(Credit: Bob Al-Greene)
The next time you use your Apple ID to buy something from the App Store or sign into your account, think what would happen if the wrong person snagged your password. That's a scary scenario, but you can secure your Apple account with multi-factor authentication, also known as two-factor authentication (or 2FA).
Launched back in 2015 with iOS 9 as an upgrade to two-step verification, 2FA traditionally requires you to sign into your Apple account using your password and a six-digit numeric verification code generated on the fly. You receive your verification code via text message or phone call on an authenticated mobile device.
With the jump to iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2 in 2023, Apple also lets you use a physical security key as your authentication method in place of a numeric code.
Whether you use the verification code or security key, the process creates a trusted relationship between an Apple device and your Apple ID. Even if your password is compromised, anyone who tries to access your account would be unable to sign in without the authorization code or your physical security key.
Before you set this up, be warned that there is no way to disable 2FA once it's turned on. However, the security benefits far outweigh any inconvenience involved in verifying your account. Now, let's go through the steps.
How to Enable a 2FA Verification Code
If you want to set up the 2FA verification code, go to Settings on an iPhone or iPad and tap your name at the top of the screen. If you haven't yet set up 2FA, you will likely get a nudge from Apple reminding you to do so.
Tap Apple ID Suggestions and you should see Turn On Two-Factor Authentication. Tap Turn On, then Continue to begin the setup process.
If you don't have a nudge from Apple under Apple ID Suggestions, you can instead open Settings > Password & Security, then tap the Turn on Two-Factor Authentication link. Whether you went through the Apple ID Suggestions screen or the Password & Security screen, tap Continue on the Verification Required message.
Answer your security questions, then add a phone number that can be used to identify your account (if you haven't already done so). You can then choose whether you want to be verified via text message or phone call. Enter the verification code sent to your phone, then enter your Apple account password and sign in.
To confirm that 2FA has been enabled, go back to your name at the top of the Settings screen. Tap Password & Security, and the Two-Factor Authentication option should be set to On, with your trusted phone number listed.
Now, let's try setting up the verification code on a Mac. You can enable and set up 2FA this way as long as your Mac is running OS X El Capitan or later. Open System Settings > Apple ID > Password & Security and enable Two-Factor Authentication.
Click Continue, then answer your security questions and enter a phone number that can be used to identify your account if you haven't already done so. Choose text message or phone call as your verification method, then click Continue.
Enter the verification code you receive, then click Continue. Two-factor authentication should now be enabled with the Security screen showing that it is turned on.
Now when you open to a page that requires your Apple ID, you will need to use verification code authentication to sign in on your device. As a test, you can open to your Apple ID account page and enter your email and password.
Your device will flash a message telling you that your Apple ID is being used to sign into a new device. (Don't worry if the location isn't near you; it's determined more by IP address and network factors than physical location).
Click Allow, and a six-digit numerical verification code will pop up. Enter that code into the appropriate field to sign in and use your account
How to Enable 2FA Security Key
Now, if you want to use a physical security key, you need at least two FIDO-certified security keys that work with your devices. Apple suggests three models—YubiKey 5C NFC, YubiKey 5Ci, and Feitian ePass K9 NFC USB-A—but there are other supported keys.
You must also update to iOS 16.3 on your iPhone or iPadOS 16.3 on your iPad. Further, two-factor authentication must already be set up for your Apple ID. Set up this feature under Settings, select your name, and then choose Password & Security > Add Security Keys.
At the next screen, tap the Add Security Keys button to see a message explaining why you need two security keys to use this feature. Tap Continue, then enter the passcode you use to log into your device and tap Done.
Next, add your first security key. If the key uses a Lightning or USB-C connection, plug it directly into your device. If the key uses NFC, then place it near your device. As the key lights up, press your finger on the key’s fingerprint scanner to authenticate it.
Enter a PIN to secure the key, then give the key a unique name. Tap Next, then do the same thing for your second key.
You can then review the active devices linked to your Apple account. Select any device that you no longer want to have access. You’re then told that your security keys have been added. Return to the Security Keys settings screen to view the two keys you set up.
If you ever want to remove the keys from your iPhone or iPad, go to Settings > Apple ID > Password & Security > Security Keys. Tap the Remove All Keys option, then select Remove to confirm your action. Tap Remove to confirm your action. Enter your passcode, then tap Done.
To set up the physical keys on a Mac, make sure it’s running macOS Ventura 13.2 or higher. Open System Settings, click your Apple ID, then select Password & Security and click the Add button next to Security Keys. At the next screen, click the Add Security Keys button to view a screen that explains why two security keys are needed.
Click Continue, then type the password for the login account on your Mac. Insert the first security key and click Continue. Press the fingerprint sensor on the key, then give the key a unique name and click Continue. Remove the first key and do the same for the second key.
You can then review your active devices and remove any that you no longer wish to grant access to your Apple account. A message confirms that your security keys have been added. Click Done.
To remove the keys from your Mac, return to the Security Keys option on the Password & Security page and click the Edit button. Click the Remove All Keys to disconnect both keys from your account. Confirm your action and enter your Mac password to proceed.
Now when you try to sign in to a page like your Apple ID account page, you should get a notification on your mobile device and Mac telling you that your Apple ID is being used to sign into your account. Select OK and Continue.
You must then use one of your security keys to authenticate your identity. Only once the key has been used to authenticate can you log in and use your account.
How to Change a Trusted Phone Number
You can't turn off two-factor authentication, but you can add or replace a phone number from your mobile device or through your online Apple ID page. On your device, go to System Settings > Apple ID > Password & Security. Tap the Edit link next to Trusted Phone Number.
To add a new number, tap the Add a Trusted Phone Number link. Enter the new number, then choose Text Message or Phone Call as the verification method and tap Send. Enter the verification code that you received at the new number.
To remove the original number, tap Edit next to Trusted Phone Numbers, then select the red icon for the number you want to remove. Tap Delete, then tap Remove.
You can also manage your phone number from your Apple ID account page if you sign in and select the Account Security section. Click the plus (+) icon next to Trusted Phone Number and type the new number. Choose whether you want to receive a text message or phone call, then click Continue.
Enter the verification code from your mobile device and click Continue. To remove a number while in Edit mode, click the X next to it and then click the Remove button.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
