Two-factor identification flaw?

Question

Level 1

9 points

Two-factor identification flaw?

When I log into iCloud.com on my Mac (using Safari), after my password is automatically filled out by Safari and I get a prompt to enter the 6 digit code for 2-factor identification. The problem is that Apple will actually send the code to the Mac that I am trying to sign into from. How is this more secure? Shouldn't two-factor authentication be sending the code to a device other than the one from which I'm trying to login?

MacBook Pro Retina

Posted on Nov 28, 2019 5:35 AM

Reply

Answer 1

etresoft

Level 9

56,320 points

Nov 28, 2019 7:31 AM in response to epnormann

Two factor authentication is designed to protect your iCloud account from untrusted devices. It will send authentication requests to all trusted devices.

Reply

Answer 2

dialabrain

Level 10

135,821 points

Nov 28, 2019 7:18 AM in response to epnormann

Two things…

You're already securely logged into your Mac.
What if you don't have a second device?

Reply

Answer 3

dialabrain

Level 10

135,821 points

Nov 28, 2019 7:37 AM in response to etresoft

etresoft wrote:

Two factor authentication is designed to protect your iCloud account from untrusted devices. It will send authentication requests to all trusted devices.

Indeed.

Reply