Two-factor authentication for Apple ID
When you sign in with your Apple ID user name and password for the first time on a new device or the web, you’ll receive a notification on your trusted devices that someone is trying to sign in with your Apple ID. The notification might include a map of the approximate location of the sign-in attempt. This location is based on the new device’s IP address and might reflect the network that it’s connected to, rather than the exact physical location. If you know that you’re the person trying to sign in but don’t recognize the location, you can still tap Allow and view the verification code. If you’re not the one trying to sign in, tap Don’t Allow to block the sign-in attempt.
When you enter the verification code on your new device or the web, you verify that you trust the device on which you’re signing in. You might also be asked to enter the passcode of one of your devices to access any end-to-end encrypted content stored in iCloud.
After you sign in, you won’t be asked for a verification code on that device again unless you sign out completely, erase the device, or need to change your password for security reasons. When you sign in on the web, you can choose to trust your browser, so you won’t be asked for a verification code again on that computer for 30 days.