Which is better, two-factor authentication or two-step verification? How can I protect my Apple ID against hackers?
While it seems that celebrities get their Apple ID/iCloud accounts hacked on a weekly basis, Apple has implemented measures to protect the masses against these kinds of attacks. However, with both two-factor authentication and two-step verification available for Apple ID users, there's a bit of confusion as to which users should opt for. Here, we explain what two-step verification and two-factor authentication offers, as well as how to set up each on your Apple ID account.
Protecting your Apple ID: Two-step verification
Two-step verification has been offered to Apple ID users since 2013, and was the first way that Apple users could protect themselves from hackers accessing their content by only knowing their Apple ID password. Apple ID users with two-step verification are prompted to verify the account whenever they sign in with their Apple ID or iCloud account, or when making a purchase from a new iOS device.
There are also other situations where users will be prompted to verify the login, and these can be found on the official Apple Support page.
But how do you verify your account? Is it just a case of having to remember two passwords instead of one? No – it's smarter than that. Instead, there are four different options you can choose from:
- Push notification to a trusted iOS device: verify the login by allowing it via push notification on another iOS device.
- Text message or phone call to a registered number: If you have a mobile or home phone linked to your Apple ID, Apple can text you a four-digit number to verify the login. Alternatively, Apple can call you and provide you with the code over the phone.
- Offline recovery key: You'll be given a 14-character Recovery Key to keep safe when you set up two-step verification. It can be used to gain access if you ever lose access to your trusted devices, or forget your Apple ID password.
- Application-specific password: If the app you're using doesn't support two-step verification, you can generate an app-specific password from your Apple ID account page to use when prompted.
While two-step verification adds an extra layer of security to your Apple ID, it's not the recommended protection for most people. Apple states on its website that two-step verification is an old security method that should only be used by those that don't own Apple devices, can't set up their devices or "are otherwise ineligible for two-factor authentication".
How to set up two-step verification for Apple ID
It's incredibly easy to set up two-step verification on iOS - simply click this link, sign in to your Apple ID and follow the instructions provided. Remember, this method is only advised for those that either don't have access to an Apple device, can't set up a device or for whatever reason or you can't access the more advanced two-factor authentication we discuss below.
Protecting your Apple ID: Two-factor authentication
So, what exactly is two-factor authentication, and why is it better than two-step verification? Apple themselves view two-factor authentication as a step up from the two-step verification, and was first released in 2015 alongside iOS 9. The new and improved security method is baked directly into iOS 9 and OS X El Capitan and later, meaning it can't be used by those with older devices.
So, what makes two-factor authentication special? The methods of authentication differ slightly from two-step verification, with users able to opt for the following:
- Push notification to a trusted device: Much like with the older method, Apple will push an interactive notification to all trusted Apple devices allowing you to quickly verify the login.
- Text message or phone call to a registered number: Again, this method is identical to that offered with Apple's older two-step verification process. Apple will text or call a verified number with a four-digit code to input for verification.
- Offline code generated by trusted device: This method is specific to two-factor authentication, and enables the generation of codes from a trusted device, even when offline. Simply head to the Settings menu on your trusted device and make a note of the code generated.
As well as the three methods above, Apple also offers a method of verifying logins on Apple devices running iOS 8 or OS X Yosemite or earlier. When trying to log in to your Apple ID or iCloud account on an unsupported device, you'll need to get a verification mode from a trusted device as noted above, and add that to the end of your Apple ID password.
For example, if your Apple ID password is Password (which it should never be!) and the code generated by your trusted device is 1234, you'd enter Password1234 as your Apple ID password.
Read next: How to recover a forgotten iCloud password
How to set up two-factor authentication for Apple ID
So, how do you set up two-factor authentication for your Apple ID? First off, it's worth noting that unlike with two-step verification, you can only sign up for two-factor authentication via a compatible Apple device (iOS 9 or later, or OS X El Capitan or later). It's also worth noting that you'll have to disable two-step verification before setting up two-step authentication if you've used it in the past.
To set it up on your iPhone:
- Open Settings > iCloud and select your Apple ID.
- Select Password & Security.
- Tap Turn on Two-Factor Authentication.
To set it up on your Mac:
- Access the Apple menu in the top-left hand corner of your display, and head to System Preferences > iCloud > Account Details.
- Click Security.
- Click Turn on Two-Factor Authentication.
Follow the on-screen instructions and voila! You should have two-factor authentication enabled on your Apple ID, protecting your most private information and media from hackers.