Two-Factor Authentication Tip

System OSX & IOS

Submitted by: Nancy Gravley

If you would like a PDF of the following information click here.

 

2FA and Sign in With Apple - An Overview

Those who know me well, know I tend to harp on the advantages of using 2 Factor Authentication1. It provides an extra layer of security to protect your privacy, and sometimes, your resources.

For that reason I was thrilled to discover that Apple devices offer 2 Factor Authentication. The OS and iOS also have a related feature call Sign In With Apple which works in conjunction with 2FA. 2 Factor Authentication is required in the newest Apple operating systems.

Find it on your iPhone2 —

Select Settings > Password & Security > Two-Factor Authentication

Setting Two Factor Authentication on an iPhone

1 Multi-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence. Two-factor authentication is a type, or subset, of multi-factor authentication.

2 For IOS earlier than iOS 10 see Appendix for additional information.

Find it on your Mac3 —

Select System Preferences > Apple ID > Password & Security

Two-Factor Authentication on a Mac

What Does It Mean —

Like all good things Apple, it is very simple. Whenever you sign out of your device or sign in to a new device for the first time, you won’t be able to sign in without a verification code. The verification code will be sent via email to the trusted phone number you have selected.

Caution note: It is a good idea to set up a backup phone number. If your phone is stolen, it won’t do you any good to have a verification code sent to it. You can use any other backup number you want (family member, friend, land-line, etc.)

3 For OS earlier than Catalina see Appendix.

How Does It Work —

If you sign out of your iOS device, the next time you try to sign in you get this message that lets you know a verification code has been sent to other trusted devices running iOS 10 or later or MacOS Sierra or later.

Two-Factor Authentication iPhone Screen

What Are Trusted Devices —

A trusted device is an iPhone, iPad, or iPod touch with iOS 9 and later, Apple Watch with watchOS 6 or later, or Mac with OS X El Capitan and later that you've already signed in to using two-factor authentication. It’s a device we know is yours and that can be used to verify your identity by displaying a verification code from Apple when you sign in on a different device or browser.

What is Sign In With Apple —

When you see a Sign in with Apple button on a participating app or website, it means you can set up an account and sign in with your Apple ID instead of using a social media account, or filling out forms and choosing another new password. Just tap the Sign in with Apple button, review your information, and sign in quickly and securely with Face ID, Touch ID, or your device passcode. Note: This option is not yet widely available, but you can expect it to expand.

To Use Sign In With Apple —

  • Your Apple ID must be set up with two-factor authentication.

  • You must also be signed into iCloud with your Apple ID on your device.

  • The feature requires iOS 13 or later on iPhone, iPad OS 13.1 or later on iPad,

    watchOS 6 or later on Apple Watch, macOS Catalina or later on Mac, and tvOS 13

    or later on Apple TV.

  • You can use Sign in with Apple in any web browser and operating system.

Screen to use a sign-in with Apple

At your first sign in, apps and websites can ask only for your name and email address to set up an account for you. You can use Hide My Email4—Apple's private email relay service—to create and share a unique, random email address that forwards to your personal email. Appendix

Two-Factor Authentication on a website on an iPhone

4 See Appendix for more information

Appendix

If you are not using the latest version of iOS these directions work for setting up 2FA.

If you're using iOS 10.3 or later:

  • Go to Settings > [your name] > Password & Security.

  • Tap Turn On Two-Factor Authentication.

  • Tap Continue.

If you're using iOS 10.2 or earlier:

  • Go to Settings > iCloud.

  • Tap your Apple ID > Password & Security.

  • Tap Turn On Two-Factor Authentication.

  • Tap Continue.

  • You might be asked to answer your Apple ID security questions.

If you're using macOS Mojave or earlier:

  • Choose Apple menu  > System Preferences > iCloud > Account Details.

  • Click Security.

  • Click Turn On Two-Factor Authentication.

  • Some Apple IDs created in iOS 10.3 or macOS 10.12.4 and later are protected with two-factor authentication by default. In this case, you see that two-factor authentication is already turned on.

  • If you use two-step verification and want to update, turn it off, then turn on two- factor authentication.

Share your email address or keep it private

If an app or website asks for your email address when you set up your account with Sign in with Apple, you have two options:

Choose Share My Email to share your personal email address with an app or website developer. If you're familiar with the app and are comfortable with them being able to identify you using your email address, you want to choose Share My Email.

Choose Hide My Email to hide your personal email address and share a unique, random address instead. If you're not familiar with the developer yet or prefer more privacy, you might want to choose Hide My Email.

How to Log Back in with Apple

The apps you use with Sign in with Apple should remember your login, so there should be no need to sign in again each time you open one. However, if you do intentionally sign out of an app, you can easily sign back in using your Apple ID.


At the login screen, choose the option to Sign in with Apple. At the next screen asking if you want to use your Apple ID, tap Continue. Let the app authenticate you with Face ID, Touch ID, or passcode to sign in.


TipCapMacSecurity, IOS, OSX