Stay safe with Two Factor Authentication for your Apple ID

Overview

Two-factor authentication is an extra layer of security for your Apple ID designed to ensure that you're the only person who can access your account, even if someone knows your password. In everyday use 2FA should be mostly transparent; it will only be required if you log in to your Apple ID with a new device (iPhone, iPad or computer), new browser, or if you log in to your Apple ID account at https://appleid.apple.com, so it is normally a very minor inconvenience to add robust security to your account.

Also note that if you don’t have 2 factor authentication and you forget your Apple ID password it will be very difficult, and possibly impossible, to reset the password. With 2 factor on your account it is straightforward to reset your password.

How it works

This link has a detailed description of how two factor authentication works and how to use it→Two-factor authentication for Apple ID - Apple Support. I won’t repeat what it says, but I encourage you to read and understand it. Some important points about Two Factor Authentication:

• Once you enable Two Factor Authentication you can’t cancel it, except, in some countries, in the 2 weeks after you enable it.
• If you don’t have Two Factor Authentication some features of your Apple device will be disabled for security reasons.
• Once enabled you are responsible for your account security. Apple support staff cannot bypass it if you forget your Apple ID, password, or lose all of your devices that can receive your authorization codes.

This last point is really critical. It means that you would be prudent to authorize multiple ways to receive authorization codes so you still have access to your account if your iPhone is disabled, lost stolen, or sent in for repair. If you have 2 factor authentication enabled and don’t have any way to receive an authorization code on either your primary device or any other trusted devices that you set up, or you forgot your Apple ID password, there are only 2 ways to access your Apple ID accounts, Account Recovery→How to use account recovery when you can’t reset your Apple ID password - Apple Support or using a Recovery Key→How to generate a recovery key - Apple Support

These are mutually exclusive: If you create a Recovery Key you cannot use Account Recovery, so that’s an important consideration if you switch to using a Recovery Key, as having a Recovery Key makes you totally responsible for your account’s security; Apple can no longer help you recover your account. So if you decide on switching to a Recovery Key print out multiple copies of it and put then in a secure place (you might even consider a tattoo 😏). But Account Recovery has its downsides, also; it takes a long time, up to a month, to recover your account using the automated Account Recovery process.

Best Practices

The best solution is to make sure you can always use 2 factor authentication by creating additional Trusted Devices and Trusted Phone Numbers. Then you will never need to use either Account Recovery or a Recovery Key. All Apple devices (iPhones, iPads, iPods, Macs) that are logged in to your Apple ID are trusted devices. You can add trusted phone numbers by logging in to https://appleid.apple.com and editing security settings. Most people have access to more than one phone; a landline/VOIP home phone, a significant other’s, sibling’s, parent’s, offspring’s, friend's mobile/home phone, and any of these can be used as long as you can reach them. Another option is to create a free Google Voice number, or paid Skype phone number. I use a combination of my wife’s home, mobile and Google Voice numbers in addition to my home, mobile and Google Voice numbers. I have a total of 6 trusted numbers and 3 trusted devices.

To use any, when you are prompted for an auth code and you don’t have the primary device tap on the link for didn’t receive the code and you can select an alternate trusted number, which will also allow your recovery key if you created one.

Thanks to Chattanoogan for suggesting this tip!