Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
65,324
33,620



Starting in watchOS 6, the Apple Watch has become a trusted device for Apple ID authentication purposes.

apple-watch-apple-id-verification-code-watchos-6.jpg

When you or someone else signs in to your Apple ID on a new device or browser, the Apple Watch will automatically alert you, complete with an approximate location of the person. If the sign-in attempt is allowed, a six-digit verification code will then appear to be entered on the new device or browser.

Something I haven't seen before watchOS 6: the Apple Watch can now receive and display Apple ID Verification Codes as a trusted device for 2-factor authentication. pic.twitter.com/Oin8AbYEDc - Jeremy Horwitz (@horwitz) June 10, 2019

This functionality has been available on iPhones and iPads since iOS 9, and on Macs since OS X El Capitan, for Apple ID accounts with two-factor authentication enabled. Now, users simply have one more option in the Apple Watch.

Article Link: Apple Watch Can Display Apple ID Verification Codes Starting in watchOS 6
 

PastaPrimav

Suspended
Nov 6, 2017
929
1,494
It is unbelievable how annoying they've managed to make 2-factor authentication.

I have never ever once logged in as myself on a "foreign" machine that is not one that is owned by me and under my exclusive control, yet I'm forced to deal with Apple's 2-factor all the time. Seemingly every time I log in to my developer account or any Apple domain in Safari. "Trust" this browser? Yeah, my ass. Until the very next time I log in.

What we need is an authentication-free experience when we've sufficiently proven that we are in fact the person using the machine. Unlocking the Mac with Apple Watch should be the key. After that, I should not be forced to provide authentication of any kind, (unless I opt to enable app per app in settings).

It is absurd that they haven't taken the steps to embrace this more. Unlocking with Apple Watch is more than enough to prove that it is my sitting at the machine, and I shouldn't need to enter passwords anywhere, let alone deal with 2-factor.
 

konqerror

macrumors 68020
Dec 31, 2013
2,298
3,701
It is absurd that they haven't taken the steps to embrace this more. Unlocking with Apple Watch is more than enough to prove that it is my sitting at the machine, and I shouldn't need to enter passwords anywhere, let alone deal with 2-factor.

Yeah, Microsoft managed to do this far better for years now. You sign in once through Windows Hello and it handles native Windows sign-ins and Microsoft properties through Edge. The latest update of Windows 10 extends this to third-party sites via FIDO2. All TPM bound so it's like a dongle.

Apple is the only company who requires you to type in a stupid number, everybody else, Microsoft, Google, Duo, just have you press OK on the authentication notification.
 

Zachari

macrumors 6502
Feb 8, 2012
319
1,620
Washington, DC
It is unbelievable how annoying they've managed to make 2-factor authentication.

I have never ever once logged in as myself on a "foreign" machine that is not one that is owned by me and under my exclusive control, yet I'm forced to deal with Apple's 2-factor all the time. Seemingly every time I log in to my developer account or any Apple domain in Safari. "Trust" this browser? Yeah, my ass. Until the very next time I log in.

What we need is an authentication-free experience when we've sufficiently proven that we are in fact the person using the machine. Unlocking the Mac with Apple Watch should be the key. After that, I should not be forced to provide authentication of any kind, (unless I opt to enable app per app in settings).

It is absurd that they haven't taken the steps to embrace this more. Unlocking with Apple Watch is more than enough to prove that it is my sitting at the machine, and I shouldn't need to enter passwords anywhere, let alone deal with 2-factor.

You are spot on friend. They need to get this in check, or even integrate it into Sign in with Apple.
 
  • Like
Reactions: QuarterSwede

macduke

macrumors G5
Jun 27, 2007
13,425
20,436
So I can pay for stuff with my Apple Watch without having to do anything and use it to unlock my Mac, but I have to punch in a code I read off my wrist? Why can't it just send a signal to my device to approve it? Better yet, why can't being on your Mac and signed into iCloud on a logged-in device (past the passcode/login screen) already be enough authorization to sign in to a website? I thought Apple was all about ease of use and having proprietary system integration in their apps. At the least it should work with Safari.

About friggin' time.

Will it also do parental approvals for family purchases?
Would also be great for approving/denying additional time on their iPad.
 

Crowbot

macrumors 68000
May 29, 2018
1,809
4,091
NYC
I know it’s been a bit annoying but, honestly, I’d rather err on the side of security. But I’m happy to see the Watch as a trusted device.
 
  • Like
Reactions: orbital~debris

nburwell

macrumors 603
May 6, 2008
5,544
2,456
DE
Finally! Very much overdue. I never understood why I couldn't get the Apple ID verification code on my Watch when it goes to my iPhone and iPad.
 

Mac 128

macrumors 603
Apr 16, 2015
5,360
2,930
Finally! Very much overdue. I never understood why I couldn't get the Apple ID verification code on my Watch when it goes to my iPhone and iPad.

It should have been a high priority.

I had a friend who’s phone was stolen while on vacation in Europe last year, bought a new iPhone and tried to access iCloud to restore his contacts, and needed a verification code.

He called Apple customer support, and they told him he needed a trusted device, that his Apple Watch couldn’t be used, and that he should have brought a Mac or iPad on vacation with him. Ridiculous.

I have to wonder how many calls like that they’ve gotten.
 

Shirasaki

macrumors P6
May 16, 2015
16,209
11,680
It is unbelievable how annoying they've managed to make 2-factor authentication.

I have never ever once logged in as myself on a "foreign" machine that is not one that is owned by me and under my exclusive control, yet I'm forced to deal with Apple's 2-factor all the time. Seemingly every time I log in to my developer account or any Apple domain in Safari. "Trust" this browser? Yeah, my ass. Until the very next time I log in.

What we need is an authentication-free experience when we've sufficiently proven that we are in fact the person using the machine. Unlocking the Mac with Apple Watch should be the key. After that, I should not be forced to provide authentication of any kind, (unless I opt to enable app per app in settings).

It is absurd that they haven't taken the steps to embrace this more. Unlocking with Apple Watch is more than enough to prove that it is my sitting at the machine, and I shouldn't need to enter passwords anywhere, let alone deal with 2-factor.
Yes. Until now, I am still highly skeptical to even consider enabling 2FA. I see more and more cool/niche/somewhat useful features now require 2FA to work and it is designed for people to securely login their Apple ID. But, given Apple never inform user to unpair Apple Watch BEOFRE erasing their devices (thought they should’ve done this by now), I have forgot to unpair watch before erasing several times, including the first three weeks that I was exchanging my iPhone and iPad for various reasons (within 14 days window). Since I don’t have a second number, I am extremely worried that Apple will not inform me to deactivate the device on 2FA Before erasing my device and bam. The account access is locked since I have no sufficient methods to verify my identity.
watchOS 6 looks better and better. Noise app, the app store, authentication for Mac (no need for entering password when installing apps etc) and now this!
This leaves with one question: how many of those features are watch series 4 and above exclusive? Noise app is not available in watch series 3 for sure.
 

Jamesk811

macrumors 6502
Mar 23, 2015
341
72
“Trust this browser” will only work if you don’t have any cookies blocked.

It is unbelievable how annoying they've managed to make 2-factor authentication.

I have never ever once logged in as myself on a "foreign" machine that is not one that is owned by me and under my exclusive control, yet I'm forced to deal with Apple's 2-factor all the time. Seemingly every time I log in to my developer account or any Apple domain in Safari. "Trust" this browser? Yeah, my ass. Until the very next time I log in.

What we need is an authentication-free experience when we've sufficiently proven that we are in fact the person using the machine. Unlocking the Mac with Apple Watch should be the key. After that, I should not be forced to provide authentication of any kind, (unless I opt to enable app per app in settings).

It is absurd that they haven't taken the steps to embrace this more. Unlocking with Apple Watch is more than enough to prove that it is my sitting at the machine, and I shouldn't need to enter passwords anywhere, let alone deal with 2-factor.
 
  • Like
Reactions: the future

MRrainer

macrumors 68000
Aug 8, 2008
1,533
1,113
Zurich, Switzerland
I admit I rarely log into iCloud. And even then, it's not such a big deal to enter those numbers.

We already have two different "things" at work that require TFA (via FreeOTP) and I find that for more annoying (because I use it often and the session times out after a couple of hours).
 

mannyvel

macrumors 65816
Mar 16, 2019
1,417
2,578
Hillsboro, OR
My Apple ID is at this point one of the more valuable logins that I have, so security things don't really bother me. Having Apple's 2FA on the watch is nice, but ideally they should also support the google authenticator style 2fa (TOTP/HOTP). It would bypass that "I lost all my apple devices" problem and is marginally less secure than the all-Apple solution.
 

allenvanhellen

macrumors 6502a
Dec 8, 2015
656
1,319
It is unbelievable how annoying they've managed to make 2-factor authentication.

I have never ever once logged in as myself on a "foreign" machine that is not one that is owned by me and under my exclusive control, yet I'm forced to deal with Apple's 2-factor all the time. Seemingly every time I log in to my developer account or any Apple domain in Safari. "Trust" this browser? Yeah, my ass. Until the very next time I log in.

What we need is an authentication-free experience when we've sufficiently proven that we are in fact the person using the machine. Unlocking the Mac with Apple Watch should be the key. After that, I should not be forced to provide authentication of any kind, (unless I opt to enable app per app in settings).

It is absurd that they haven't taken the steps to embrace this more. Unlocking with Apple Watch is more than enough to prove that it is my sitting at the machine, and I shouldn't need to enter passwords anywhere, let alone deal with 2-factor.
No password at all? Are you nuts?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.