A little over two months ago, I wrote a Tips article covering Apple’s Two-Step Verification and Trusted Devices. This is a very important weapon in constant battle to protect your accounts from unauthorized access, and I highly recommended that anyone reading this who is not already on iOS 11 should enable it for their devices and keep it up to date.
Moving forward with iOS 11, Apple is changing things up for the better, leaving Two-Step Verification behind in favor of their new and improved Two-Factor Authentication. What does this mean for you? Easier setup and tighter security, which is just making a great feature even better. Read on to find out how.
If you are still on iOS 10 or earlier, or are looking for some of the basic information on how to setup up either Two-Step or Two-Factor, I would recommend taking a look at my previous article first for a little background. If you already have Two-Step set up and have either upgraded to the iOS 11 Public Beta or are considering it, go ahead and read on.
The first indication that things would be changing came early this month, when those of us who had Two-Step Verification turned on for our Apple IDs got an email from Apple informing us that things would be shifting a bit.
As the letter states, as soon as you upgrade to either the iOS 11 Developer or Public Beta, your account automatically shifts over to Two-Factor Authentication and the changes that come with it. It isn’t radically different, but all of the new features make it both easier to use and more secure than its predecessor.
One of the first things you may notice when you upgrade a new device to iOS 11 is that you are automatically prompted to make it a Trusted Device in Settings.
This gets rid of the need for you to remember to go to the Apple ID management page and set up a new device every time that you upgrade. This is something that I recommended that everyone do in my previous article, mostly because I hadn’t remembered to do it myself in the six months since upgrading to my iPhone 7 Plus. Now with Two-Factor, you don’t have to worry about this anymore, which is a great user-friendly addition from Apple.
The first time that you are prompted to use Two-Factor to log into your Apple ID after turning it on, you will notice that a lot about how your Verification Codes and Trusted Devices work has changed. First of all, you no longer have to select which device to be notified on. Now, all of your Trusted Devices are notified simultaneously that a login requiring approval is being attempted.
As you can see above, both my iPad Pro and my iPhone were pinged after my iCloud.com login request on my Pro (you can see the code request in the background behind the notification). My iPhone was locked at the time, so it got the secure version of the notification. As you can see with the iPad Pro screenshot, the best part of this update is that you now get a map view and relative location where the request is coming from. This is a HUGE security upgrade, as you should quickly be able to spot any illegitimate request based on location.
One caveat I will mention is that map tracking is going to be subject to how that location shows up to Apple’s servers. While I was doing some additional testing today from a Starbucks in a suburb just outside of Memphis, TN, my location was shown as Laurel, MS. You can see this in the iPhone notification above, which was taken in a different location than the iPad screenshot just below it. Laurel is 238 miles and over 4 hours away from where I was at the time, so Apple does still have a little work to do. That, or the Starbucks WiFi I was on at the time shows up a little funny, which is entirely possible. However, if that is the case, it is interesting that it would override the GPS and Cell Tower information from my phone. Either way, I would like to see Apple do a little more work to make this feature more “unnecessary freak-out” proof. I had all my devices in front of me at the time, so it wasn’t a big deal. If I didn’t, then I would have quickly gotten concerned about it.
The next thing former Two-Step users will notice is that the codes have grown from four to six digits.
Every number that you add makes the code exponentially more complex and harder to crack, so the more the better. Apple gently suggests making iOS device passcodes six characters now rather the old school four when you set up a new device, so this change isn’t a big surprise.
When I wrote my original article, I based all of the instructions on using Apple’s ID Management site, which is https://appleid.apple.com/#!&page=signin.
However, starting in iOS 10.3, Apple has given users access to both their password, and Two-Step or Two-Factor settings inside of iOS. Go to Settings and then the “Your Name” Banner at the top of the screen. Once there, choose Password and Security.
As you can see above, you cannot turn off Two-Factor from here. However, you are able to enable it if it hasn’t been turned on already. If you want to disable it, you will have to go to the aforementioned Apple ID website to do that. However, having Two-Factor Authentication turned on is all upside in my book, so I would not recommend doing this.
If I had to grade Two-Step Verification back in April when I wrote my original article, it would have gotten a solid B+. The only real issue I had was with the lack of discoverability and the relative difficulty of setting it up. That is exactly why I wrote a Tips article on it in the first place.
With the solid changes Apple has made to its new Two-Factor Authentication, I would bump that up to an A. The ability to turn either Two-Step or Two-Factor on right from an iOS device in iOS 10.3 and later is a huge upgrade.
The new Two-Factor location notifications, longer codes, and easier Verified Device setup and notification process are all really solid steps forward. My only complaint is with how far off one of my location notifications was, but I am not certain yet that it was entirely Apple’s fault. I will keep testing and report back if anything of note on this issue comes to light.
Despite this small potential flaw, Apple has really done a great job of making better account security even more accessible to its users. If you either already have or are thinking about upgrading to the iOS 11 beta, do yourself a favor and turn this feature on as soon as you upgrade. More security is always better, and Two-Factor Authentication delivers just that.