How to implement Apple's two-factor authentication for security on Mac, iPhone, or iPad
Given the news about the cost of a pilfered iCloud account, it seems only prudent for users to take precautions. A good safety measure is two-factor authentication -- AppleInsider shows you how to turn it on from your Mac or your iPhone.

Two-factor authentication does not replace your iCloud password in any way. Rather, it provides a second layer of confirmation that you are who you are, and that an attempt made to log in to your account is spotted by you prior to allowing access.
When a new device attempts to log into an iCloud account, a six-digit verification code is sent to authorized devices. Plus, the general location of the device is shown on a map -- so if you're in Boston, Mass., and a login attempt comes from Australia, you know there's a problem.
Two-factor authentication requires devices on iOS 9 or newer, and macOS El Capitan 10.11 or Sierra 10.12.
To add a device, hit Allow. The device that you've accepted the login request from will then dole out a six-digit code -- enter that in the dialog box on the device you're trying to log in from, and click Done.
The device will continue to be trusted until you erase the SSD on the Mac, or format the iPhone or iPad factory-fresh.

Two-factor authentication does not replace your iCloud password in any way. Rather, it provides a second layer of confirmation that you are who you are, and that an attempt made to log in to your account is spotted by you prior to allowing access.
When a new device attempts to log into an iCloud account, a six-digit verification code is sent to authorized devices. Plus, the general location of the device is shown on a map -- so if you're in Boston, Mass., and a login attempt comes from Australia, you know there's a problem.
Two-factor authentication requires devices on iOS 9 or newer, and macOS El Capitan 10.11 or Sierra 10.12.
On your Mac:
- In System Preferences, open up iCloud
- Select Account Details
- Click Security
- Click Turn on Two-Factor Authentication
Or on an iOS device:
- Open Settings
- Tap on your iCloud account
- Tap on Password and Security
- Tap Turn on Two-Factor Authentication
What next?
In either case, you can add trusted devices by signing into iCloud from the device or browser. It will then pop up the dialog box we mentioned in the beginning of the procedure.To add a device, hit Allow. The device that you've accepted the login request from will then dole out a six-digit code -- enter that in the dialog box on the device you're trying to log in from, and click Done.
The device will continue to be trusted until you erase the SSD on the Mac, or format the iPhone or iPad factory-fresh.
Comments
It looked pretty close to what you get from Apple when you add a device to iCloud.
I think I'll be staying away from 2FA for a while... it still seems half baked.
This eliminates the possibility of people reusing passwords or having common password schemes across different services. It is already compatible with online login systems. It eliminates the possibility of anyone stealing passwords through a security breach because there would only be public keys on the server, which can't be used to compromise anything on their own.
In the event that someone needs to access a service where they don't have the keys on the system like at work when logging into Facebook but don't want the keys stored there, a smartphone can authenticate the login and generate a time-limited code. This can be a 4 character code because when it's tied to the account id and the time limit, it's not going to be compromised. On Macs, they can can even do handoff-style logins so you don't have to type anything but this particular system can work cross-platform too.
Microsoft uses it for Azure but they can use it for everything like email, Skype etc. The big tech companies use this themselves to securely login to things I don't know why they don't at least experiment with it for everyday logins.
That'll be fun.
Ha, yes, because sometimes the answer is iCouldn't...