How to Use Two Factor Authentication on iPhone

Mobile banking with two step authentication
Rostislav_Sedlacek/iStock

Two-factor authentication enhances the security of online accounts by requiring more than one piece of information in order to access them.

What Is Two-Factor Authentication?

With so much personal, financial, and medical information stored in our online accounts, keeping them secure is a must. But since we constantly hear stories of accounts whose passwords have been stolen, you may be wondering how secure any account really is.

That's a question you can answer confidently by adding additional security to your accounts. One simple, powerful method of doing this is called two-factor authentication.

In this case, "factor" means a piece of information that only you have. For most online accounts, all you need to log in is one factor—your password. This makes it pretty simple and quick to access your account, but it also means that anyone who has your password—or can guess it—can access your account, too.

Two-factor authentication requires you to have two pieces of information to get into an account. The first factor is almost always a password; the second factor is often a PIN. 

Why You Should Use Two-Factor Authentication

You probably don't need two-factor authentication on all of your accounts, but it's highly recommended for your most important accounts. This is especially true because hackers and thieves are always becoming more sophisticated.

In addition to programs that can auto-generate millions of password guesses, hackers use email phishing, social engineering, password-reset tricks, and other techniques to gain fraudulent access to accounts. 

Two-factor authentication isn't perfect. A determined and skilled hacker can still break into accounts protected by two-factor authentication, but it's much harder.

It's particularly effective when the second factor is randomly generated, like a PIN. This is how the two-factor authentication systems used by Google and Apple work. A PIN randomly generated upon request, used, and then discarded. Because it's randomly generated and used once, it's even tougher to crack.

Bottom line: Any account with important personal or financial data that can be secured with two-factor authentication should be. Unless you're a particularly high-value target, hackers are more likely to move on to less-well-protected accounts than bother trying to crack yours.

Setting up Two-Factor Authentication on Your Apple ID

Your Apple ID is perhaps the most important account on your iPhone. Not only does it contain personal information and credit card data, but a hacker with control of your Apple ID could access your email, contacts, calendars, photos, text messages, and more. 

When you secure your Apple ID with two-factor authentication, your Apple ID can only be accessed from devices that you have designated as "trusted." This means that a hacker won't be able to access your account unless they also are using your iPhone, iPad, iPod touch, or Mac. That's pretty secure.

Follow these steps to enable this extra layer of security:

  1. On your iPhone, tap the Settings app.
  2. If you're running iOS 10.3 or higher, tap your name at the top of the screen and skip to Step 4.
  3. If you're running iOS 10.2 or earlier, tap iCloud -> Apple ID.
  4. Tap Password & Security.
  5. Tap Turn on Two-Factor Authentication.
  6. Tap Continue.
  7. Choose a trusted phone number. This is where Apple will text your two-factor authentication code during set up and in the future.
  8. Chose to either get a text message or phone call with the code.
  9. Tap Next.
  10. Enter the 6-digit code.
  11. Once Apple's servers have verified that the code is correct, two-factor authentication is enabled for your Apple ID.

    NOTE: A hacker needing your device makes this more secure, but they could steal your iPhone. Be sure to secure your iPhone with a passcode (and, ideally, Touch ID) to prevent a thief from accessing your phone itself.

    Using Two-Factor Authentication on Your Apple ID

    With your account secured, you won't need to enter the second factor on the same device again unless you completely sign out or erase the device. You'll only need to enter it if you want to access your Apple ID from a new, non-trusted device.

    Let's say you want to access your Apple ID on your Mac. Here's what would happen:

    1. A window pops up on your iPhone alerting you that someone is trying to sign into your Apple ID. The window includes your Apple ID, what kind of device is being used, and where the person is located. 
    2. If this isn't you, or seems suspicious, tap Don't Allow.
    3. If that's you, tap Allow.
    4. A 6-digit code appears on your iPhone (it's different than the one created when setting up two-factor authentication. As noted earlier, since it's a different code every time, it's more secure).
    5. Enter that code on your Mac.
    6. You will be granted access to your Apple ID.

    Managing Your Trusted Devices

    If you need to change the status of a device from trusted to untrusted (for instance, if you sold the device without erasing it), you can do that. Here's how:

    1. Login into your Apple ID on any trusted device.
    2. Find the list of devices associated with your Apple ID.
    3. Click or tap the device you want to remove.
    4. Click or tap Remove

    Turning Off Two-Factor Authentication on Your Apple ID

    Once you have enabled two-factor authentication on your Apple ID, you may not be able to turn it off from an iOS device or a Mac (some accounts can, some can't; it depends on the account, the software you used to create it, and more).

    You can definitely turn it off via the web. Here's how:

    1. In your web browser, go to https://appleid.apple.com/#!&page=signin.
    2. Sign in with your Apple ID.
    3. When the window pops up on your iPhone, tap Allow.
    4. Enter the 6-digit passcode in your web browser and log in.
    5. In the Security section, click Edit.
    6. Click Turn Off Two-Factor Authentication.
    7. Answer three new account security questions.

    Setting Up Two-Factor Authentication on Other Common Accounts

    Apple ID isn't the only common account on most people's iPhones that can be secured with two-factor authentication. In fact, you should consider setting it up on any accounts that contain personal, financial, or otherwise sensitive information. For many people, this would include setting up two-factor authentication on their Gmail account or adding it to their Facebook account.