In iOS 9, Apple introduced new two-factor authentication system, according to the release notes of iOS 9 beta 3. The new two-factor authentication system is different from Apple’s existing two-step verification system, using “different methods” to trust devices and deliver verification codes. Apple also says it includes a “more streamlined user experience.”, according to MacRumors.
The idea behind two-factor systems is to prevent a hacker from accessing another person’s account if they’ve managed to get hold of their username and password details.
With two-factor, as well as account credentials, an attacker needs to input a separate verification code sent only to the user’s device – which in the former Apple system was four digits long and in the new system is six digits – in order to access that person’s account. As that means the attacker would have to physically have the device in their possession, it cuts down the risk of account hijacking.
If you enable two-factor authentication, iTunes purchases on Mac and Windows will require you to append a 6-digit code to the end of your password on every purchase. The 6-digit code will automatically be sent to your iOS 9 or OS X El Capitan devices.
Older devices are also not able to receive two-factor authentication codes when used with devices running iOS 9, but customers who stick with the older two-step verification system should not run into any issues as Apple tests the newer two-factor authentication system. Apple does not recommend that customers using two-step verification swap over to two-factor authentication until the feature is available to all.
It is not entirely clear what other changes the new two-factor authentication system brings to iOS and Mac devices, but the switch to a new system may allow Apple to further extend the functionality of two-factor authentication in the future.