What is two-step verification for Apple ID?
Two-step verification is an additional security feature for your Apple ID that’s designed to prevent anyone from accessing or using your Apple account, even if they know your password.
It requires you to verify your identity using one of your devices or another approved method before you can:
- Sign in to My Apple ID to manage your account
- Sign in to iCloud on a new device or at iCloud.com
- Sign in to iMessage or FaceTime
- Make an iTunes, iBooks, or App Store purchase from a new device
- Get Apple ID related support from Apple
What is Two-Factor Authentication for iCloud?
Your Apple ID is the key to many things you do with Apple. It’s important that only you have the ability to access your account details, update your password, access the data you store and keep up to date with iCloud, or make iTunes and App Store purchases with your account. Two-step verification is a feature you can use to keep your Apple ID and personal information as secure as possible.
How do I set up two-step verification?
- Go to My Apple ID.
- Select Manage your Apple ID and sign in.
- Select Password and Security.
- Under Two-Step Verification, select Get Started and follow the onscreen instructions.
How does it work?
When you set up two-step verification, you register one or more trusted devices. A trusted device is a device you control that can receive 4-digit verification codes using either SMS or Find My iPhone. You’re required to provide at least one SMS capable phone number.
Then, any time you sign in to manage your Apple ID at My Apple ID, sign in to iCloud, or make an iTunes, iBooks, or App Store purchase from a new device, you’ll need to verify your identity by entering both your password and a 4-digit verification code, as shown below.
After you sign in, you can securely access your account or make purchases as usual. Without both your password and the verification code, access to your account will be denied.
You will also get a 14-character Recovery Key to print and keep in a safe place. Use your Recovery Key to regain access to your account if you ever lose access to your trusted devices or forget your password.
Do I still need to remember any security questions?
With two-step verification, you don’t need to create or remember any security questions. Your identity is verified exclusively using your password, verification codes sent to your trusted devices, and your Recovery Key.
Which SMS numbers should I verify for my account?
You’re required to verify at least one SMS-capable phone number for your account. You should consider verifying all SMS-capable phone numbers that you normally use with your iPhone or another mobile phone. You should also consider verifying an SMS-capable phone number used by someone close to you, such as a spouse or other family member. You can use this number if you’re temporarily without access to your own devices.
Note: You can’t use landline or web-based (VOIP) phone services for two-step verification.
How do I use Find My iPhone notifications to receive verification codes?
Find My iPhone notifications can be used to receive verification codes on any iOS device with Find My iPhone turned on. Learn how to set up Find My iPhone.
Where should I keep my Recovery Key?
Keep your Recovery Key in a secure place in your home, office, or other location. You should consider printing more than one copy, so that you can keep your key in more than one place. Your key will be easier to find if you ever need it, and you’ll have a spare copy if one is ever lost or destroyed. You shouldn’t store your Recovery Key on your device or computer, because that could give an unauthorized user instant access to your key.
If you ever need a new Recovery Key, you can create one at My Apple ID:
- Go to My Apple ID.
- Select Manage your Apple ID and sign in with your password and trusted device.
- Select Password and Security.
- Under Recovery Key, select Replace Lost Key.
After you create a new key, your old Recovery Key is no longer usable.
How do I sign in to my account using an app that doesn’t support entering two-step verification codes?
You can generate an app-specific password from your account page at My Apple ID and enter it into the password field of the app that you want to sign in to. This will allow you to sign in securely even if the app you’re using doesn’t support entering verification codes. For example, you might use an app-specific password to sign in to iCloud using a third party email, address book, or calendar app.
Generate an app-specific password:
- Go to My Apple ID.
- Select Manage your Apple ID and sign in.
- Select Password and Security.
- Click Generate an App-Specific Password.
What do I need to remember when I use two-step verification?
Two-step verification simplifies and strengthens the security of your Apple ID. After you turn it on, there’s no way for anyone to access and manage your account other than by using your password, verification codes sent to your trusted devices, or your Recovery Key. Only you can reset your password, manage your trusted devices, or create a new Recovery Key. Apple Support can help you with other aspects of your service, but they aren’t able to update or recover these three things for you. Therefore, when you use two-step verification, you are entirely responsible for:
- Remembering your password
- Keeping your trusted devices physically secure
- Keeping your Recovery Key in a safe place
If you lose access to two of these three items at the same time, you could be locked out of your Apple ID permanently.
What if I lose my Recovery Key?
You can sign in to My Apple ID and create a new Recovery Key using your Apple ID password and one of your trusted devices.
What if I forget my Apple ID password?
You can reset it at My Apple ID using your Recovery Key and one of your trusted devices.
Apple Support can’t reset your password for you. To reset your password, you must have your Recovery Key and access to at least one of your trusted devices.
What if I lose or give away one of my trusted devices?
If you no longer have access to one of your devices, go to My Apple ID as soon as possible to remove that device from your list of trusted devices. That device can then no longer be used to help verify your identity.
What if I no longer have access to any of my trusted devices?
If you can’t access any of your trusted devices, you can still access your account using your password and Recovery Key. You should then verify a new trusted device as soon as possible.
Why was I asked to wait before setting up two-step verification?
As a basic security measure, Apple doesn’t allow setup of two-step verification to proceed if significant changes were recently made to your Apple ID account information. Significant changes can include a password reset or new security questions. This waiting period helps Apple make sure that you are the only person accessing or modifying your account. While you are in this waiting period, you can continue using your account as usual with all Apple services and stores.
Apple will send an email to all the addresses you have on file notifying you of the waiting period and encouraging you to contact Apple Support if you think that someone else has unauthorized access to your account. You can set up two-step verification after the date listed on your Apple ID account page and in the email that you receive.
When your waiting period is over, you have 30 days to complete setup of two-step verification. If you attempt to complete setup after 30 days have passed, or you made significant changes to your account during that time, another waiting period may be triggered.