Two-factor authentication for Apple Account
Two-factor authentication is designed to make sure you’re the only person who can access your account. Find out how it works and how to turn on two-factor authentication.
What is two-factor authentication?
Two-factor authentication is an extra layer of security for your Apple Account, designed to make sure you’re the only one who can access your account — even if someone else knows your password. When you sign in to your Apple Account for the first time on a new device or on the web, you will need both your password and the six-digit verification code that will be automatically displayed on your trusted devices. Because just knowing your password isn’t enough to access your account, two-factor authentication dramatically improves the security of your Apple Account and the data you store with Apple.
Two-factor authentication is the default security method for most accounts. Certain Apple services and features, such as Apple Pay and Sign in with Apple, require two-factor authentication. We recommend that you use two-factor authentication and protect your device with a passcode (or login password on Mac) and Face ID, Touch ID or Optic ID — if your device supports it.
Learn about trusted devices and trusted phone numbers
Turn on two-factor authentication for your Apple Account
Most accounts already use two-factor authentication. If you’re not using two-factor authentication for your Apple Account, you can turn it on using your device or on the web:
On your iPhone or iPad: go to Settings > [your name] > Sign-In & Security. Tap Turn On Two-Factor Authentication. Then tap Continue and follow the onscreen instructions.
On your Mac: choose Apple menu > System Settings > [your name] > Sign-In & Security. Next to Two-Factor Authentication, click Turn On and follow the onscreen instructions.
On the web: Go to account.apple.com and sign in to your Apple Account. Answer your security questions, then tap Continue. Tap Upgrade Account Security and follow the onscreen instructions.
If your Apple Account was created using two-factor authentication, this extra protection can’t be removed. If you recently enabled two-factor authentication, you have the option to lower your account security within two weeks of enrolment.
Sign in with two-factor authentication
When you sign in to your Apple Account on a new device or the web, you might need to enter a verification code. Your trusted devices will receive a notification that might include a map of the approximate location* of the sign-in attempt. Choose Allow to get a verification code, which you’ll then need to enter. After that, you can complete your sign-in.
If you use end-to-end encrypted content stored in iCloud, you might also be asked to enter the passcode of one of your devices.
After you’ve signed in for the first time, you won’t be asked for a verification code on that device again unless you sign out completely, erase the device or need to change your password for security reasons.
* This location is based on the new device’s IP address and may reflect the network that it’s connected to, rather than the device’s exact physical location. If you know that you’re the person trying to sign in but don't recognise the location, you can still tap Allow and view the verification code.
If you don’t have a trusted device with you
If you’re trying to sign in and don’t have a trusted device with you that can display verification codes, you can tap Didn’t Get a Code on the sign-in screen and choose to send a code to one of your trusted phone numbers.