How to protect your Apple ID account with two-factor authentication

April 14, 2019

A good way to improve the security of your Apple ID account is to take advantage of two-factor authentication. It protects web services by preventing access even to those who can discover our passwords.

Attacks on cloud services, such as the recently discovered Dropbox attack, should encourage users to take security measures to defend their accounts on the Internet. For some time now, various services (Gmail, Dropbox, Outlook/Hotmail) have been offering the possibility of activating two-factor authentication, a mechanism that adds an additional level of security, a function designed to ensure that only the user can access their account, even if someone else can locate our password.

Here are instructions on how to activate two-factor authentication for Apple ID, an account with which you can access Apple services such as App Store, Apple Music, iCloud, iMessage, FaceTime and many more.

How it works

With two-factor authentication, you can only access your account from trusted devices, such as your iPhone, iPad or Mac. When we want to log in from a new device for the first time, we will need to provide two pieces of information: the password and the six-digit verification code that is automatically displayed on “trusted” devices. By entering the code, we’ll authorize the new device.

For example, if we have an iPhone and are accessing our account for the first time from a newly purchased Mac, we will ask you to enter your password and verification code that will automatically appear on your iPhone. Because the password alone is not enough to access your account, two-factor authentication significantly improves the security of your Apple ID and all personal information stored on the Apple servers.

Once logged in, you will no longer be asked for the security code on that device, unless you completely disconnect, initialize the device, or change your password for security reasons. When we access the web, we can designate your browser as “trusted”, so you won’t be asked for a verification code the next time we access from the same computer.

Trusted devices

A trusted device is an iPhone, iPad, or iPod touch that uses iOS 9 and later, or a Mac with OS X El Capitan that we have already signed in to using two-factor authentication. It’s basically a device that Apple already knows who it belongs to and as such can be used to verify the identity of the user, displaying a verification code provided by Apple when accessed through a different device or browser.

Trusted phone numbers

A trusted phone number is a number that can be used to receive verification codes via text message or call. You must confirm at least one trusted phone number to activate the two-factor user mechanism. If possible, you should also indicate alternative phone numbers to those you can access (e.g. your home phone or a phone number used by a family member or friend we trust). If for some reason we temporarily cannot access our devices, we can use the alternative numbers.

Verification codes

A verification code is a temporary code that Apple sends to the “trusted” device or phone number when the user logs in from a new device or browser using Apple ID (do not confuse the verification code with the code to unlock your iPhone, iPad or iPod touch).

Enabling two-factor authentication

Two-factor authentication is available for iCloud users with at least one device with iOS 9 (iPhone, iPad or iPod) or Mac with OS X El Capitan or newer versions. Here’s how to proceed:

On iPhone, iPad, or iPod touch with iOS 9 or later

Go to “Settings”, select “iCloud” > and from there your Apple ID (indicated at the top of the screen). From here, just select “Password and Security” and “Two-step verification”.

On a Mac with OS X El Capitan or newer versions, just go to System Preferences, select “iCloud” and from there “Account Details”. In the “Security” section, simply activate two-factor authentication.

Items to remember

Two-factor authentication greatly increases the security of your Apple ID. Once activated, access to your account will require both your password and access to your trusted devices or trusted phone number. To ensure the highest level of account protection and to ensure that you never lose access, it is essential:

Remember your Apple ID password

  • Use a device code on all devices you have
  • Keep your trusted phone numbers up to date
  • Keep reliable devices physically safe
  • Changing trusted phone numbers

As explained, to use two-factor authentication, you must register at least one trusted phone number on which to receive verification codes. You can update trusted phone numbers by following these steps:

  • Go to your account page (this is the link) and log in using your Apple ID with your username and password
  • In the “Security” section, click on “Edit”.

To add a phone number, just click “Add another phone number…”. You will need to confirm the number with a text message or phone call and click Continue. To remove a trusted phone number, simply click the icon next to the phone number we want to remove.

Viewing Trusted Devices

You can view and manage a list of trusted devices in the “Devices” section of your Apple ID account page.

The device list displays the devices you are currently logged in with using your Apple ID. You can select a device to view its model, serial number, and other useful information, such as whether the device is trusted or not and whether it can be used to receive Apple ID verification codes.

You can also remove a trusted device from here. This means that the verification codes will no longer be displayed on your device and that access to iCloud and other Apple services on this device will be blocked until you log back in through two-factor authentication.