Updated April 2017: As part of iOS 10.3, Set Up Assistant, the wizard that walks you through signing in on a new or newly updated iPhone or iPad, will now prompt you to enable 2-factor authentication if you haven't already. Do it.

Apple originally implemented two-step verification but now two-factor authentication (2FA) is where it's at. The terms are contentious in the security community — some don't consider an out-of-band token to be sufficient as a second factor — but the bottom line is this: If you want something more than just your password to protect your Apple ID, which is used for iCloud, iTunes, and App Store, then you want 2-factor turned on.

That way, if you used the same password on another service that got hacked, or you fell for a phishing scam, or your credentials got compromised in any way, your account still has some level of protection.

It's like adding a number pad to the lock on your home. Even if someone gets the key, the code can still help keep them out.

I'm already running two-step verification, how do I switch to two-factor?

If you're still using the old two-step verification, you need to turn it off before you can turn on the new two-factor authentication. You can do this on the web:

  1. Go to appleid.apple.com/
  2. Enter your Apple ID and password to login.
  3. Click on Edit to the far right of Security.
  4. Click on Turn off two-step verification.

How do I turn on two-factor authentication?

With iOS 10, Apple will now let you set up two-factor authentication on your iPhone or iPad regardless of whether or not you have older devices that aren't compatible. You'll simply be advised about their lack of compatibility during setup, and you'll need to add a 6-digit verification code to the end of your password to authenticate on any of those devices going forward. (Or simply update those devices to the latest version of macOS and iOS, if possible.)

  1. Launch Settings from your Home screen.
  2. Tap on iCloud.
  3. Tap on your account at the top.
  4. Tap on Password & Security.

  5. Tap on Set Up Two-Factor Authentication.
  6. Tap on Continue.
  7. Tap on Turn On Anyway if you're warned about compatibility.

  8. Make sure your phone number is correct.
  9. Choose between text message and phone call for verification.
  10. Tap Next at the top right.
  11. Enter your Passcode.
  12. Tap Continue when informed that your Passcode will replace your iCloud Security Code. (It currently tells you this even if your Passcode has already replaced your iCloud Security Code so, if that happens, just continue anyway.)

How do I get two-factor authentication codes?

When you need to sign into iCloud.com on a new browser, or onto another iPhone, iPad, or Mac, you'll need your two-factor authentication code. There are a couple of ways to get it.

First, a push notification will show up on an already-logged-in device telling you someone is trying to sign into your account and showing you, on a map, where the sign-in attempt is coming from. If it's you:

  1. Tap Continue
  2. Enter the code to sign in.

You can also generate a code at any time:

  1. Launch Settings from your Home screen.
  2. Tap on iCloud.
  3. Tap on your account at the top.
  4. Tap on Password & Security.

  5. Tap on Get Verification Code
  6. Enter the code to sign in.

Any two-factor questions?

If you have any issues with 2FA, or any other questions, drop them in the comments below!

iOS

Main