Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

security concern - 2 factor authentication

S

scouser75

macrumors 68030
Original poster
Oct 7, 2008
2,961
621
Hi guys,

I've come across a security concern whilst logging on to this site.

I have 2 factor authentication set up on my iPad (iOS11) and iPhone (iOS10).

When I logged into an Apple site on my Mac desktop running El Capitan 10.11.6 I was asked for the authentication code. However, the code actually came up on the Mac screen and not my iPad or iPhone. Surely that's a bit of a breach? I then tried to log in to the apple site on my iPad. Same thing happened. The code came up on the iPad.

Nothing at all came up on my iPhone. I received no codes on there even though it is setup for 2 factor authentication.

What has gone wrong? And how can I fix it?
 
I followed the instructions, but when I go into iCloud / Account / Password & Security I get a message saying 'cannot connect ti iCloud'.

I turned the phone off and on again and still no luck. I can though connect to everything else - iTunes store, iCloud mail etc.
 
scouser75 said:
I followed the instructions, but when I go into iCloud / Account / Password & Security I get a message saying 'cannot connect ti iCloud'.

I turned the phone off and on again and still no luck. I can though connect to everything else - iTunes store, iCloud mail etc.
Click to expand...

You don't need to do anything. Your devices are working as expected. If your Mac isn't password protected in some manner then you need to deal with that.
 
BrianBaughn said:
You don't need to do anything. Your devices are working as expected. If your Mac isn't password protected in some manner then you need to deal with that.
Click to expand...

Buy surely the verification code should not arrive on the device that *potentially* has been hacked. For example, if someone on the other side of the world was trying to hack into my iCloud account, if somehow they got past the first part of the login process by entering the correct password, they would then be required to enter the verification code. Now, if that verification code arrives on their computer screen all they would have to do is enter the code and voila, they are in and have all my data!

Or am I missing something obvious, in which case Im going to be very embarrassed.
 
The verification code is the 2nd factor. You wouldn't get it if it weren't turned "ON".

If they're trying to add a device your list of trusted devices they would need a current trusted device in order to see or receive the code.
 
Thanks Brian. So is it normal for me to have received the verification code on my Mac Pro (which is a trusted device) whilst I was using the mac pro? I would have thought the code should have arrived on my iPad or iPhone for it to then be keyed onto my Mac pro.
 
Thanks Brian. I'm going to go and change all my passwords to even mega difficult ones. I think at some point I'm going to be using goodness knows what as a password :lol: :)
 
scouser75 said:
Buy surely the verification code should not arrive on the device that *potentially* has been hacked...
Click to expand...
It's a trusted device, so there is no problem with the code being sent to it. That's the whole point of having trusted devices. It's your responsibility to keep that device secure.
 
  • Like
Reactions: scouser75
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back