Two Factor Authentication: Rita’s iDevice Advice for January 13, 2020
This article comes from MacWorld
Set up a password manager and two-factor authentication:
The most common password in 2019 was 123456. The second most popular was 123456789 followed by qwerty and password. And people wonder why their Ring security cameras were broken into (they weren’t hacked, customers just used bad passwords or reused passwords from other accounts). By now you’ve heard it a hundred times: It’s extremely important to use different password for every site and service, and for those passwords to be complex and hard to guess. The best way to make that happen is to use a good password manager. For your most important sites and services, you should also use two-factor authentication (2FA). That means popular social media accounts, banks, email, and large ecosystem accounts like your Microsoft, Amazon, or Google accounts. Apple You should definitely have 2FA enabled on your Apple ID, and other important accounts, too. Fortunately, iOS has a fairly good built-in password manager that even warns you about re-using passwords. If you want to use a third-party password manager (a great idea if you use non-Mac computers, browsers other than Safari, or share passwords with family members for things like your Netflix account), iOS will offer up login info from them for sites and apps. The best password managers even let you fill in your login and password with Touch ID or Face ID, so it’s both secure and easy. Don’t know where to start? We suggest either 1Password or LastPass for password managers, and Authy is a great app for generating codes for two-factor authentication. Using an authentication app like Authy is more secure than relying on SMS messages for 2FA. At the very least, you should set up 2Factor Authentication for your Apple ID ! Oh, and make sure your six-digit numeric passcode to unlock your iPhone is different from the PIN you use anywhere else.
Here is an explanation on Two Factor Authentication from Matt Vollbrecht
First, Two-Step Verification versus Two-Factor Authentication:
Both Two Step Verification and Two-Factor Authentication are enhanced security measures to protect your Apple ID, but Two Step Verification is the older method. Two-Factor Authentication is Apple’s latest and most secure system, and it is the recommended system going forward. Therefore, the remainder of this post will discuss Two-Factor, not Two-Step. If you are currently still using Two-Step Verification, or if you suspect that you might be using it, log into your Apple ID Account Management Page at http://appleid.apple.com<http://appleid.apple.com/> , go to Security, click Edit, and turn off Two-Step Verification, then create new security questions and verify your date of birth. Now, check to make sure that you are still signed into iCloud on all your iOS and Mac devices. Once you have done this, you can proceed to enable Two-Factor Authentication
So what is Two-Factor Authentication anyway?
Two-Factor Authentication is an extra layer of security for your Apple ID. It ensures that you are the only person who can access your account, even if someone else has your password. Two-Factor Authentication significantly enhances the security of your Apple ID and all of the important data, such as photos, Messages, documents, purchases, and more, that are associated with it.
How It Works:
When you enable TFA, two pieces of information are required to sign into your Apple account from new devices and browsers – your Apple ID password and a six-digit verification code. This verification code is a one-time use code that is sent to trusted devices, but more on that later.
Should I Use Two-Factor Authentication?
In a word, absolutely! While of course these things are personal preference, TFA drastically improves the security of your account, providing protection and privacy for all your data. As previously stated, even if another person has your password, you have to approve their access to your account and provide them with an authentication code in order for them to actually have access.
In addition to the extra security provided, TFA also prevents you from ever needing security questions again. Finally, several new features, such as Messages in iCloud, Apple Watch Unlock with Mac, and even HomePod setup now require or recommend TFA.
How will using Two-Factor Authentication affect me on a day-to-day basis?
It won’t. Once you initially sign into your account from a particular iOS or Mac device, that device becomes a Trusted Device. You don’t need to do anything extra at all. Nothing will change about the way you access, unlock, or use your devices. Even if for some reason you sign out and back in, it doesn’t matter. Once again, nothing will change, except the peace of mind you’ll have from the extra security for your account.
If you purchase a new Apple device, or if you sign in on a new device or web browser, you will have to go through a one-time authentication process. This can also happen if you restore a device to factory settings and then sign in, although if you use a near by device to set up the new or restored device, the process is avoided.
The process of authenticating is extremely easy. When you attempt to sign in from a new device or browser for the first time, all of your trusted devices get an immediate notification. Remember, trusted devices are any iOS and Mac OS devices that you have already signed in and approved. Trusted devices can also generate a verification code upon request from Settings.
As stated, all your trusted devices will receive the sign in notification. The notification shows the approximate location of the device that is attempting to access your Apple ID. You may use any trusted device you wish. Simply choose to allow the new device to sign in, or choose don’t allow if you don’t recognize the device etc. when you choose allow, you will be presented with the six digit code which you must enter on the new device. That’s it. You’re in, simple as that.
If for some reason you do not have access to any trusted devices at a particular time, you may then choose to instead have the verification code sent as a text message or as an automated phone call to one of your trusted phone numbers When you set up Two-Factor Authentication, you will be asked to provide at least one trusted phone number. It is strongly recommended that you add additional trusted phone numbers (I think you can have up to five if I remember correctly), and that you always keep your trusted phone numbers up-to-date. You can use numbers of family members or close friends whom you trust, and you can even use home phone numbers.
Things to Keep in Mind:
When you turn on Two Factor Authentication, certain third-party apps cannot directly handle that interface. These include third-party email clients and other apps not provided by Apple. For these situations, you can generate an app-specific password to allow those apps to access your account. generate the app-specific password.
Do not forget your Apple ID password. You will always need this. Also, be sure to always keep your trusted phone numbers up-to-date.
Make sure you physically keep your trusted devices secure, and be sure to use unlock authentication, such as a passcode and either Touch ID or Face ID