Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

How to implement Apple's two-factor authentication for security on Mac, iPhone, or iPad

Last updated

Given the news about the cost of a pilfered iCloud account, it seems only prudent for users to take precautions. A good safety measure is two-factor authentication — AppleInsider shows you how to turn it on from your Mac or your iPhone.

Two-factor authentication does not replace your iCloud password in any way. Rather, it provides a second layer of confirmation that you are who you are, and that an attempt made to log in to your account is spotted by you prior to allowing access.

When a new device attempts to log into an iCloud account, a six-digit verification code is sent to authorized devices. Plus, the general location of the device is shown on a map — so if you're in Boston, Mass., and a login attempt comes from Australia, you know there's a problem.

Two-factor authentication requires devices on iOS 9 or newer, and macOS El Capitan 10.11 or Sierra 10.12.

On your Mac:

  • In System Preferences, open up iCloud
  • Select Account Details
  • Click Security
  • Click Turn on Two-Factor Authentication

Or on an iOS device:

  • Open Settings
  • Tap on your iCloud account
  • Tap on Password and Security
  • Tap Turn on Two-Factor Authentication

What next?

In either case, you can add trusted devices by signing into iCloud from the device or browser. It will then pop up the dialog box we mentioned in the beginning of the procedure.

To add a device, hit Allow. The device that you've accepted the login request from will then dole out a six-digit code — enter that in the dialog box on the device you're trying to log in from, and click Done.

The device will continue to be trusted until you erase the SSD on the Mac, or format the iPhone or iPad factory-fresh.



32 Comments

blastdoor 15 Years · 3594 comments

I currently use my iCloud id/password to login to my Macs. I feel like I read somewhere that you can't do that if you turn on 2FA. Is that true? What happens if you turn on 2FA when already using iCloud id to log-in to Macs?

melgross 20 Years · 33622 comments

The problem is that it doesn't always work properly. As shown in the article, a message box to enter the code pops up on the device you want to use for the two factor. The other day, I decided to move my iPad Pro 12.9" to two factor. I went through the first steps. After a short while, my phone popped up a notification giving me a code, telling me to type that in. But my iPad showed no window to type it. Then a while later, Apple sent another code, but still, no window to type in. So, still no two factor for my iPad.

Mike Wuerthele 8 Years · 6906 comments

melgross said:
The problem is that it doesn't always work properly. As shown in the article, a message box to enter the code pops up on the device you want to use for the two factor. The other day, I decided to move my iPad Pro 12.9" to two factor. I went through the first steps. After a short while, my phone popped up a notification giving me a code, telling me to type that in. But my iPad showed no window to type it. Then a while later, Apple sent another code, but still, no window to type in. So, still no two factor for my iPad.

This is generally resolved by a hard reboot of the iPad, and in some extreme cases a restore from backup.

baconstang 10 Years · 1160 comments

Recently I've received two phishing attempts by email.   They informed me that my AppleID had been used in Australia or France, and that I needed to change my password to "unlock" my account.  They even gave me a link with which to do it.  How nice of them.
It looked pretty close to what you get from Apple when you add a device to iCloud.

spice-boy 8 Years · 1450 comments

This is a nightmare in my case. I have a very old email address from (drum roll) iTools days. It is my first name with no numbers or anything else, not the most common name either but it only brings me grief now. Since Apple forced people to get an iCloud account my account is locked down daily, a record 4 times on one day recently by people trying to log into my account, thinking it was theirs because they apparently have no memory for such technical things. I have been on phone with Apple several times trying to figure out a way to prevent this or to disable my .me and .icould username to prevent unwanted email from those accounts. If I need to have 2 devices handy each time my iCould account gets lock for (security reasons) it would drive me nuts. No thanks Apple.