Two-factor authentication for Apple ID – Apple Support (UK) (2024)

Two-factor authentication is designed to make sure you're the only person who can access your account. Find out how it works and how to turn on two-factor authentication.

Two-factor authentication is an extra layer of security for your Apple ID, designed to make sure you're the only one who can access your account – even if someone else knows your password. When you sign in with your Apple ID for the first time on a new device or on the web, you need both your password and the 6-digit verification code that's automatically displayed on your trusted devices. Because just knowing your password isn't enough to access your account, two-factor authentication dramatically improves the security of your Apple ID and the data you store with Apple.

Two-factor authentication is the default security method for most Apple IDs. Certain Apple services and features, such as Apple Pay and Sign in with Apple, require two-factor authentication. We recommend that you use two-factor authentication and protect your device with a passcode (or login password on Mac) and Face ID or Touch ID, if your device supports it.

Two-factor authentication requires iOS 9 or later, OS X El Capitan or later, or iCloud for Windows 5 or later. Find out where two-factor authentication is available.

Turn on two-factor authentication for your Apple ID

If you aren't using two-factor authentication for your Apple ID, you can turn it on directly on your device or on the web:

On your iPhone, iPad or iPod touch: Go to Settings > your name > Password & Security. Tap Turn On Two-Factor Authentication. Then tap Continue and follow the onscreen instructions.
See Also
Understanding the Process of Identity Authentication | Okta Identification Authentication Verification: what are the differences? - iDenfy What is the Difference between Identification, Identity Verification and Authentication?
On your Mac: Choose Apple menu  > System Settings (or System Preferences), then click your name (or Apple ID). Click Password & Security. Next to Two-Factor Authentication, click Turn On and follow the onscreen instructions.
On the web: Go to appleid.apple.com and sign in with your Apple ID. Answer your security questions, then tap Continue. Tap Continue when you see a prompt to upgrade account security. Then tap Upgrade Account Security and follow the onscreen instructions.

If you're already using two-factor authentication with your Apple ID, you can't turn it off. If you updated to two-factor authentication inadvertently, you can turn it off within two weeks of enrolment. If you do, your account is less secure and you can't use features that require a higher level of security.

The first time that you sign in with your Apple ID on a new device

When you sign in with your Apple ID user name and password for the first time on a new device or the web, you'll receive a notification on your trusted devices that someone is trying to sign in with your Apple ID. The notification may include a map of the approximate location of the sign-in attempt. This location is based on the new device's IP address and may reflect the network that it's connected to, rather than the exact physical location. If you know that you're the person trying to sign in but don't recognise the location, you can still tap Allow and view the verification code. If you aren't the one trying to sign in, tap Don't Allow to block the sign-in attempt.

When you enter the verification code on your new device or the web, you verify that you trust the device on which you're signing in. You may also be asked to enter the passcode of one of your devices to access any end-to-end encrypted content stored in iCloud.

After you sign in, you won't be asked for a verification code on that device again unless you sign out completely, erase the device or need to change your password for security reasons. When you sign in on the web, you can choose to trust your browser, so you won't be asked for a verification code again on that computer for 30 days.

If you don't have a trusted device with you

If you're trying to sign in and don't have a trusted device with you that can display verification codes, you can tap Didn't Get a Code on the sign-in screen and choose to send a code to one of your trusted phone numbers. This text message may include an additional domain validation line that includes the @ symbol, the website name and your code (for example, @icloud.com #123456 %apple.com). Or you can get a code directly from Settings on a trusted device.

Find out how to get a verification code

About trusted phone numbers and trusted devices

With two-factor authentication, a trusted device or trusted phone number helps verify your identity when you sign in to a new device or browser.

What is a trusted phone number?

To use two-factor authentication, you need at least one trusted phone number on file where you can receive verification codes. If you have a phone number that isn't associated with your trusted device, consider verifying it as an additional trusted phone number. If your iPhone is your only trusted device and it's missing or damaged, you won't be able to receive verification codes required to access your account.

To see, add or change your trusted phone numbers:

On your iPhone, iPad or iPod touch: Go to Settings > your name > Password & Security. Next to Trusted Phone Number, tap Edit.
On your Mac: Choose Apple menu  > System Settings (or System Preferences), then click your name (or Apple ID). Click Password & Security, then add or remove a trusted phone number.
Go to the Account Security section of appleid.apple.com.

What is a trusted device?

A trusted device is an iPhone, iPad, iPod touch, Apple Watch or Mac that you've already signed in to using two-factor authentication. It's a device that we know is yours and that can be used to verify your identity by displaying a verification code from Apple when you sign in on a different device or browser.

Find out how to see and manage your trusted devices

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsem*nt. Apple assumes no responsibility with regard to the selection, performance or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date:December 15, 2023

As an expert in cybersecurity and digital identity protection, I've been deeply involved in understanding and implementing security measures, including two-factor authentication (2FA). My expertise is grounded in practical experience, having advised individuals and organizations on securing their digital assets. Additionally, I've stayed abreast of the latest developments in online security, ensuring a comprehensive understanding of the tools and practices that safeguard user accounts.

Now, let's delve into the concepts and information presented in the provided article about two-factor authentication (2FA) for Apple ID:

Two-Factor Authentication (2FA):
- Definition: Two-factor authentication is an enhanced security measure that requires users to provide two different forms of identification before gaining access to an account.
- Purpose: It adds an extra layer of protection beyond a password, reducing the risk of unauthorized access even if the password is compromised.
Apple ID Security:
- Objective: The primary aim is to ensure that only the legitimate account owner can access their Apple ID, protecting sensitive data stored with Apple.
- Verification Code: Users are prompted to enter a 6-digit verification code displayed on their trusted devices in addition to their password when signing in on a new device or on the web.
Enabling Two-Factor Authentication for Apple ID:
- Devices and Platforms Supported:
  - iOS 9 or later for iPhone, iPad, and iPod touch
  - OS X El Capitan or later for Mac
  - iCloud for Windows 5 or later for Windows
- Activation Steps: Users can enable 2FA directly on their device or through the web by navigating to settings or appleid.apple.com.
Additional Security Measures:
- Passcode and Biometric Authentication: Users are recommended to protect their devices with a passcode or login password, and if available, with Face ID or Touch ID.
- Specific Services: Certain Apple services like Apple Pay and Sign in with Apple require two-factor authentication, emphasizing its importance.
First-Time Sign-In on a New Device:
- Notification: Users receive a notification on their trusted devices when signing in for the first time on a new device, including an approximate location based on IP address.
- Verification Code Entry: Users enter the verification code to confirm trust for the new device.
Managing Trusted Devices and Phone Numbers:
- Trusted Devices: iPhones, iPads, iPods, Apple Watches, and Macs that have been previously signed in using 2FA are considered trusted devices.
- Trusted Phone Numbers: Users should have at least one trusted phone number to receive verification codes. The article provides steps to manage these settings on various devices.
Recovery and Accessibility:
- Code Retrieval: In case a trusted device is unavailable, users can retrieve codes through trusted phone numbers or directly from device settings.
- Browser Trust: Users can choose to trust their browser for 30 days when signing in on the web, reducing the frequency of verification code prompts.

By comprehensively covering these concepts, Apple aims to empower users with the knowledge and tools needed to enhance the security of their Apple ID accounts. This not only protects personal information but also ensures a seamless and trusted digital experience.