You may have heard that Apple is implementing two-factor authentication for some new iCloud services, and so today I wanted to show you how to set that up.
Two-factor authentication—called two-step verification in the Apple ecosystem—is a security system whereby you have to supply two things—instead of just a single password—to log in to an online (or other) service. Typically, those two factors are a password and a code that the service sends to your cell phone. Requiring those two factors, instead of just one, makes it a lot harder for online miscreants to pretend they’re you.
Setting up two-factor authentication for iCloud is really simple, though it does require multiple steps. The first thing you do is log in to your iCloud account at icloud.com. You then open Account Settings by clicking on your name in the upper right corner, then on your Apple ID. That’ll open a new tab in your browser and take you to the My Apple ID page.
There, you click on Manage Your Apple ID and sign in (once again). That done, open this Password and Security link. When you do so, you’ll be asked to answer a couple of security questions; do that, then click on Continue. You’ll then go through three instructional screens, explaining the risks and rewards of two-step verification. When you’re ready, click on the Get Started button.
That’ll take you to this screen, where you supply the phone number of a phone where you can receive SMS messages. (Apple is going to send you a code via SMS; that code is the second factor in the process.) Once you do so, you’ll get to this Verify Phone Number screen.
Now switch over to your phone. You should have a new SMS message there, containing a four-digit code. Go back to your Mac browser and enter that code in the Verification Code boxes.
That done, you can now verify devices that you’ve already registered with Find My iPhone. (Among other things, this allows Apple to send you verification codes via push notification, rather than SMS.) To do that, select a device from the list and click on the Verify link. Once again, Apple will send you a verification code; go through the same process you did before to look up and enter that code.
When you lick on the Continue button, Apple will generate a Verification Key for you. This key can be used to unlock your account should you ever be without the phone you’ve just registered. Contrary to usual security practices, you actually want to print out this verification key and keep it stored somewhere safe, where you can get to it in an emergency.
After you re-enter this verification key, you’ll get to the final step, at which point you actually enable two-step verification. You have to check a box acknowledging the consequences of doing so, then click the Enable Two-Step Verification button, then the Done button after that.
That’s it. From now on, when you log in to iCloud.com to manage your account, make a purchase from a new device, get Apple ID-related support, or use one of Apple’s Web apps on iCloud.com, Apple will check to make sure you are who you say you are by sending a verification code to the phone you registered with the service. You enter your usual password plus that code to get in.