Confused by Apple's Two Factor Authentication?

kat.hayes

macrumors 65816
Original poster
Oct 10, 2011
1,127
20
I just logged into iCloud through Chrome on my MacBook Pro. This was the first time I had done this so it asked me to enter a password in my browser and the password was displaying on my Mac. I don't remember exactly how the password displayed, though I thought the whole point of this would be to display the password on my phone so I would have to get the password from my phone and enter into the browser on my Mac to ensure it was really me and I owned both devices. If someone stole my MacBook Pro and had access to my password, how is this adding any extra layers of security?

And, does this mean I have two factor authentication enabled for all of my devices or do I have to enable it individually for each device?

Thanks.
 

Rigby

macrumors 603
Aug 5, 2008
5,285
5,836
San Jose, CA
The verification code will be shown on all your trusted devices (which are by default iOS devices and MacOS computers that you have previously signed in using two-factor auth). You can "untrust" a device by going to appleid.apple.com, clicking on a device and selecting "remove".
 
  • Like
Reactions: kat.hayes

Alrescha

macrumors 68020
Jan 1, 2008
2,156
315
I thought the whole point of this would be to display the password on my phone so I would have to get the password from my phone and enter into the browser on my Mac to ensure it was really me and I owned both devices.
The two-factor authentication is protecting your iCloud account, not your Mac. One factor is your password, the other is a trusted device. The fact that Chrome *happens* to be running on a trusted device is not important.

A.
 
  • Like
Reactions: kat.hayes

kat.hayes

macrumors 65816
Original poster
Oct 10, 2011
1,127
20
1. I do not remember seeing the verification code pop up on my other devices. How do you sign in using two-factor authentication on a device to make it trusted?

2. So every iOS/MAC OS device I have that is logged into iCloud will be using two factor authentication since I turned it on somewhere?

3. What I still dont understand is the pass code showed up on my MBP and I had to enter it into my MBP. How is this adding any extra security?

Thanks.
 

Alrescha

macrumors 68020
Jan 1, 2008
2,156
315
3. What I still dont understand is the pass code showed up on my MBP and I had to enter it into my MBP. How is this adding any extra security?
You were not authenticating your MacBook, you were authenticating Chrome. At the risk of being repetitive, you need two things for two-factor authentication - your password and a trusted device. The MacBook was one of those.

Chrome could just as easily been on a bad actor's laptop.

A.
 
  • Like
Reactions: kat.hayes

Rigby

macrumors 603
Aug 5, 2008
5,285
5,836
San Jose, CA
1. I do not remember seeing the verification code pop up on my other devices. How do you sign in using two-factor authentication on a device to make it trusted?
You should see it on any iOS/MacOS device that is logged into iCloud.
2. So every iOS/MAC OS device I have that is logged into iCloud will be using two factor authentication since I turned it on somewhere?
What exactly do you mean by "using two factor authentication"? Once you enable it, there is no other way to log in to your iCloud account.
3. What I still dont understand is the pass code showed up on my MBP and I had to enter it into my MBP. How is this adding any extra security?
It adds security in the sense that nobody can log in to your account even if they know your password, since they don't have a trusted device and thus will not be able to receive a verification code.
 
  • Like
Reactions: kat.hayes

kat.hayes

macrumors 65816
Original poster
Oct 10, 2011
1,127
20
I guess I wasn't clear in what I was trying to say. If somebody stole my "trusted" device, MacBook, and tried to log into iCloud using my stolen "trusted" device, what good is it that the passcode displays on the "trusted" stolen device that enables the thief to log right in? If it only displayed on one of the other "trusted" devices of the owner that would seem to make more sense....
 

zone23

macrumors 68000
May 10, 2012
1,972
750
I guess I wasn't clear in what I was trying to say. If somebody stole my "trusted" device, MacBook, and tried to log into iCloud using my stolen "trusted" device, what good is it that the passcode displays on the "trusted" stolen device that enables the thief to log right in? If it only displayed on one of the other "trusted" devices of the owner that would seem to make more sense....
Well hopefully your MacBook has a password that would keep someone out but yes if none of your devices have passwords then your screwed. PS without a PIN on you iPad/iPhone icloud will not sync keychain which stores your passwords.
 

Rigby

macrumors 603
Aug 5, 2008
5,285
5,836
San Jose, CA
I guess I wasn't clear in what I was trying to say. If somebody stole my "trusted" device, MacBook, and tried to log into iCloud using my stolen "trusted" device, what good is it that the passcode displays on the "trusted" stolen device that enables the thief to log right in?
What exactly are you trying to protect against? Given that all trusted devices are logged into iCloud anyway, someone who has access to your unlocked device can already access most of your iCloud data without having to log in again. The best you can do for the case of device theft is to make sure that your device is access protected (strong passcode/password, and Filevault enabled on Macs).
 

Brookzy

macrumors 601
May 30, 2010
4,829
4,899
UK
I guess I wasn't clear in what I was trying to say. If somebody stole my "trusted" device, MacBook, and tried to log into iCloud using my stolen "trusted" device, what good is it that the passcode displays on the "trusted" stolen device that enables the thief to log right in? If it only displayed on one of the other "trusted" devices of the owner that would seem to make more sense....
This is a good point. The problem is that in your proposed setup, if you for example owned a MacBook and an iPhone, and you lost your iPhone, you'd be locked out of your MacBook as well.
 

Manatlt

macrumors 6502a
Aug 26, 2013
885
292
London, UK
I guess I wasn't clear in what I was trying to say. If somebody stole my "trusted" device, MacBook, and tried to log into iCloud using my stolen "trusted" device, what good is it that the passcode displays on the "trusted" stolen device that enables the thief to log right in? If it only displayed on one of the other "trusted" devices of the owner that would seem to make more sense....
As someone mentioned earlier, it is not authenticating the Macbook, it's authenticating Chrome. It is not an Apple application so Apple/macOS has no idea what you're doing in Chrome. So that's why it's treating Chrome as you using another computer.

Use Safari if you want to skip the verification process.
 

Rigby

macrumors 603
Aug 5, 2008
5,285
5,836
San Jose, CA
Use Safari if you want to skip the verification process.
Using Safari does not skip the verification process when logging into icloud.com for the first time (you can of course tell it to store a cookie so the computer is "trusted" on subsequent logins, but that works with any other browser too).
 

NJRonbo

macrumors 68020
Jan 10, 2007
2,438
455
Guys,

I am very confused by this authetification. I am against it. Have already started it and I am getting nothing but problems --- particularly with email that does not want to sync properly across all devices even though the password is the same.

Anyhow, here's my question....

What exactly does Apple want us to switch over to two-step authentification?

Is it any app that uses iCloud sync?

I want to avoid the verification process iif at all possible. It's very tedious. I am hoping I am misunderstanding exactly what apps Apple will require to be protected.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.