mac. You'll be prompted for verification, which should pop up on your Mac where you can allow the login and view the verification code to enter on your iOS device. (If you already logged out of or deleted the Mac user account, you can choose the "Didn't get a verification code" option and select "Text Me" to receive a code via SMS.)
   
   
   Once you're authenticated, the Apple ID login will finish and you'll be offered a list of iCloud features including Mail, Contacts, Calendars, and Reminders on your iOS device. Turn all of these toggles off and tap Save.
   
   
   Your Developer Apple ID account is now logged in on your iOS device and it can receive verification requests whenever you try to log into that Apple ID. It will show as "Inactive" in the account list on your device because all of the iCloud features of the account have been toggled off.

The final step of the process is to clean up the Mac you used to turn on two-factor authentication. Log out of the account on the Mac, switch to an account with administrator privileges, head back to the Users & Groups section of System Preferences, click on the lock to allow changes, highlight the temporary account you agreed, and hit the minus button. Choose to delete the account entirely rather than archiving it, and you're done.

If you'd like to also be able to approve logins and generate verification codes from your Mac, you can log into the alternate ID from your main Mac account. The steps are similar to the ones for setting up an iPhone or iPad as a trusted device for a secondary Apple ID: Go to System Preferences > Internet Accounts, and add your developer Apple ID as another iCloud account. Don't forget to uncheck all of the iCloud services to make it inactive so that it's only used for approving two-factor requests on that account.

Article Link: How to Set Up Two-Factor Authentication for Multiple Apple IDs on One Device

 

[bbeagle]

Thanks! Helped me out!

 

[drmrboy18]

No need to set up an entirely new user on the Mac. Just go to System Preferences > Internet Accounts and click the iCloud option on the top. Even if you already have another iCloud account as your primary (in the iCloud Pref pane), you can still add other iCloud accounts for syncing contacts, etc... *and* getting 2FA prompts.

 

[airdrummingfool]

EDIT: I was mistaken. I mixed up Two-Factor Authentication and Two-Step Verification.

I added a second iCloud account to my iPhone, but I'm not getting 2FA prompts on it. According to Apple, a device can't be a "Trusted Device" unless it has Find My iPhone enabled on it, and you can't enable Find My iPhone on a secondary iCloud account.

This appears to also be an issue with adding a second iCloud account to macOS.

 

[dempson]

I added a second iCloud account to my iPhone, but I'm not getting 2FA prompts on it. According to Apple, a device can't be a "Trusted Device" unless it has Find My iPhone enabled on it

I can't see any such requirement mentioned on the page describing two-factor authentication. The only mention of Find my iPhone there is a suggestion that you might want to use it find or erase the device before removing it as a trusted device. It also disagrees with my experience using 2FA.

The older two-step verification method could deliver verification codes via Find my iPhone if your iOS device was signed in to that service, but it also supported SMS so Find my iPhone was not a requirement.

and you can't enable Find My iPhone on a secondary iCloud account. This appears to also be an issue with adding a second iCloud account to macOS.

My Mac is not signed into Find my Mac and I am able to get 2FA prompts for both Apple IDs (thanks to drmrboy18 for the earlier comment which reminded me to set up the second iCloud account on my Mac). I've had my iPhone set up with two iCloud accounts for more than a year (with Find my iPhone enabled for the primary account) and 2FA has been working fine for both Apple IDs.

If you aren't receiving 2FA prompts on your Mac or iOS device it might be because its OS is too old. 2FA trusted devices must be running iOS 9 or OS X 10.11 or later (see the full list in the FAQ on Apple's page for 2FA).

 

[WildCowboy]

No need to set up an entirely new user on the Mac. Just go to System Preferences > Internet Accounts and click the iCloud option on the top. Even if you already have another iCloud account as your primary (in the iCloud Pref pane), you can still add other iCloud accounts for syncing contacts, etc... *and* getting 2FA prompts.

How do you turn on 2FA on the secondary account in this scenario? When you log into it through Internet Accounts, there's no way to bring up the option to turn on 2FA.

As far as I know (and as described in Apple's instructions), it must be logged in as a primary iCloud account in order to access the option to turn on 2FA. That's why you have to either log out of your main iCloud account on iOS or set up a new user on Mac.

 

[dempson]

How do you turn on 2FA on the secondary account in this scenario? When you log into it through Internet Accounts, there's no way to bring up the option to turn on 2FA.

As far as I know (and as described in Apple's instructions), it must be logged in as a primary iCloud account in order to access the option to turn on 2FA. That's why you have to either log out of your main iCloud account on iOS or set up a new user on Mac.

When I initially set up 2FA for my second Apple ID, I used a spare iOS device and set up my second Apple ID as its primary iCloud account. Once 2FA was working, I was able to add my main iPhone and Mac as trusted devices via secondary iCloud accounts.

If you only have a Mac and no spare iOS devices, then to do the initial 2FA setup you can follow the article's instructions with a second Mac user account, but also add your second Apple ID as a second iCloud account in your main Mac user account so you can use the main user account on the Mac to authenticate. Once that is working you can delete the second Mac user account.

 

[TriBruin]

Here is an article that explains the process much better

https://scriptingosx.com/2019/02/apple-two-factor-authentication-for-a-secondary-apple-id/

I have set up both my work laptop and my iPhone to have both my personal and work AppleIDs successfully.

 

[airdrummingfool]

I can't see any such requirement mentioned on the page describing two-factor authentication. The only mention of Find my iPhone there is a suggestion that you might want to use it find or erase the device before removing it as a trusted device. It also disagrees with my experience using 2FA.

The older two-step verification method could deliver verification codes via Find my iPhone if your iOS device was signed in to that service, but it also supported SMS so Find my iPhone was not a requirement.

My Mac is not signed into Find my Mac and I am able to get 2FA prompts for both Apple IDs (thanks to drmrboy18 for the earlier comment which reminded me to set up the second iCloud account on my Mac). I've had my iPhone set up with two iCloud accounts for more than a year (with Find my iPhone enabled for the primary account) and 2FA has been working fine for both Apple IDs.

If you aren't receiving 2FA prompts on your Mac or iOS device it might be because its OS is too old. 2FA trusted devices must be running iOS 9 or OS X 10.11 or later (see the full list in the FAQ on Apple's page for 2FA).

Thanks for your reply. I went and double-checked, and it looks like I somehow enabled "Two step verification" instead of "Two factor authentication". All of my devices are completely up-to-date, but I think I started the setup flow from the Apple ID webpage (oops), which may only support 2SV.

Time to try it again! Thanks for verifying that 2FA is working on your setup.

EDIT: Update: Once I used the account to sign in as primary on a device, my 2SV was automatically updated to 2FA. All devices that are signed into the iCloud account (whether primary or additional) now receive 2FA prompts.

 

[WildCowboy]

When I initially set up 2FA for my second Apple ID, I used a spare iOS device and set up my second Apple ID as its primary iCloud account. Once 2FA was working, I was able to add my main iPhone and Mac as trusted devices via secondary iCloud accounts.

If you only have a Mac and no spare iOS devices, then to do the initial 2FA setup you can follow the article's instructions with a second Mac user account, but also add your second Apple ID as a second iCloud account in your main Mac user account so you can use the main user account on the Mac to authenticate. Once that is working you can delete the second Mac user account.

Yep, that's the sticking point...the initial setup requires that you sign in as a primary account, so you need either an iOS device that isn't tied to your main Apple ID (or you don't mind logging out of) or a Mac where you can create a new user without disruption your current iCloud status.

I emphasized getting an iPhone set up for verification since that tends to be the most useful device as you always have it with you, but yes, it's also a good idea to log into the developer Apple ID as a secondary iCloud account on your Mac if you want to have the ability to get verification codes there as well. I'll add a note about that.

 

[digiphantom]

Will this work for my scenario where I use a separate Apple ID for the App Store and icloud? My App Store account isn't 2FA and I've been wanting to enable it.

 

[341328]

Thanks! Just what I was about to research.
[doublepost=1550742823][/doublepost]Does apple link the profiles together for data gathering?

 

[cocoua]

Two factor verification is SO ANNOYING APPLE
I hate it with all my strenght!!

Cant believe now I’m forced to have 2 acocints and to maje all this annoying steps, I’m the only one who can enter in my develop account WHY you change this??

Very disapointed

 

[dannys1]

Will this work for my scenario where I use a separate Apple ID for the App Store and icloud? My App Store account isn't 2FA and I've been wanting to enable it.

Yes

 

[sparkso]

This is such a pain. Absolutely no point at all.