Apple will require users to switch to 2FA in iOS 11 and macOS High Sierra

Apple will soon be requiring everyone with two-step verification (2SV) to jump on the two-factor authentication (2FA) bandwagon. According to MacRumors, Apple ID users with two-step verification enabled have started getting emails that, when they install iOS 11 or macOS High Sierra, they will be automatically updated to two-factor authentication.

The email reads:

If you install the iOS 11 or macOS High Sierra public betas this summer and meet the basic requirements, your Apple ID will be automatically updated to use two-factor authentication. This is our most advanced, easy-to-use account security, and it's required to use some of the latest features of iOS, macOS, and iCloud.Once updated, you'll get the same extra layer of security you enjoy with two-step verification today, but with an even better user experience. Verification codes will be displayed on your trusted devices automatically whenever you sign in, and you will no longer need to keep a printed recovery key to make sure you can reset a forgotten password.

Apple recently announced that it now requires all third-party apps that use iCloud to use app-specific passwords, which in turn requires two-factor authentication.

The main difference between the two methods of additional log in security is that 2FA sends a verification code to all registered trusted devices automatically, while 2SV manually asks you to send a code to a trusted device. 2FA also shows you approximately where the requested sign-in is taking place (though location is not always very accurate. I get a location notification that is 88 miles from my house).

For more information about 2SV and 2FA, check out our guide.

Two-Factor Authentication: Everything you need to know!

Lory Gil

Lory is a renaissance woman, writing news, reviews, and how-to guides for iMore. She also fancies herself a bit of a rock star in her town and spends too much time reading comic books.  If she's not typing away at her keyboard, you can probably find her at Disneyland or watching Star Wars (or both).

  • My location is near London, UK, I live near Liverpool almost 200 miles away.
  • That usually means that your only known location is the country you're in (UK), and by default it selects the capital city which is London. I'm ok with this change so long as Apple makes it easy-to-use. This is a _very_ important and great change:
    "you will no longer need to keep a printed recovery key to make sure you can reset a forgotten password."
  • Honestly, I think forcing 2FA over 2SV is stupid. I have 2SV because I rarely use the Mac they have me registered under. I would have no way to use the second factor they like since it's a Mac. This just pushes lock-in with Apple IMHO. I don't want to be forced to use their 2FA if it still only pops-up on an Apple device, and not anything else. Just yesterday actually, Apple told me that I had to verify for some reason. Had I had Apple's 2FA I'd be locked out of my phone for "security". Would be 1000x better for me if they gave me a QR to scan and stopped treating me like an incompetent person who can't recall my printed out code. (Can I really not say id10t? You really censor that, *outside* a reply to another user? Smh)
  • Looks like they fixed the 2FA Apple device requirement, so my point may be invalid. It did require that when they first did 2FA vs 2SV, as I remember it from the internal trainings I took as AppleCare. This looks more like they're basically merging 2SV and 2FA.
    "A verification code is a temporary code sent to your trusted device or phone number when you sign in to a new device or browser with your Apple ID. You can also get a verification code from Settings on your trusted device."
  • I'm currently on 2SV and have received the email from Apple. Lory, I'm wondering if I should proactively switch now to 2FA or wait for the auto-conversion to take place. Thoughts?
  • I personally would wait. It's unlikely you're going to get hacked unless you're a celebrity, and waiting means that Apple can further work on 2FA before releasing it to everyone