Appendix A: Legacy Apple ID Issues
In this appendix, we address some legacy issues, including Apple IDs that don’t have email addresses and managing two-step verification for an account that hasn’t updated to newer versions of the operating system.
Deal with Accounts Without Email Addresses
Apple once allowed Apple IDs using any unique name—no email address required. While the company no longer lets you register those, it didn’t disable old Apple ID accounts that relied on a name alone.
This arises as a problem when you want to use an old Apple ID with iCloud, which requires an email address. But it’s easily solved. Log in at the Apple ID website using your existing Apple ID, and then change the username to an email address.
Handle Two-Step Verification
Before there was two-factor authentication (see Use Two-Factor Authentication), there was two-step verification. In practice, both these systems for protecting your Apple ID aren’t radically different: each involve an additional component after entering the password to prove you have physical possession of a registered device or phone. But where the original two-step verification was a bit wonky and hacked to work with existing versions of Apple’s OSes and services, two-factor authentication is fully integrated and better designed.
Apple hasn’t eliminated two-step support; it’s just deprecated its use. As a result, it’s possible you may still have it active on an Apple ID. I did for a long while, because one of my Apple IDs was used entirely for purchases. Because I never logged in via iCloud, I was never automatically shifted to two-factor authentication. (I eventually upgraded.)
You likely know if an Apple ID has two-step verification enabled, but if you don’t, it’s easy to find out. Log in at the Apple ID site, and in the Security section it will show a label, “Two-Step Verification,” and have the word “On” beneath it. (Also, when you log in, you will have to use a code from an iOS or iPadOS device or via SMS, which is another hint!)
At this point, you have three paths forward:
Leave it alone, and wait until Apple finally stops supporting it and forces you to change.
Disable it, and rely on your password. I do not recommend this.
Upgrade to two-factor authentication manually or automatically.
I explain each of these in turn.
Stay with Two-Step
You can continue to use two-step verification as long as you want. Apple hasn’t announced any plans to discontinue it, and it won’t automatically upgrade an account to two-factor authentication until it’s connected to an iCloud account in iOS 11 or later or macOS High Sierra or later.
The downside with this is that you could wind up in a bind and lose access to your account if you lose the 14-character recovery key created when you set up two-step verification.
You have to have your recovery key if you can’t remember your password or Apple locks your account for some reason, which can involve hacking attempts against your account. You also need it to log in if you lose access to all your trusted devices and phone numbers.
Apple says it typically can’t help you recover an account in those cases without the recovery key. In some extraordinary cases, I believe it has, but the company openly says it won’t. With two-factor authentication, Apple has no recovery key, but offers a recovery process that’s partly automated and partly involves customer-support humans.
Disable Two-Step
I recommend keeping either two-step verification or two-factor authentication active on your account. But if you want to turn two-step verification off, it’s simple:
Visit the Apple ID site and log in to your account.
In the Security section, click the Edit button.
Click the “Turn off two-step verification” link.
Apple requires that you create security questions that are used at the Apple ID site in the future in lieu of a second factor. You also have to verify your birthdate.
Once complete, Apple sends an email to verify that two-step verification has been disabled.
Shift to Two-Factor Authentication
The easiest way to upgrade to two-factor authentication is to find an iOS device with iOS 11 or later on it, iPadOS 13, or a Mac with High Sierra or later installed. Use that device to log in to iCloud account with your Apple ID. Apple automatically shifts you from two-step verification to two-factor authentication.
If you’re not using hardware you plan to access regularly, think about how you will confirm two-factor authentication access later. When I shifted my purchase-only account, I didn’t want to associate that Apple ID with any device for iCloud. I made sure to set up multiple trusted phone numbers and backup email addresses, so that once I’d used a qualifying device to upgrade to two-factor authentication, I could do all my confirmation without a trusted iOS, iPadOS, or macOS device.
Another easy option? Set up a user account in macOS and use the Apple ID with it in order to upgrade that Apple ID to two-factor authentication without dedicating an iOS or iPadOS device or your main account. Make sure to keep this account active in case you ever need a backup trusted device from which to confirm a login from that account. I explain this in greater depth in Set Up 2FA Without a Device.