Two-factor authentication is an extra layer of security for your Apple ID designed to ensure that you’re the only person who can access your account, even if someone knows your password.
Here are the steps to enable two-factor authentication on a Mac:
- Go to “Apple () menu > System Preferences > Apple ID > Password & Security.”
- Click “Turn on Two-Factor Authentication.”
Some Apple IDs created in iOS 10.3 or macOS 10.12.4 and later are protected with two-factor authentication by default. In this case, you see that two-factor authentication is already turned on.
Once two-factor authentication is enabled, your Apple devices and the phone numbers you’ve designed as trusted are used to verify your identity when signing in.
A trusted device is a device you use frequently, such as your iPhone, iPad, or Mac. You can choose to designate a device as trusted by clicking a checkbox next to “Don’t ask again on this computer” when/if it pops up.
Why use two-factor authentication?
With two-factor authentication, only you and you alone can access your account on a trusted device or the web. When you want to sign in to a new device for the first time, you’ll need to provide two pieces of information—your password and the six-digit verification code that’s automatically displayed on your trusted devices or sent to your phone number.
By entering the code, you’re verifying that you trust the new device. For example, if you have an iPhone and are signing into your account for the first time on a newly purchased Mac, you’ll be prompted to enter your password and the verification code that’s automatically displayed on your iPhone.
Here’s Apple’s explanation of why you should use two-factor authentication (this is from the tech giant’s support page at https://support.apple.com/en-us/HT204915):
Because your password alone is no longer enough to access your account, two-factor authentication dramatically improves the security of your Apple ID and all the personal information you store with Apple.
Once signed in, you won’t be asked for a verification code on that device again unless you sign out completely, erase the device, or need to change your password for security reasons. When you sign in on the web, you can choose to trust your browser, so you won’t be asked for a verification code the next time you sign in from that computer.