How-to Enable Two Step Authentication for iTunes/iCloud

| How-To

Apple launched two-step authentication for Apple IDs on Thursday, a significant increase in security for those who enable it. We're going to show you how to set it up.

Apple is following in the footsteps of other large online services, including Google and Blizzard. The company has much at stake in this arena, as Apple has hundreds of millions of credit cards on file for iTunes accounts. That has made those iTunes accounts a hot target for the bad guys, and two-step authentication should decrease incidents of compromised accounts.

With two step authentication, users will need to use their password and a security code sent to a verified iPhone or iPad to make changes to their account. Once activated, it will completely replace the security questions Apple has had in place for some time.

As of this writing, Apple is including two step authentication as an option users have to enable manually. To start, visit Apple's Apple ID management site. Once there, click the "Manage your Apple ID" button. On the left side of the screen, you'll see a link to "Password and Security."

Once you click that link, you'll see an option in the upper right corner of the webpage that looks like this:

Two Step Authentication

Manage your security settings

Click the "Get started" link, and you'll be given a page of explanations:

Two Step Authentication

Simple and more secure

Followed by a page of warnings:

Two Step Authentication

Important things to remember

Next, you'll be shown a pictorial representation of what you're getting yourself into:

Two Step Authentication

Two-step verification for Apple ID

When you continue, you'll be walked through the process of verifying your current iOS devices, as well as the phone number attached to your iPhone. Alternately, you can choose to verify any SMS-enabled phone number.

Two Step Authentication

Manage your trusted devices

Note that past devices that weren't assigned to a new Apple ID will be included with your active devices. When you select a particular device, a code is sent to that device that appears in the form of an alert.

Two Step Authentication

Two Step Authentication Security Code Alert on iPhone

The codes have a limited shelf life and will not be displayed until you have unlocked the screen. That means the bad guys would have to have your Apple ID, your password, physical possession of your iOS device, and the passcode for your iOS device before they could change your Apple ID account or make an iTunes purchase.

You will also be given a Recovery Code, a 14-character code you can use to reset the password and security options on your Apple ID in case you lose the verified devices.

Once you have verified your account, you have one more screen to accept before two step authentication is enabled. Once you do, there's not going back (as of this writing), but we encourage you to turn this option on.

WARNING: YOU NEED TO KEEP A COPY OF THIS RECOVERY CODE SOMEWHERE SAFE. SAY, A SAFE!

Once activated, Apple says it can not reset your Apple ID password without the recovery code. Apple prevents the recovery code from being copied from the browser, and the company makes you enter it before you can continue. Apple also warns you not to store the recovery code on your computer. That means you need to write it down and keep it somewhere secure.

And no, a sticky on your display does not cut it.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

2 Comments

Lee Dronick

Apple also warns you not to store the recovery code on your computer. That means you need to write it down and keep it somewhere secure

A good idea for all of our important passwords. Settings too for email servers and such.

Pashtun Wally

Man, physical security is so retro!
Goes great w/ the whole steampunk mystique….

Nice to see Apple getting serious about this.

If they’d gotten serious earlier, lots of people would not have been forced through the nightmares that are lost AppleIDs and iTunes accounts….

Log-in to comment