Apple's two-step authentication goes away with iOS 11 and macOS High Sierra
To be replaced by two-factor authentication.
“);});try{$(“div.lazyload_blox_ad”).lazyLoadAd({threshold:0,forceLoad:false,onLoad:false,onComplete:false,timeout:1500,debug:false,xray:false});}catch(exception){console.log(“error loading lazyload_ad “+exception);}});
With iOS 11 and macOS 10.13 High Sierra, Apple no longer allows the use of two-step verification, its original and hastily built, somewhat creaky system for confirming a login. If you’re still using two-step, the moment you upgrade to iOS 11 or High Sierra, Apple will convert you to the newer two-factor authentication (2FA) method it introduced in September 2015. You don’t have to do anything but pay attention to how it works.
The best way for most people to protect an account from letting anyone who can obtain its password from being able to log in is to use 2FA. A factor is something that identifies you. A password is one kind of factor (something you know) and a token that’s sent to a phone or via SMS is another (something you have).
Apple’s original two-step system relied on its Apple ID site for set up and management, and could only send codes to iOS devices and via SMS. Its update in September 2015 left two-step in place for those who continued to want to use it, but the 2FA revision was far better. Enrollment happens via iOS and macOS. Apple’s system isn’t as robust as some security experts would like, but it’s definitely better than a password-only option.
If you’re still using two-step verification (and if not, you didn’t need to read this far), when Apple converts your account to 2FA with iOS 11 or High Sierra, here’s what you need to know:
-
Your Recovery Key is no longer needed. If you forget or lose your password and all your trusted devices and phone numbers, you can contact Apple, which has a security process you have to go through to unlock and reclaim your account by proving your identity. You can just throw that key away.
-
You only use the Apple ID site to manage app-specific passwords for third-party calendar, contacts, and email apps. These single-use passwords let you bypass authentication, and became mandatory in June for third-party iCloud access. (If you were using any previously, Apple already stopped allowing them to work! If you wondered why, that’s the explanation.)
-
When you log in and Apple’s system determines you’re not on an already trusted machine or using a trusted browser, you’ll get a location popup or dialog on every computer and iOS device connected to the same iCloud account. First, you click or tap Allow on the location. Then, on that device that you approved the location, you receive a six-digit code that you can enter in the browser, app, or OS component requesting it.
-
If you can’t get the location and code to arrive at an Apple device, Apple offers a backup method that lets you send a text message or have an automated voice system call you with the code.
Ask Mac 911
We’ve compiled a list of the questions we get asked most frequently along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to mac911@macworld.com including screen captures as appropriate. Mac 911 can’t reply to—nor publish an answer to—every question, and we don’t provide direct troubleshooting advice.