Two-factor authentication for Apple ID

Two-factor authentication is an extra layer of security for your Apple ID designed to ensure that you're the only person who can access your account, even if someone knows your password.

verification code prompt on iPhone

 

How it works

Manage your account

Frequently asked questions

How it works

With two-factor authentication, your account can only be accessed on devices you trust, like your iPhone, iPad, or Mac. When you want to sign in to a new device for the first time, you'll need to provide two pieces of information—your password and the six-digit verification code that's automatically displayed on your trusted devices. By entering the code, you're verifying that you trust the new device. For example, if you have an iPhone and are signing into your account for the first time on a newly purchased Mac, you'll be prompted to enter your password and the verification code that's automatically displayed on your iPhone. 

Because your password alone is no longer enough to access your account, two-factor authentication dramatically improves the security of your Apple ID and all the personal information you store with Apple.

Once signed in, you won’t be asked for a verification code on that device again unless you sign out completely, erase the device, or need to change your password for security reasons. When you sign in on the web, you can choose to trust your browser, so you won’t be asked for a verification code the next time you sign in from that computer.

Trusted devices

A trusted device is an iPhone, iPad, iPod touch with iOS 9 and later, or Mac with OS X El Capitan and later that you've already signed in to using two-factor authentication. It’s a device we know is yours and that can be used to verify your identity by displaying a verification code from Apple when you sign in on a different device or browser.

Trusted phone numbers

A trusted phone number is a number that can be used to receive verification codes by text or phone call. You must verify at least one trusted phone number to enroll in two-factor authentication. You should also consider verifying other phone numbers you can access, such as a home phone, or a number used by a family member or close friend. You can use these numbers if you temporarily can't access your own devices.

Verification codes

A verification code is a temporary code sent to your trusted device or phone number when you sign in to a new device or browser with your Apple ID. You can also get a verification code from Settings on your trusted device.

A verification code is different from the device passcode you enter to unlock your iPhone, iPad, or iPod touch. 

Turn on two-factor authentication for your Apple ID

Two-factor authentication is currently available to iCloud users with at least one device that's using iOS 9 or OS X El Capitan or later. Learn more.

You can follow the steps below to turn on two-factor authentication.

On your iPhone, iPad, or iPod touch with iOS 9 or later:

  1. Go to Settings > iCloud > tap your Apple ID.
  2. Tap Password & Security.
  3. Tap Turn on Two-Factor Authentication.

On your Mac with OS X El Capitan or later:

  1. Go to Apple () menu > System Preferences > iCloud > Account Details.
  2. Click Security.
  3. Click Turn on Two-Factor Authentication.

If you already use two-step verification, turn it off, then turn on two-factor authentication

What to remember when you use two-factor authentication

Two-factor authentication significantly improves the security of your Apple ID. After you turn it on, signing into your account will require both your password and access to your trusted devices or trusted phone number. To keep your account as secure as possible and help ensure you never lose access, there are a few simple guidelines you should follow: 

  • Remember your Apple ID password.
  • Use a device passcode on all your devices.
  • Keep your trusted phone number(s) up to date.
  • Keep your trusted devices physically secure.

Manage your account

You can manage your trusted phone numbers, trusted devices, and other account information from your Apple ID account page.

Keep your trusted phone numbers up to date

To use two-factor authentication, you need at least one trusted phone number on file where you can receive verification codes. You can update your trusted phone numbers when you follow these steps:

  1. Go to your Apple ID account page.
  2. Sign in with your Apple ID.
  3. Go to the Security section and click Edit.

If you want to add a phone number, click Add a Trusted Phone Number and enter the phone number. Choose to verify the number with a text or phone call, and click Continue. To remove a trusted phone number, click x icon next to the phone number you want to remove.

View and manage your trusted devices

You can view and manage a list of your trusted devices in the Devices section of your Apple ID account page.

  1. Go to your Apple ID account page.
  2. Sign in with your Apple ID.
  3. Go to the Devices section.

The device list shows the devices that you're currently signed in to with your Apple ID. Select a device to view the model, serial number, and other useful information, including whether or not the device is trusted and can be used to receive Apple ID verification codes.

You can also remove a trusted device. Removing a trusted device will ensure that it can no longer display verification codes and that access to iCloud, and other Apple services on the device, is blocked until you sign in again with two-factor authentication. If you need to find or erase your device before you remove it from your trusted device list, you can use Find My iPhone

Help and frequently asked questions

Need help? You might find the answer to your question below.

Is this different than Apple’s current two-step verification feature?

Yes. Two-factor authentication is a new service built directly into iOS, macOS, tvOS, watchOS, and Apple’s web sites. It uses different methods to trust devices and deliver four-digit verification codes, and offers a more streamlined user experience. Two-factor authentication is required in order to use certain features that require improved security. 

The current two-step verification feature will continue to work separately for users who are already enrolled.

What if I forget my password?

You can reset or change your password from your trusted iPhone, iPad, or iPod touch when you follow these steps:

  1. Go to Settings > iCloud.
  2. Tap your name.
  3. Tap Password & Security.
  4. Tap Change Password.
  5. Enter a new password.

These steps will work only from a trusted device with a device passcode enabled. If you don’t have access to a trusted device, go to iforgot.apple.com and enter your Apple ID, then follow the prompts to reset your password. If you need help, try these steps.

What if I don’t have access to a trusted device or didn't receive a verification code?

If you're signing in and don’t have a trusted device handy that can display verification codes, you can have a code sent to your trusted phone number via text or a phone call instead. Click Didn't Get a Code on the sign in screen and choose to send a code to your trusted phone number. You can also get a code directly from Settings on a trusted device. Learn how to get a verification code.

If I can't sign in, how do I regain access to my account?

If you can’t sign in, reset your password, or receive verification codes, you can request account recovery to regain access to your account. Account recovery is an automatic process designed to get you back in to your account as quickly as possible while denying access to anyone who might be pretending to be you. It might take a few days—or longer—depending on what specific account information you can provide to verify your identity.

Do I still need to remember any security questions?

No. With two-factor authentication, you don't need to choose or remember any security questions. Your identity is verified exclusively using your password and verification codes sent to your devices and trusted phone numbers. When you enroll in two-factor authentication, we will keep your old security questions on file for two weeks in case you need to return your account to its previous security settings. After that, they will be deleted.

Can Apple Support help me regain access to my account?

Apple Support can answer your questions about the account recovery process, but can't verify your identity or expedite the process in any way.

What are the system requirements for two-factor authentication?

For the best experience, you should make sure you meet the system requirements below on all the devices you use with your Apple ID:

  • iPhone, iPad, or iPod touch with iOS 9 or later
  • Mac with OS X El Capitan or later and iTunes 12.3 or later
  • Apple Watch with watchOS 2 or later
  • Windows PC with iCloud for Windows v5 and iTunes 12.3.3 or later

What if I don’t recognize the location shown in my sign in notification?

When you sign in on a new device, you’ll get a notification on your other trusted devices that includes a map showing the approximate location of the new device. This is an approximate location based on the IP address the device is currently using, rather than the exact location of the device. The location shown might reflect the network you're connected to, and not your physical location.

If you know you’re the person trying to sign in but you don’t recognize the location shown, you can still tap Allow and continue signing in.

However, if you ever see a notification that your Apple ID is being used to sign in on a new device and you're not the one signing in, tap Don’t Allow to ensure the sign in attempt is blocked.

What if I use two-factor authentication on a device running older software?

If you use two-factor authentication with devices running older OS versions, you might be asked to add your six-digit verification code to the end of your password when signing in. Get your verification code from a trusted device running iOS 9 and later or OS X El Capitan and later, or have it sent to your trusted phone number. Then type your password followed by the six-digit verification code directly into the password field.

Can I turn off two-factor authentication after I’ve turned it on?

Yes. But keep in mind that if you turn off two-factor authentication, your account will be protected only with your password and security questions.

To turn off two-factor authentication, sign in to your Apple ID account page and click Edit in the Security section. Then click Turn Off Two-Factor Authentication. After you create new security questions and verify your date of birth, two-factor authentication will be turned off. 

If someone has turned on two-factor authentication for your Apple ID without your permission, you can also turn it off from the enrollment confirmation email sent to your Apple ID or rescue email address. Click Turn Off Two-Factor Authentication at the bottom of the email to restore your Apple ID to its previous security settings and regain control of your account. The link is active for two weeks after you enroll.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Published Date: