How to Use Two Factor Authentication on iPhone

A single password isn't enough to secure your iOS device

Mobile banking with two step authentication

Rostislav_Sedlacek / iStock

With so much personal, financial, and medical information stored in online accounts, keeping them secure is a must. But with the stories of hackers compromising accounts and stealing passwords, you may wonder how secure any account is. That's a question you can answer confidently by adding additional security to your accounts. One simple, powerful method of doing this is called two-factor authentication.

Instructions in this article apply to iPhones running iOS 10.3 or higher.

What Is Two-Factor Authentication?

Two-factor authentication enhances the security of online accounts by requiring more than a username and password. In this case, factor means a piece of information that only you have. To log in to most online accounts, you only need one factor: a username and password. This single login step makes it quick to access accounts, but it also means that anyone who has the password or can guess it can access the account.

Two-factor authentication requires two pieces of information to get into an account. The first factor is almost always a username and password combination; the second factor is often a PIN.

Why You Should Use Two-Factor Authentication

You probably don't need two-factor authentication on all of your accounts, but it's a good idea for the most important ones. Hackers and thieves are always becoming more sophisticated. In addition to programs that auto-generate millions of password guesses, hackers use email phishing, social engineering, password-reset tricks, and other techniques to gain fraudulent access to accounts. 

Two-factor authentication isn't perfect. A determined and skilled hacker can break into accounts with two-factor authentication. But it's particularly useful when the second factor is randomly generated, such as a PIN. Apple and Google's two-factor systems work this way. They randomly create a PIN when you request one, you use it, and then the system discards the code. Because each PIN is used once, it's tougher to crack.

Secure any account with personal or financial data with two-factor authentication if it's available. Unless you're a particularly high-value target, hackers are more likely to move on to less-well-protected accounts than bother trying to crack yours.

How to Set up Two-Factor Authentication on Your Apple ID

Your Apple ID is the most critical account on your iPhone. Not only does it contain personal information and credit card data, but a hacker with control of your Apple ID could access your email, contacts, calendars, photos, text messages, and more. 

When you secure your Apple ID with two-factor authentication, only trusted devices can access it, and you decide which ones to authorize. A hacker won't be able to access your account unless they're using your iPhone, iPad, iPod Touch, or Mac.

Follow these steps to enable this extra layer of security:

  1. Open the Settings app, then tap your name.

  2. On the Apple ID screen, tap Password & Security.

    Settings, Account page, and Password & Security options on an iPhone
  3. Tap Turn on Two-Factor Authentication, then tap Continue.

  4. Choose a trusted phone number where Apple will send the two-factor authentication code during set up and in the future.

    You can add more than one trusted phone number.

  5. Enter the code you use to unlock your iPhone.

  6. Choose to receive verification codes in a text message or phone call, then tap Send to save your choices.

    Entering a trusted phone number on an iPhone
  7. Once Apple's servers have verified that the code is correct, two-factor authentication is enabled for your Apple ID.

Secure your iPhone with a passcode (and, ideally, Touch ID or Face ID) to prevent a thief from accessing the phone.

How to Use Two-Factor Authentication on Your Apple ID

With your account secured, you won't need to enter the second factor on the same device again unless you completely sign out or erase the device. You'll only need to enter it if you want to access your Apple ID from a new, non-trusted device.

To authorize a new device:

  1. When you enter your Apple ID and password on a new device, a window appears on a trusted device and alerts you that someone is trying to sign in to your Apple ID. The window may include your Apple ID, the device, and the location.

    Sign-in attempt screen on a MacBook
  2. If this isn't you, or it seems suspicious, tap Don't Allow. If it's you, tap Allow.

    The options to allow or not allow a sign-in attempt to an Apple ID.
  3. Apple generates and sends a six-digit code to your iPhone.

    iPhone screens showing a sign-in attempt and the six-digit verification code
  4. Enter the code on the device you're using to sign in.

    Entering the verification code on a Mac
  5. You can now access your Apple ID.

How to Manage Your Trusted Devices on iPhone

If you need to change the status of a device from trusted to untrusted (for instance, if you sold the device without erasing it), you can do that. Here's how:

  1. Return to your account page. Open Settings and tap your name.

  2. In the Device Info screen, tap the device you want to remove, then tap Remove from Account.

  3. In the confirmation screen, tap Remove.

    Removing a device from your Apple ID
  4. Repeat these steps for any additional devices you want to remove.

How to Manage Your Trusted Devices on the Web

The process for managing devices on the internet is a little different.

  1. Sign in to your account at the Apple ID website.

  2. Scroll to the Devices section to see every device that uses your Apple ID.

    The Devices section on the Apple ID site
  3. Choose the one you want to remove, and then select Remove from account.

    Removing a device from Apple ID account
  4. Confirm your choice, and the device will leave your account.

Turn Off Two-Factor Authentication on Your Apple ID

Once two-factor authentication is enabled on your Apple ID, you cannot deactivate it. That isn't necessarily a bad thing; turning off two-factor makes your accounts more vulnerable.

Set Up Two-Factor Authentication on Other Common Accounts

Apple ID isn't the only common account on most iPhones that can be secured with two-factor authentication. Consider setting it up on any accounts that contain personal, financial, or other sensitive information. This includes setting up two-factor authentication on Gmail accounts or adding it to Facebook accounts.