Two-factor authentication in iOS 9 and OS X El Capitan: What you need to know

The idea behind two-factor authentication is exactly what the name implies: Your password alone is no longer enough to access your account, you need something else as well. In the case of iOS 9 and OS X El Capitan, that something else is a 6-digit verification code transmitted directly to a device you trust and have in your physical possession. So what happens if something goes wrong and you get locked out? What happens if someone tries to hack their way in?

What is two-factor authentication and how does it work?

There are several "factors" that can be used for authentication. A password is "something you know". A fingerprint is "something you are". And a verification code is "something you have". When a system requires only one thing, like a password, it's "one factor" (or "single factor"). When a system requires a second thing, like a password and verification code, it's "two factor" (or "multi factor"). The first is more convenient, the second more secure.

Right now, to access your Apple account (iTunes and/or iCloud) from a new device or web browser, or to do certain things like change your password, all you need to enter in your email address and current password. With two factor enabled, you'll need to enter in your email address and current password, and a 6-digit verification code.

The difference between to the 6-digit verification code and something like your iPhone or iPad passcode—which also changes to 6-digits in iOS 9—is that it can't be remembered. A new sequence of numbers has to be generated and sent to you each and every time you need to enter them.

The verification code can be sent to any device that is already logged into your Apple account (and is therefore "trusted"), and also via SMS or automated voice call to the phone number you register when you set it up.

Unlike your password, however, the 6-digit verification code isn't something you can remember. It's something that will be different each and every time you need to use it, and so it's something that needs to be generated and sent to you anew each and every time you need to use it.

What happens if you can't get your verification code?

Most of the time you'll have an iPhone, iPad, Mac, or non-Apple phone you've signed into or registered with your account and you'll be able to get your verification code if and when you need it.

Also, since you only need it to add new devices (you buy a new iPad, for example), you log in from a new web browser (while on vacation and at an internet cafe, for example), if you wipe a device and need to set it back up from scratch, or if you want to change your password, you shouldn't need a verification number very often.

But if you do need it, and for some reason you can't access a trusted device or registered phone, Apple has a recovery procedure you can follow:

If you can't sign in, reset your password, or receive verification codes, you can regain access to your account by requesting account recovery. Simply provide a verified phone number where you can receive a text message or phone call regarding your account. Apple will review your case and send an automated message to the number you provided when your Apple ID is ready for recovery. This message will direct you to to complete the required steps and regain access to your account.

Account recovery will take a few days—or longer—depending on what account information you are able to provide. The process is designed to get you back into your account as quickly as possible while denying access to anyone who might be pretending to be you.

You can check the status of your account recovery request at any time by visiting and entering your Apple ID.

Can someone use the recovery process to socially-engineer their way into my account?

Whenever a account recovery process exists, some people—rightly—worry that it could be abused. For example, that a hacker could call up and con the person in charge of the process into giving them access by rattling off some names or numbers they found using search or social networks.

In this case, Apple specifically points out:

Apple Support can answer questions you may have about the account recovery process but cannot verify your identity or expedite the process in any way.

So, by eliminating humans from the communications chain, it looks like Apple has made it extremely difficult for a typical social engineering attack to work.

Where can I get more information on two-factor?

Apple has put up, and continues to update, a support document with all the basic information you need to know. We'll also be covering it in detail when iOS 9 and OS X El Capitan launch this fall. In the meantime, let me know if you have any questions!

This post may contain affiliate links. See our disclosure policy for more details.

Latest And Best Prime Day Deals

It might be Prime Day, but this Instant Pot deal is available to everyone
Instant Pot 3-Quart Duo Mini Pressure Cooker
$39.95 $65.00 Save $25

This 3-quart multi-cooker is perfect for smaller households or serving sizes, and today's deal beats the others we've seen.

Unlock voice control with Echo device deals and $5 Amazon smart plugs
Amazon Echo devices bundled with $5 smart plugs

Amazon's Smart Plug lets you start voice controlling anything plugged into it by asking an Alexa-compatible device, and today's deal lets you snag one for only $5 with purchase of select Echo devices.

Be more productive with a year of Office 365 Home and a free $50 Amazon gift card
Office 365 Home 12-month subscription and $50 Amazon gift card
$99.99 $150.00 Save $50

The subscription works with up to six people, but that card can be all yours.

Amazon's Fire TV Cube is down to just $70 thanks to this Prime Day deal
Amazon Fire TV Cube
$69.99 $119.99 Save $50

Grab TCL's 32-inch 720p Roku TV for less than $100 in this Prime Day Lightning deal
TCL 32S325 32-inch 720p Roku TV
$99.99 $130.00 Save $30

Act fast while you can. These Lightning deals tend to sell out quick.

The Ring Alarm security system is reaching new low prices for Prime Day
Ring Alarm home security systems

Various configurations of the Ring Alarm are discounted to their best prices yet exclusively for Prime members at Amazon through Tuesday night to help keep your home secure.

The Sonos Beam Prime Day deal includes a $40 discount and 2 $50 Amazon gift cards
The Sonos Beam Prime Day deal includes a $40 discount and $100 in Amazon gift cards
$359.00 $499.00 Save $140

That's just so much savings in one deal. You'll have to wait for the physical gift cards, but that's basically $100 to spend however you want.

Prime Day dropped this PlayStation 4 console bundle to just $250
PlayStation 4 Slim 1TB console with Marvel's Spider-Man and Horizon Zero Dawn
$249.99 $359.98 Save $110

This deal on the PlayStation 4 Slim console saves you $50 off its regular price while also including Marvel's Spider-Man and Horizon Zero Dawn Complete Edition for free. You'll just need an Amazon Prime membership to snag it.

More Prime Day Deals