Changes to two-factor verification for Apple ID
When it announced its plans for El Capitan at WWDC in June, Apple also revealed that the way it carries out two-factor authentication would be changing in OS X 10.11 El Capitan and iOS 9.
Two-factor authentication is an optional additional layer of security for your Apple ID that is designed to prevent unauthorized access to your account. It makes it harder to hack into your account because the attacker needs not only your password, but also access to a device or phone number that belonging to you.
Apple's current "two-step" system requires users to specify a trusted device or trusted phone number to which a four-digit code can be sent which you can use to confirm your identity. Without both the password and verification code you won't be able to access your account.
Apple has now posted an explanation of its plans for two-factor authentication in El Capitan and iOS 9, here. Similar to the existing system, users will set up at least one iOS and OS X device as "trusted devices." These devices appear in a list in your Apple ID account and can be removed from there. They can be found in OS X in iCloud system preferences, by clicking Account Details, and in iOS 9 in Settings > iCloud > Account. You also have to verify at least one phone number.
Following set up, whenever you sign in with your Apple ID on a new device or browser, you will need to also verify your identity by entering your password plus a six-digit verification code that will be displayed automatically on any Apple devices you are already signed in to that are running iOS 9 or OS X El Capitan. If you don't have one of your trusted Apple devices handy, you can receive the code on your phone via a text message or via phone call instead.
The current system will continue to work, so you needn't worry that it will break your current set up.
No need for the Recovery Key in iOS 9 and El Capitan
The current authentication process also involves a Recovery Key, which you need if you lose access to your Apple ID account.
Since users get this 14-character key when they set up the two-factor authentication, many have forgotten what they did with it when they actually require it and end up locked out of their Apple ID (and that means all the purchases you made with it are lost).
Should your account be attacked Apple might reset your password and leave you locked out of the account if you had lost this Recovery Key.
Sign up for CIO Asia eNewsletters.