Apple Pushing Two-Factor Authentication: What to Do

You might see some headlines that imply Apple is abandoning two-step verification in iOS 11 and macOS High Sierra. Fortunately, that's only half-true.

What Apple is really doing it forcing people who upgrade to those two operating systems to also upgrade to Apple's more secure two-factor authentication, which has already been around for a couple of years.

The gist is that for users of iOS 11 and macOS High Sierra, Apple will no longer use text messages to send you confirmation codes, unless it absolutely has to. That's an improvement for the sake of security, as text messages are not encrypted and can be intercepted and read as they travel over the air.

So what are the differences between Apple's two-step verification and its two-factor authentication?

MORE: Security Alert: Why You Should Update to iOS 11 Now

It's actually pretty simple. Apple's two-step verification, introduced several years ago, transmits a four-digit authentication PIN via either an SMS text message or Apple's own Find My iPhone feature. You enter that PIN to verify your identity when signing into an Apple account.

Apple's two-factor authentication, introduced with iOS 9 and OS X 10.11 El Capitan in September 2015, is basically an augmentation of two-step verification. Instead of using SMS or Find My iPhone to transmit verification PINs, a six-digit PIN will be pushed out to your "trusted devices," such as an iPhone that's already been registered to you — and that you've previously confirmed is yours, using two-step verification.

(In case you'd always thought two-step verification, two-factor authentication, two-step authentication and two-factor verification were the same thing, they more or less are — except to Apple.)

Apple isn't saying how it gets those six-digit PINs in two-factor authentication to the user's screen — it merely cites "different methods." In reality, it's probably using a back-channel internet service similar to Find My iPhone to push out the codes from an Apple server. If you have more than one trusted device, such as iPads and MacBooks in addition to iPhones, the six-digit PIN will be sent to all of them.

While Apple will automatically switch you from two-step to two-factor after you update a device to iOS 11 or macOS High Sierra, you can make the upgrade beforehand. This is valuable for those who are waiting for apps to be updated to support the latest editions before they can make the jump.

Annoyingly, not all Apple devices can move to two-factor authentication. It's not supported on iPhones running iOS 8 and earlier, Macs running OS X 10.10 Yosemite and earlier, Apple Watches running watchOS 1, and 3rd-Gen Apple TV's and earlier. Likewise, if you have an iCloud account but don't often use Apple devices, you'll have to stick to two-step verification.

How to Switch from Two-Step Authentication to Two-Factor Authentication

1. Sign in to your Apple ID account page. Yes, you'll need to use two-step verification to get in.

2. Click Edit under Security. Since I've already made the jump, the screenshot below says On for Two-Factor Authentication. If your screen also shows On, you're good, and you can stop now.

3. Click Turn Off Two-Step Verification.

4. Click Turn Off Two-Step Verification again.

Credit: Apple

(Image credit: Apple)

5. Create new security questions and answers, and verify your date of birth. You may need to re-enter your Apple ID password on your devices.

6. Change your Mac's login password if you were using your Apple ID to log into your Mac.

7. On your iPhone, open Settings, and tap on your Name. If you'd rather do this on your Mac, which needs to be running OS X 10.11 El Capitan or later, click the Apple icon in the top left corner, select System preferences, click iCloud, click Account Details, click Security and click Turn On Two-Factor Authentication.

8. Tap Password & Security. Enter your Apple ID password if prompted.

9. Tap Turn On Two-Factor Authentication. Follow the prompts.

Congrats — you've enabled two-factor authentication!

Henry T. Casey
Managing Editor (Entertainment, Streaming)

Henry is a managing editor at Tom’s Guide covering streaming media, laptops and all things Apple, reviewing devices and services for the past seven years. Prior to joining Tom's Guide, he reviewed software and hardware for TechRadar Pro, and interviewed artists for Patek Philippe International Magazine. He's also covered the wild world of professional wrestling for Cageside Seats, interviewing athletes and other industry veterans.