iOS 11 Tips: Two-Factor Authentication Replaces Two-Step Verification

Share This:


A little over two months ago, I wrote a Tips article covering Apple’s Two-Step Verification and Trusted Devices. This is a very important weapon in constant battle to protect your accounts from unauthorized access, and I highly recommended that anyone reading this who is not already on iOS 11 should enable it for their devices and keep it up to date. 

Moving forward with iOS 11, Apple is changing things up for the better, leaving Two-Step Verification behind in favor of their new and improved Two-Factor Authentication. What does this mean for you? Easier setup and tighter security, which is just making a great feature even better. Read on to find out how.

 

If you are still on iOS 10 or earlier, or are looking for some of the basic information on how to setup up either Two-Step or Two-Factor, I would recommend taking a look at my previous article first for a little background. If you already have Two-Step set up and have either upgraded to the iOS 11 Public Beta or are considering it, go ahead and read on.

The first indication that things would be changing came early this month, when those of us who had Two-Step Verification turned on for our Apple IDs got an email from Apple informing us that things would be shifting a bit.

As the letter states, as soon as you upgrade to either the iOS 11 Developer or Public Beta, your account automatically shifts over to Two-Factor Authentication and the changes that come with it. It isn’t radically different, but all of the new features make it both easier to use and more secure than its predecessor.

One of the first things you may notice when you upgrade a new device to iOS 11 is that you are automatically prompted to make it a Trusted Device in Settings.

This gets rid of the need for you to remember to go to the Apple ID management page and set up a new device every time that you upgrade. This is something that I recommended that everyone do in my previous article, mostly because I hadn’t remembered to do it myself in the six months since upgrading to my iPhone 7 Plus. Now with Two-Factor, you don’t have to worry about this anymore,  which is a great user-friendly addition from Apple.

The first time that you are prompted to use Two-Factor to log into your Apple ID after turning it on, you will notice that a lot about how your Verification Codes and Trusted Devices work has changed. First of all, you no longer have to select which device to be notified on. Now, all of your Trusted Devices are notified simultaneously that a login requiring approval is being attempted.



As you can see above, both my iPad Pro and my iPhone were pinged after my iCloud.com login request on my Pro (you can see the code request in the background behind the notification). My iPhone was locked at the time, so it got the secure version of the notification. As you can see with the iPad Pro screenshot, the best part of this update is that you now get a map view and relative location where the request is coming from. This is a HUGE security upgrade, as you should quickly be able to spot any illegitimate request based on location.

One caveat I will mention is that map tracking is going to be subject to how that location shows up to Apple’s servers. While I was doing some additional testing today from a Starbucks in a suburb just outside of Memphis, TN, my location was shown as Laurel, MS. You can see this in the iPhone notification above, which was taken in a different location than the iPad screenshot just below it. Laurel is 238 miles and over 4 hours away from where I was at the time, so Apple does still have a little work to do. That, or the Starbucks WiFi I was on at the time shows up a little funny, which is entirely possible. However, if that is the case, it is interesting that it would override the GPS and Cell Tower information from my phone. Either way, I would like to see Apple do a little more work to make this feature more “unnecessary freak-out” proof. I had all my devices in front of me at the time, so it wasn’t a big deal. If I didn’t, then I would have quickly gotten concerned about it.

The next thing former Two-Step users will notice is that the codes have grown from four to six digits.

Every number that you add makes the code exponentially more complex and harder to crack, so the more the better. Apple gently suggests making iOS device passcodes six characters now rather the old school four when you set up a new device, so this change isn’t a big surprise.

When I wrote my original article, I based all of the instructions on using Apple’s ID Management site, which is https://appleid.apple.com/#!&page=signin.

However, starting in iOS 10.3, Apple has given users access to both their password, and Two-Step or Two-Factor settings inside of iOS. Go to Settings and then the “Your Name” Banner at the top of the screen. Once there, choose Password and Security.

As you can see above, you cannot turn off Two-Factor from here. However, you are able to enable it if it hasn’t been turned on already. If you want to disable it, you will have to go to the aforementioned Apple ID website to do that. However, having Two-Factor Authentication turned on is all upside in my book, so I would not recommend doing this.

If I had to grade Two-Step Verification back in April when I wrote my original article, it would have gotten a solid B+. The only real issue I had was with the lack of discoverability and the relative difficulty of setting it up. That is exactly why I wrote a Tips article on it in the first place.

With the solid changes Apple has made to its new Two-Factor Authentication, I would bump that up to an A. The ability to turn either Two-Step or Two-Factor on right from an iOS device in iOS 10.3 and later is a huge upgrade.

The new Two-Factor location notifications, longer codes, and easier Verified Device setup and notification process are all really solid steps forward. My only complaint is with how far off one of my location notifications was, but I am not certain yet that it was entirely Apple’s fault. I will keep testing and report back if anything of note on this issue comes to light.

Despite this small potential flaw, Apple has really done a great job of making better account security even more accessible to its users. If you either already have or are thinking about upgrading to the iOS 11 beta, do yourself a favor and turn this feature on as soon as you upgrade. More security is always better, and Two-Factor Authentication delivers just that.

Do you have Two-Factor Authentication turned on? If so, what are your thoughts? You can let me know in the Comments section below, on Flipboard, on our Facebook page, or on Twitter @iPadInsightBlog.


Share This:

6 thoughts on “iOS 11 Tips: Two-Factor Authentication Replaces Two-Step Verification”

  1. I hate two step authentication. The only reason I have it on is HomeKit requires it. Other than that it gets in my way constantly. It’s a nuisance not a help.

    I don’t want this feature but I’m forced into it. Stupid.

  2. While two-factor authentication may be more secure, it’s really awfully intrusive – why can I no longer choose the device to send the code to? This was a useful feature, not something to be abandoned! Ever since I upgraded my iPhone to iOS 11 beta, my wife and daughter have to see those stupid 6-digit tokens every time I log into iCloud on my work’s Windows PC. They’re annoyed as heck.

    Perhaps you don’t see this as a problem, but anyone whose family is using the same single Apple ID is going to see this as a down side. With 3 iPhones, 2 laptops, 2 iPads, and a couple Apple TVs all under the same Apple ID, I absolutely despise the lack of control over that token display.

    And, to boot, it doesn’t seem to be working properly. Today I logged into iCloud via work computer again. My wife and daughter both saw that token popup on their lock screens (disturbing whatever they were doing). Meanwhile, I see the popup with the map on my iPhone – but it disappeared before I had a chance to even pick “Allow”!?!

    1. I see your point, but I also am using this system within a family of five. What I like is that Apple has reduced friction in both setup and use. Now, I wouldn’t mind being able to turn off notifications to some of our devices (and there is probably a way to do that), but I actually like that it works this way. Anytime this came up for my wife or one of my kids before using Two-Step, I got a text or call asking for help.

      As for why the prompt disappeared, that is because someone chose to allow or disallow the request before you hit the button on your phone. I found that to be the case when I was testing between three devices before I wrote the article.

    2. In doing a little checking, it seems that Apple is using the mass notification as a “last line of defense” of your account and devices. If someone had both your account detail and your device under the previous system, they would be able to send themselves the code and gain access to your iCloud undetected. When the map notification goes out to everyone, it serves as an alert that someone you may not have authorized is accessing your data.

      Can this be annoying? Certainly. However, security and convenience are always a balancing act. I would rather be on the more secure end, myself.

      If you ever run into the issue of missing the code prompt, you can manually generate another one from your device under Settings-Your Name Banner-Password and Security. There is a manual trigger to get s new code there.

      1. There already is another ‘last line of defense’ – it’s the email that also gets sent to the account holder!

        I think in families where everyone stays within the confines of iOS/macOS, this is probably not much of an annoyance – as all/most devices are trusted. But in my case, I need to occasionally get into iCloud or the Apple Support web site from my company’s Windows PC using the browser. I cannot trust my work computer for obvious reasons. I don’t think it’s user friendly for my wife and daughter to be getting disturbed every time I do so.

        And since that last line of defense – the email – does exist, the explanation for this code ‘blast’ because of someone having access to both your account and to a trusted device getting in unbeknownst to you is, isn’t a good one, imho.

  3. Hey Jhrogersii, very nice explanation. 2FA certainly adds an extra layer of protection to your personal use of devices. I recommend everyone to enable it.

Comments are closed.