Two-factor authentication (2FA) is a method of protecting an
online account. The two factors — things that identify you — in
2FA: Something you yourself know, like a password; and something
you have that can receive a token to confirm who you are, such as
Apple’s original two-step system relied on its Apple ID site for
set up and management, and could only send codes to iOS devices
and via SMS. Its update in September 2015 left two-step in place
for those who continued to want to use it, but the 2FA revision
was far better. Enrollment happens via iOS and macOS. Apple’s
system isn’t as robust as some security experts would like, but
it’s definitely better than a password-only option.
The differences between the old two-step and newer two-factor systems can be confusing. But the new system is definitely better. I go through this more than most people, because I own a bunch of Apple devices and review a bunch of them regularly. I’ve got three iPhones in use right now. Switching my Apple ID to two-factor a year or so ago made this so much easier.