You might think your password is impossible to guess, but for greater security it's a good idea to set up two-factor authentication (2FA). Once you have this system in place, a hacker would need more than your username and password to access your account - they would also need access to your iPhone to obtain a security code.
In this article explain what 2FA is, the advantages it offers over traditional security setups, and how to set up 2FA for your Apple ID.
What does two-factor authentication do?
2FA adds an extra level of security. You enter your password as before, but on top of that Apple will send you a numerical code, by text message or via an alert on your Mac screen, that you have to use too. It's much more difficult to hack.
This is different to two-step verification, which Apple added after celebrities started getting their iCloud accounts hacked. (You might have set it up if you were particularly concerned about your security.) Apple introduced two-step verification in a bit of a hurry and the new two-factor method is a little more baked into the OS and easier to set up: we've written a comparison between two-step and two-factor verification.
How to set up two-factor authentication
To set up 2FA on your Mac, go to System Preferences > iCloud > Account Details. Log in using your Apple ID. Then select Security and Turn On Two-Factor Authentication.
Next you will be asked for a phone number - make sure this is active, because Apple will text a number to it. Once you receive that number you need to enter it on your Mac's verification screen.
iPhone or iPad
You don't have to set up two-factor authentication on your Mac, however. You can also do so on your iPad or iPhone.
To set up Two-Factor Authentication on your iPad or iPhone, go to Settings, tap your name at the top of the screen, then tap Password & Security > Two-Factor Authentication.
What happens once I have two-factor authentication set up?
Once you've set up 2FA, you'll get a notification on your trusted devices every time you sign in on a new device.
The alert includes a map which shows an approximate location, based on the IP address the device is currently using. Don't get too paranoid about this: when we sign on in Suffolk we get an alert indicating that the device is near London.
You will also be sent a six-digit code which you will need to enter to prove your identity.
Problems with two-factor authentication
Note that once you've set up 2FA it suddenly becomes a bit more difficult to sign into Apple devices running older versions of macOS or iOS. For example, we managed to lock ourselves out of our Apple TV (3rd generation) because when it asked for our Apple password we entered our password three times and never added the code (which, unbeknown to us, had magically been sent to our phone).
You will also need to enter a six-digit verification code after your password when signing in on your older devices. This code will be sent to a 'trusted device' running iOS 9 or later or OS X El Capitan or later, or it will be sent to your phone number.
You should make sure that if your mobile number changes, you update it on your Apple ID account page online here, or you might be caught without your second factor.
Benefits of two-factor authentication
2FA is simply a more secure system - your Apple ID account will be far better protected than with a password alone or with two-step authentication. And you don't need to choose or remember any additional security questions.