Two-Factor Authentication on Apple Devices - constant pressure to comply

IWT


Joined
Jan 23, 2009
Messages
10,210
Reaction score
2,168
Points
113
Location
Born Scotland. Worked all over UK. Live in Wales
Your Mac's Specs
M2 Max Studio Extra, 32GB memory, 4TB, Sonoma 14.4 Apple 5K Retina Studio Monitor
Q. Are any of the rest of you having constant reminders/pressures to use 2FA on your Macs and iDevices?

(I found that it was the default option when I upgraded to macOS High Sierra - just caught that in time.)

On my iMac, I get a Notification every morning, which I dismiss; and now in System Preferences app which I keep in the Dock, there is a number 1 shown constantly.

Opening System Preferences for any purpose defaults to the iCloud setting, where there is the recommendation to "Continue".

At least on my iDevices, where I received the same pressures, I had the option to ignore or or say "not now" - at any rate to stop it constantly reminding me about 2FA.

I respect 2FA and I use it quite extensively for many other apps and web sites, like Amazon, Facebook and so forth. Nothing at all against the principle.

I just don't like the way Apple handles 2FA for its devices. For example, it is quite possible to get the 2FA code sent to the very device you are using.

Q. Is there as safe way to stop the reminders via System Preferences? For example, dare I click on "Continue" and be given the option to reject the offer?

Ian
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Ian:

Q. Is there as safe way to stop the reminders via System Preferences? For example, dare I click on "Continue" and be given the option to reject the offer?

Yes there is. I went through the same thing. When System Preferences opens to iCloud, just press the "continue" button. You will be then asked if you would like to implement 2FA. Just click on the "Not Now" button and the warning will go away along with the annoying "1" that sits over your System Preferences icon.

BTW, that warning started to appear when I updated my iPhone and iPad to iOS 12, not with the update to High Sierra.
 
OP
IWT

IWT


Joined
Jan 23, 2009
Messages
10,210
Reaction score
2,168
Points
113
Location
Born Scotland. Worked all over UK. Live in Wales
Your Mac's Specs
M2 Max Studio Extra, 32GB memory, 4TB, Sonoma 14.4 Apple 5K Retina Studio Monitor
not with the update to High Sierra.

Yes; but I only Upgraded to macOS High Sierra about 2 weeks ago or so - not long after 10.13.6 became the latest update. So maybe it's a newish thing. Anyway, I caught it in time. You have to be so careful with each point in the installation process and NOT just click continue - (all of which you know off by heart, Charlie).

And thank you very much for your reply.

Ian
 

Rod


Joined
Jun 12, 2011
Messages
9,615
Reaction score
1,825
Points
113
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2021 M1 MacBook Pro 14" macOS 13, iPhone SE 2, iPad 6, Apple Watch SE.
I get what you are saying about getting the code sent to the same device you are using although that has only happened with my MBP. At first I was confused because the window with the confirmation code covered the window where the number needed to be entered but that's another matter.
Yesterday however I realized how it is supposed to work. I have Family Sharing turned on for my wife and I was attempting to download an app to my wife's MBP that I had already purchased for mine. So i logged in on her device with my Apple ID and I was asked to confirm this download on one of my devices. So I went to my MBP got the displayed code and entered it on her MBP in the box that had appeared. I could have gotten the code off my iPhone too.
This is obviously the way the 2FA system works to protect your privacy and purchases.
 
OP
IWT

IWT


Joined
Jan 23, 2009
Messages
10,210
Reaction score
2,168
Points
113
Location
Born Scotland. Worked all over UK. Live in Wales
Your Mac's Specs
M2 Max Studio Extra, 32GB memory, 4TB, Sonoma 14.4 Apple 5K Retina Studio Monitor
Thank you Rod for your very helpful post.

As you know, I'm quite a fan of 2FA and use it fairly extensively.

My grumble was the persistent pushing of 2FA by Apple on all our devices. And, yes, the fact that several people (including my wife - different Apple ID from mine, on her MacBookPro) who get 2FA codes sent to the device they are currently using.

As you might also know, I was a very late convert to macOS High Sierra - just a few weeks ago - and the default setting as you go through the installation process was to initiate 2FA. Luckily I caught this and declined.

I am happy to follow advice from the likes of you and the many members whom I greatly respect on our Forums. If the consensus opinion is to go for 2FA on Apple devices, I would be very tempted to go with that. It's just that I feel slightly uncomfortable with the way way Apple appears to handle this.

I never have any problem being proven wrong in my assumptions:)

Thank you.

Ian
 
Joined
Nov 19, 2006
Messages
1,774
Reaction score
81
Points
48
Location
York, UK
Your Mac's Specs
iMac: 5K 27” (2020), 3.3 GHz, 32Gb RAM. iPad2, iPad mini4, iPhone 13 Mini, Apple Watch SE
I don't get asked for 2FA often from Apple, but when I do they send the code to the same device that I'm using as my phone, which rather defeats the object.
 
Joined
May 21, 2012
Messages
10,696
Reaction score
1,152
Points
113
Location
Rhode Island
Your Mac's Specs
M1 Mac Studio, 11" iPad Pro 3rdGen, iPhone 13 ProMax, Watch S7, 2018 15" MBP, AirPods Pro
I don't get asked for 2FA often from Apple, but when I do they send the code to the same device that I'm using as my phone, which rather defeats the object.
The ONLY reason it gets sent to all of those devices is because they are “trusted devices” you told Apple to trust. You would need to remove those devices from your trusted devices list in your iCloud settings, then the code would only go to the device you selected AND you would need to trust the devices each time if/when you remove them.

If someone else tried to use your logon, for iCloud, you would get the notification, that is what is designed to stop. If you leave you phone some where and it is unlocked, Apple can not prevent them getting the code, since they have your “trusted device”. If your iMac is your only trusted device, then you will have to go home to get the code.
 
OP
IWT

IWT


Joined
Jan 23, 2009
Messages
10,210
Reaction score
2,168
Points
113
Location
Born Scotland. Worked all over UK. Live in Wales
Your Mac's Specs
M2 Max Studio Extra, 32GB memory, 4TB, Sonoma 14.4 Apple 5K Retina Studio Monitor
If someone else tried to use your logon, for iCloud, you would get the notification, that is what is designed to stop. If you leave you phone some where and it is unlocked, Apple can not prevent them getting the code, since they have your “trusted device”. If your iMac is your only trusted device, then you will have to go home to get the code.

You're spot-on correct.

That's the problem for me in a sense.

The uniqueness of the Apple situation is that most of us have multiple devices which we tell Apple are "trusted".

The more usual situation - say with Amazon or Facebook - is that there is one company with one log in and the 2FA goes to one device, usually one's iPhone. It is true that you can "trust" more than one device for log-in purposes - or not if you wish 2FA every time you log in.

You have that option which makes 2FA all the more relevant. I had possible suspicious activity with my Amazon account some time ago. It may have been my fault (details don't matter) or it may have been Amazon getting Prime and non-Prime accounts muddled.

I then invoked 2FA and won't allow any of my devices to be trusted. This is no big deal because 99% of the time I purchase via my iMac; but I don't even let Amazon trust that. So I get a 2FA code each time I log in. iPhone by my side.

This is much more difficult, though possible, to achieve with Apple where multiple devices are involved.

So what you say (and others too) is factually correct - no doubt about that; but cumbersome to achieve. I don't have a simple solution, I admit; but I want security without the hassle.

Ian
 
Joined
May 21, 2012
Messages
10,696
Reaction score
1,152
Points
113
Location
Rhode Island
Your Mac's Specs
M1 Mac Studio, 11" iPad Pro 3rdGen, iPhone 13 ProMax, Watch S7, 2018 15" MBP, AirPods Pro

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
So what you say (and others too) is factually correct - no doubt about that; but cumbersome to achieve. I don't have a simple solution, I admit; but I want security without the hassle.

I'll echo what Bob said above about no hassle. I understand what 2FA does and overall I agree it's a good thing to have and use. However, in my home I'm the IT for everything. My wife who has been using an iPhone now for 3 years or more still does not understand how to do simple things with it, much less 2FA. O:)
 
OP
IWT

IWT


Joined
Jan 23, 2009
Messages
10,210
Reaction score
2,168
Points
113
Location
Born Scotland. Worked all over UK. Live in Wales
Your Mac's Specs
M2 Max Studio Extra, 32GB memory, 4TB, Sonoma 14.4 Apple 5K Retina Studio Monitor
Charlie, I don't mind in the least your quoting me in your response and crediting it to Bob:):DO:)

We all work together, which is great.

Ian
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Mea Culpa. Credits to both Ian and Bob. Now if there was only a way I could teach my wife how to maneuver and correctly use her iPhone.... :)
 
Joined
Nov 19, 2006
Messages
1,774
Reaction score
81
Points
48
Location
York, UK
Your Mac's Specs
iMac: 5K 27” (2020), 3.3 GHz, 32Gb RAM. iPad2, iPad mini4, iPhone 13 Mini, Apple Watch SE
So if Apple is that clever why doesn't it know that I'm using a trusted device and the the 2FA serves absolutely no purpose whatsoever?
 
Joined
Oct 16, 2010
Messages
17,485
Reaction score
1,531
Points
113
Location
Brentwood Bay, BC, Canada
Your Mac's Specs
2011 27" iMac, 1TB(partitioned) SSD, 20GB, OS X 10.11.6 El Capitan
I am happy to follow advice from the likes of you and the many members whom I greatly respect on our Forums. If the consensus opinion is to go for 2FA on Apple devices, I would be very tempted to go with that. It's just that I feel slightly uncomfortable with the way way Apple appears to handle this.

… … …
get 2FA codes sent to the device they are currently using.


We finally got rid of all our 2FA usage stuff as we just don't need it for our situation, and unfortunately we never got any codes sent to any device we were using which could have made its use much quicker and easier. I guess we missed something during setup time to allow it to start it working on some stuff and it was a real PITA whenever it kicked in. Neither was it made very clear as to how it was supposed to work.

It also became a PITA when attempting to use some of our "Family Sharing" stuff.





- Patrick
======
 
Joined
Oct 16, 2010
Messages
17,485
Reaction score
1,531
Points
113
Location
Brentwood Bay, BC, Canada
Your Mac's Specs
2011 27" iMac, 1TB(partitioned) SSD, 20GB, OS X 10.11.6 El Capitan
So if Apple is that clever why doesn't it know that I'm using a trusted device and the the 2FA serves absolutely no purpose whatsoever?


I think the rational is the security is the fact that is a "nasty" person is using the "trusted device", they would have to know the secret code in order to carry on with whatever they were attempting to do. I think… ;-)





- Patrick
======
 

Rod


Joined
Jun 12, 2011
Messages
9,615
Reaction score
1,825
Points
113
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2021 M1 MacBook Pro 14" macOS 13, iPhone SE 2, iPad 6, Apple Watch SE.
The Family Sharing example is the one I quoted as a good example of how 2FA should work but the annoying example is when I go to a new location with my MBP. So I return to Bali, I receive a notification that my MBP is being used in Indonesia. It sends a code to the MBP then I enter it on the MBP. How does that protect me?
Obviously not at all.
Now if it sent the code to my iPhone that would be logical. I'm sure my iPhone is a trusted device yet......
 
Joined
May 21, 2012
Messages
10,696
Reaction score
1,152
Points
113
Location
Rhode Island
Your Mac's Specs
M1 Mac Studio, 11" iPad Pro 3rdGen, iPhone 13 ProMax, Watch S7, 2018 15" MBP, AirPods Pro
So if Apple is that clever why doesn't it know that I'm using a trusted device and the the 2FA serves absolutely no purpose whatsoever?
They do not know who is using that device. How would they know it is you?

Apple has 2FA setup, to notify you that “someone” is attempting to access your iCloud account.
 
Joined
May 21, 2012
Messages
10,696
Reaction score
1,152
Points
113
Location
Rhode Island
Your Mac's Specs
M1 Mac Studio, 11" iPad Pro 3rdGen, iPhone 13 ProMax, Watch S7, 2018 15" MBP, AirPods Pro
Now if it sent the code to my iPhone that would be logical. I'm sure my iPhone is a trusted device yet......
You can look in System Preferences on your Mac, or in Settings on your iDevice, > iCloud to see all of your trusted devices you are logged into with your iCloud account.
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
Trusted Devices. That makes sense. I have had my 27" iMac display the code when I was using 2FA. Made me wonder why I did not have to go to another device to get the code!
 
Joined
Oct 16, 2010
Messages
17,485
Reaction score
1,531
Points
113
Location
Brentwood Bay, BC, Canada
Your Mac's Specs
2011 27" iMac, 1TB(partitioned) SSD, 20GB, OS X 10.11.6 El Capitan
So I return to Bali, I receive a notification that my MBP is being used in Indonesia. It sends a code to the MBP then I enter it on the MBP. How does that protect me?


As Bob mentioned in his #17 post I'd say.

Oh right!!! My brain just clicked to On!!! Did they not just send the access code to the "nasty folk" using your device to give them access??? OhOhoooooo…. :Angry-Tongue:





- Patrick
======
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top