security concern - 2 factor authentication

Discussion in 'macOS' started by scouser75, Apr 27, 2018.

  1. scouser75 macrumors 65816

    Joined:
    Oct 7, 2008
    #1
    Hi guys,

    I've come across a security concern whilst logging on to this site.

    I have 2 factor authentication set up on my iPad (iOS11) and iPhone (iOS10).

    When I logged into an Apple site on my Mac desktop running El Capitan 10.11.6 I was asked for the authentication code. However, the code actually came up on the Mac screen and not my iPad or iPhone. Surely that's a bit of a breach? I then tried to log in to the apple site on my iPad. Same thing happened. The code came up on the iPad.

    Nothing at all came up on my iPhone. I received no codes on there even though it is setup for 2 factor authentication.

    What has gone wrong? And how can I fix it?
     
  2. chabig macrumors 603

    Joined:
    Sep 6, 2002
    #2
    The authentication code comes up on all of your trusted devices. To be a trusted device, your iPhone needs to be signed into iCloud. See Apple's support document for two-factor authentications.

    https://support.apple.com/en-us/HT204915
     
  3. scouser75 thread starter macrumors 65816

    Joined:
    Oct 7, 2008
    #3
    I followed the instructions, but when I go into iCloud / Account / Password & Security I get a message saying 'cannot connect ti iCloud'.

    I turned the phone off and on again and still no luck. I can though connect to everything else - iTunes store, iCloud mail etc.
     
  4. BrianBaughn macrumors 603

    BrianBaughn

    Joined:
    Feb 13, 2011
    Location:
    Baltimore, Maryland
    #4
    You don't need to do anything. Your devices are working as expected. If your Mac isn't password protected in some manner then you need to deal with that.
     
  5. scouser75 thread starter macrumors 65816

    Joined:
    Oct 7, 2008
    #5
    Buy surely the verification code should not arrive on the device that *potentially* has been hacked. For example, if someone on the other side of the world was trying to hack into my iCloud account, if somehow they got past the first part of the login process by entering the correct password, they would then be required to enter the verification code. Now, if that verification code arrives on their computer screen all they would have to do is enter the code and voila, they are in and have all my data!

    Or am I missing something obvious, in which case Im going to be very embarrassed.
     
  6. BrianBaughn macrumors 603

    BrianBaughn

    Joined:
    Feb 13, 2011
    Location:
    Baltimore, Maryland
    #6
    The verification code is the 2nd factor. You wouldn't get it if it weren't turned "ON".

    If they're trying to add a device your list of trusted devices they would need a current trusted device in order to see or receive the code.
     
  7. scouser75 thread starter macrumors 65816

    Joined:
    Oct 7, 2008
    #7
    Thanks Brian. So is it normal for me to have received the verification code on my Mac Pro (which is a trusted device) whilst I was using the mac pro? I would have thought the code should have arrived on my iPad or iPhone for it to then be keyed onto my Mac pro.
     
  8. BrianBaughn macrumors 603

    BrianBaughn

    Joined:
    Feb 13, 2011
    Location:
    Baltimore, Maryland
    #8
    It seems weird when it happens but it's a trusted device.
     
  9. scouser75 thread starter macrumors 65816

    Joined:
    Oct 7, 2008
    #9
    Thanks Brian. I'm going to go and change all my passwords to even mega difficult ones. I think at some point I'm going to be using goodness knows what as a password :lol: :)
     
  10. chabig macrumors 603

    Joined:
    Sep 6, 2002
    #10
    It's a trusted device, so there is no problem with the code being sent to it. That's the whole point of having trusted devices. It's your responsibility to keep that device secure.
     

Share This Page