Q: Enabling 2-factor authentication if already enrolled in 2-step

Agent Vanilla,

Do all your devices meet the recommended  system requirements:?

• iPhone, iPad, or iPod touch with iOS 9
• Mac with OS X El Capitan and iTunes 12.3
• Apple Watch with watchOS 2
• Windows PC with iCloud for Windows v5 and iTunes 12.3.3

If not, and or you are not in a country which allows TFA, you will not be offered to enable TFA.

If you meet the requirements, you must first turn off "Two Step Verification," before enabling TFA.

How do I turn off two-step verification?

1. Sign in to your Apple ID account page.
2. In the Security section, Click Edit.
3. Click Turn Off Two-Step Verification.
4. Create new security questions and verify your date of birth.

You'll get an email confirming that two-step verification for your Apple ID is off.

Agent Vanilla wrote:

 

... I didn't see an obvious way of choosing this higher level of protection and seemed only to be given an option for 2-step.

Also, if you cannot switch to Two Factor Authentication due to one of the reasons Ferd II described, I wouldn't be concerned. While it is newer I don't see that it offers a higher level of protection. It operates a bit differently (and I sort of prefer the way the older two-step interfaced with the user) but the protection level seems identical to me.

Agent Vanilla wrote:

What do I need to do to actually choose 2-factor over 2-step? I didn't see an obvious way of choosing this higher level of protection and seemed only to be given an option for 2-step.

No need to chose one over the other.  In addition to what the two fellas above said, I personally have left mine on 2-step and I'm happy with it.

Agent Vanilla wrote:

 

Hi Ferd II,

 

From that link to the announcement about the two-factor authentication launch, the article said only *one* device needs to be on iOS9 or OS X El Capitan.  I quote the following.... :

 

 

Turn on two-factor authentication for your Apple ID

Two-factor authentication is currently available to all iCloud users with at least one device that's using iOS 9 or OS X El Capitan or later. Learn more.

You can follow the steps below to turn on two-factor authentication.

 

 

At the moment, I have an iPhone5 on iO9.3.1 and an iPad on iOS 9.3.1. The only device that isn't compatible is a MacBook Pro that's OS X Yosemite 10.10.5. Are you certain that *ALL* devices have to be compatible? Or is the announcement from Apple technically incorrect? I live in the United States.

The following quotes are from: Two-factor authentication for Apple ID - Apple Support

1. "For the best experience, you should make sure you meet the system requirements below on all the devices you use with your Apple ID:"

2. "If you use two-factor authentication with devices running older OS versions, you might be asked to add your six-digit verification code to the end of your password when signing in. Get your verification code from a trusted device running iOS 9 or OS X El Capitan, or have it sent to your trusted phone number. Then type your password followed by the six-digit verification code directly into the password field."

Also, as stated by FoxFifth, and zinacef, both methods will provide you with an increased level of ID protection, and to a certain extent it is a matter of personal preference.

If you choose to continue using the "two-step verification," just follow the advice about your Recovery Key:

"Keep your Recovery Key in a secure place in your home, office, or other location. You should consider printing more than one copy, so that you can keep your key in more than one place. Your key will be easier to find if you ever need it, and you'll have a spare copy if one is ever lost or destroyed. You shouldn't store your Recovery Key on your device or computer, because that could give an unauthorized user instant access to your key.

If you ever need a new Recovery Key, you can create one from your Apple ID account page. Just sign in with your password and trusted device, go to the Security section and click Edit, then click Replace Lost Key."

After you create a new key, your old Recovery Key won't work."