Two Factor Authentication

[Barrygou]

I have 4 devices - iPhone, MacBook, 2 desktop Macs. If I set up 2FA on all four, will I have to enter a numerical code, sent to one of the devices, every time I turn on one of these devices? What if you are out in your car and log in to your iPhone? Do you have to run home and retrieve a code from one of your Macs?

 

[Raz0rEdge]

2FA is on your Apple ID (not your device) and the 2FA code goes to whatever device is close enough.

 

[IWT]

Hi Barrygou

No. That's the short answer. Once you have established 2FA on each device, that's it. There is also the question of Trusted Devices and to save lines of text fro me, here is Apple's Knowledge Base Article on how to set up 2FA, Trusted Devices etc.

It gives you everything you need to know - hopefully. https://support.apple.com/en-gb/HT204915

Ian

 

[Barrygou]

2FA is on your Apple ID (not your device) and the 2FA code goes to whatever device is close enough.

Not sure if I understand how 2FA knows which device I’m sitting beside

Noy

 

[ferrarr]

The code gets sent to all trusted devices at the same time. So, if you receive the code, and you did not activate 2FA, someone is trying to access your iCloud account information. This is why passcodes, or passwords to login to each device are also extremely important.

 

[MacInWin]

Yep, and as Bob says, it goes to all trusted devices simultaneously (or nearly). It's really funny when I am sitting at my desk, iPhone and iPad nearby and log into my AppleID for something. All three light off with the notice that I have received a text with the code to enter.

 

[lclev]

Yep - you get notified on the device you are using - if it is a trusted device. So the number you need appears on the device you are using! Doesn't make much sense to me but it works.

Lisa

 

[chscag]

I'm going to continue using my 3 questions as long as possible instead of 2FA, however, I definitely foresee Apple forcing everyone to use some form of 2FA in the future. Many folks on various forums have complained about 2FA and dislike using it. I realize Apple is kind of caught in the middle on this; they can't be perceived as providing poor security. But, in my opinion, they could do more to make 2FA easier to understand and use.

 

[Sawday]

2FA is on your Apple ID (not your device) and the 2FA code goes to whatever device is close enough.

In my experience it goes to ALL your devices, so if someone stole my iMac for example and tries to access, the 2FA code is not only sent to my phone but also to the iMac thus defeating the purpose. Surely it should be sent to devices OTHER than the one you are using to access but Apple in their wisdom does not agree.

 

[ferrarr]

In my experience it goes to ALL your devices, so if someone stole my iMac for example and tries to access, the 2FA code is not only sent to my phone but also to the iMac thus defeating the purpose. Surely it should be sent to devices OTHER than the one you are using to access but Apple in their wisdom does not agree.

Try to get access to your device, without putting in your password, or passcode? If your iMac does not have a password, then that is your responsibility. If there is a password, and they know it, then your Apple ID/iCloud information is theirs for the taking, and they will get the code sent to the device.

But, if the code was only sent to a different device, then when you were out (iPhone), you would have to go home to get the code.

 

[Rod]

I guess i have alwsys assumed that there would be situstions where logging into my account may be necessary from a device other than a trusted device. Say I wanted to check my MBP location using Find My Laptop on a friend's laptop. In that case I would need the 2FA code from my iPhone. In the mean time my laptop would have a notification saying someone was logging into my account from a new device and its location. Dependant on the OS version you may also be offered the option to trust that device or not. If I was at my MBP I would probably say no thus preventing the login. So when you are verifying yourself it may seem a bit pointless but introduce a different, stolen or lost device and you begin to see the value of 2FA.


Sent from my iPhone

 

[MacInWin]

In my experience it goes to ALL your devices, so if someone stole my iMac for example and tries to access, the 2FA code is not only sent to my phone but also to the iMac thus defeating the purpose. Surely it should be sent to devices OTHER than the one you are using to access but Apple in their wisdom does not agree.

Yes, but in addition to the thief getting the code (assuming they can log into your iMac--you DO use a strong password, right?) you get it, too, and have an opportunity to block that access. But, getting back to the thief, to do that, they also have to have your AppleID and password to even trigger 2FA. That's a lot of information about you they need. Plus, as soon as you know the iMac is missing, you can take it off the trusted device list from another trusted device and it will NOT get the 2FA data. Apple needs to send it to the device you are using for folks with only one device, otherwise they have no access to 2FA and are left more vulnerable, putting Apple in an uncomfortable place of offering one level of security to people who have multiple Apple devices and a lower level to those with only one. How would *that* lawsuit sound?

 

[Rod]

It's true, the whole concept revolves around confirmation on either a different device or app. But even if you only have one device it's easier than answering your security questions. Plus as you say a thief would still need to login to the device (yes I have a strong password) and know my Apple ID.


Sent from my iPhone