Enabling two-factor authentication
Two-factor authentication is an extra layer of security for your Apple ID. It means unauthorised people won't be able access your iTunes and iCloud data, even if they know your password.
This is done by sending a special six digit code to your phone or registered device, the first time you sign in to a new iPhone, iPad or iPhone.
In this guide, we'll explore how to make sure your iOS device is compatible and set up two-factor authentication. We will also show you how to make it work with non-Apple phones and older Apple devices.
1. Check compatibility
With two-factor authentication, your account can only be accessed from devices you trust such as your iPhone or iPad. To set this up for the first time, your device must be running at least iOS 9.
Make sure to back up your device using iTunes or iCloud before running the update, so you can revert back if anything goes wrong.
2. Disable two-step verification
Two-factor authentication is a new service built directly into iOS, macOS, tvOS, watchOS, and Apple’s web sites. It replaces Apple's older Two Step Verification (https://support.apple.com/en-us/HT204152) method which is generally considered to be less secure.
If you're already using Two Step Verification, then you must disable it in order to use Two Factor Authentication. Head over to http://appleid.apple.com and sign in with your Apple ID. You may be asked to confirm your sign in using the old verification method. In the Security Section, check to see if the section "Two Step Verification" is "On". If so, click "Edit", then "Turn Off Two Step Verification".
3. Turn on two-factor authentication
On your iOS device, go to Settings > iCloud. Check carefully that the Apple ID listed is the one you wish to use on all your devices. If not choose 'Sign Out' at the bottom of the screen and sign in with the correct one.
When you're ready click on your name and Apple ID at the top of the screen, then 'Password and Security'. Two-factor authentication should be listed as 'Off'. Touch 'Turn on Two Factor Authentication' to begin adding the extra layer of security to your Apple ID. The 'Apple ID Security' screen will appear. Click 'Continue' .
4. Set up your Trusted Phone Number
Your device will next ask you to set up a Trusted Phone Number to be able to verify your identity. Enter your cellphone number here to receive security codes via SMS. If you're using an iPhone, you can use its number but remember if you lose it you'll have no trusted device or number.
Fortunately, you can have multiple trusted numbers. Apple can also send codes via voice or text, so consider using a fixed line number as well as your cellphone, as this is less likely to change. Click 'Next' at the top right when you're done.
5. Enter Verification Code
Apple's systems will send you an SMS or call you with the verification code. Enter this to finalise setup of your Trusted Phone number and enable Two Factor Authentication. From now on when signing into a new device, Apple will send a code to all your trusted devices via the internet but you'll also have the option to receive an SMS if you prefer.
Take this opportunity to sign in with your Apple ID to your other devices if necessary, so you can see how the procedure works. The code should appear on the screen of the device you just set up.
6. Generate Verification code for older devices
Older devices such as the Apple TV (3rd Generation) don't have a screen for entering two-factor authentication codes. If you were already signed in with your Apple ID to these devices, you should remain connected.
Otherwise, on your iOS device head to Settings > iCloud, then click on your Apple ID. Next, touch 'Password and Security' then 'Get Verification Code' at the bottom of the screen.
Add the six digit code to your Apple ID password when signing in. For instance if your Apple ID password is "Lollipops01" and the Verification code is "676309" you would enter "Lollipops01676309".
7. Generate app-specific passwords
Certain software programs that connect to your Apple ID such as iMessage and Facetime on a Mac will need an app-specific password to be able to log in.
Head over to http://appleid.apple.com and sign in with your Apple ID. Go to the Security section and click the link "Generate Password" under the words "App-Specific Password". You'll be asked to give this password a label e.g. Facetime. Then it will appear. Make sure to write this down as it won't appear again.
Use this as your Apple ID password when signing in via the app in question.
8. Fixing two-factor authentication problems
Should you stop using an app or want to be extra safe, click 'Edit' in the 'Security' section of your Apple ID account, then on 'Edit' besides 'App-Specific Passwords' to revoke one or all of these.
If you don't have access to a trusted device when signing in, click 'Didn't Get Verification code' then 'Text Me' to send the code to your trusted number.
If you have forgotten your password and/or have no access to your trusted devices, follow the Account Recovery procedures on Apple's website. Head to iforgot.apple.com to check the status of your account recovery request.