A client of mine recently installed an update on her Apple device. She was greeted with a strange message saying something about Two Factor Authentication. I got an email soon after asking “Do I want it?” “Do I need it?” “What is it?”
Welcome to iOS 10.3.1 or macOS Sierra 10.12.4. These two recent software updates (as of April 2017) for Apple devices are triggering requests to set up two factor authentication (2FA).
2FA is something that you’ve already been using for a long time. When you go to the bank and you want to cash a check, you often need both your bank card and an ID. When you go through security at the airport, you have to show them your boarding pass and your ID. These higher risk activities require two ways of establishing who you are. Someone pretending to be you could easily get their hands on one form of your ID without too much trouble. Getting their hands on a second form of ID is not impossible, but it is harder.
Apple would like you to consider protecting your Apple account and devices in similar fashion. The password that accompanies your Apple ID is only one form of authentication. Passwords can sometimes be guessed, phished, or otherwise bypassed. Even complex passwords can only do so much to protect your account.
2FA adds a second layer of protection to your account. Here’s when and how it works. 2FA appears either when you (or someone else) attempts to sign in to your Apple account on the web, or when you (or someone else) attempts to sign in to your Apple account when setting up a new device (Mac, iPhone, iPad, etc.). In these situations, you will receive a single-use code on one of your other devices. This six digit code must be entered in addition to the password in order to access the account.
The theory is that while cyber-criminals may acquire your password, they probably don’t also have possession of your other devices. The required code (sent to another device) can therefore prevent a hack.
While 2FA makes it harder for hackers to access your account and devices, it also makes it harder for you. The bad news is that even 2FA is not impossible to get around, so it may only thwart the lightweight hackers. The good news is that the heavyweight hackers are not typically interested in you. Hackers are usually more interested in large companies. There they can gain access to larger quantities of user data stored on company servers.
So what is at stake? Well, if a hacker does gain access to your Apple account, they could at a minimum see the data that you have stored in iCloud. This could include photos, contacts, calendars, reminders, notes, and possibly email. This is only true of email if you are using an Apple domain email address (mac.com, me.com, or icloud.com). Documents stored in iCloud Drive would also be accessible. A hacker may be able to delete this data, or possibly even hold your data ransom and demand payment to restore it.
So should I use 2FA? It is up to you if you want to use 2FA, and following are a couple scenarios and questions to help you decide. Are you somewhat tech savvy? Do you store documents in iCloud Drive? Do your notes, photos, or email contain sensitive or important data? If you answered ‘No’ to all questions, then 2FA may not be something with which you need to complicate your digital life. If you answered ‘Yes’ to any one question, then using 2FA is a good idea.
While 2FA is not new, Apple’s push for users to set it up is new. If you set it up and then decide it’s a pain, you can always turn it off. Setting up 2FA is your choice, Apple is not forcing anyone to use it. Follow the prompts on your devices to set up 2FA after you install Apple’s recent updates (as of April 2017).
You can also manage 2FA settings in your Apple account, which is accessible on the web at appleid.apple.com. Once you’ve signed in to your profile page, you can turn Off 2FA if you like. You can also change 2FA settings directly on your iPhone or iPad, but only if your software is up to date (as of April 2017). On your iOS device, tap Settings, then tap your name at the top, and then tap Password & Security. Sign in with your Apple ID password and you’ll have the options there to turn On or Off 2FA.