Apple has published a new support document detailing its plans to revamp the existing two-factor authentication system that it first launched last year. The document is careful to differentiate the two systems, referring to the existing one as “two-step verification” and the newer one as “two-factor authentication.”
The latest update to the iOS 9 beta has introduced initial support for the new system, but most users, including those running the beta, will need to wait until later this year to gain access to it.
Apple’s current “two-step verification” system uses a four-digit code that appears on users’ mobile devices to verify their identity when they log into an Apple service, app, or website. The new system will replace these four-digit codes with six-digit versions (similar to how 4-digit lock codes on iOS have been replaced by 6-digit codes in iOS 9).
Currently two-step verification is run through the Find My iPhone application for iOS, but starting with iOS 9 and OS X El Capitan, the new system will be built directly into the operating systems. The entire process for adding “trusted” devices to your account has been changed, according to Apple.
Interestingly, the new two-factor system will not only show login codes on iOS devices, but also on Macs running OS X 10.11. This will be especially useful for situations where a user doesn’t have their phone with them, or the phone is dead. You can also receive the login code via SMS or a phone call.
Users on the current system will be able to keep using it separately if they wish.
Along with this new login system comes a new way to manage your trusted devices. Any Mac, iPhone, iPad, or iPod touch that has been logged into your iCloud account can be found in a list in your iCloud settings panel. On iOS, this is accessible by tapping your name at the top of the iCloud page of the Settings app, while Mac users will find it by clicking “Account Details” on the iCloud System Preferences pane.
From here you can remove any device from your iCloud account, which will prevent them from receiving any more login verification codes. The iOS version of this screen also allows you to open the device’s location in the Find My iPhone app, which is now built into the OS. Also included in the iOS iCloud settings is a button to view a verification code on-demand. Typically these codes will be displayed automatically, but if you’ve dismissed your code and need to view it again, you can do so here.
The new two-factor authentication system will be available to all users in the fall when iOS 9 and El Capitan launch. Until then, select users running the developer preview or public beta will be able to test the feature. Apple will invite users who have installed the new software to participate in this program gradually during this stage. Apple has also recommended that users currently enrolled in the existing two-step verification system not make the switch until the newer system is rolled out later this year.
Users who have been selected to partcipate will see the option to set up two-factor authentication during the first-boot setup on a new Mac or iOS device running iOS 9. Those who have already run the Setup Assistant before being invited will be able to activate the new system through the account page of the iCloud settings panel.
For users with devices running older versions of iOS and OS X, there may not be a popup to enter verification codes when logging into a new app or service. Apple says those users may be prompted to include the 6-digit code at the end of their password. Devices on older software versions will not be able to receive the codes necessary to verify other devices.
Finally, Apple says a two-week opt-out period will be offerred to all users who are invited to the program. Opting out will reset their Apple ID credentials to the state they were in prior to joining the beta, including a full rollback of any security questions that have changed in that time.