2-Factor Authentication

GaryHatherly wrote:

Why is nobody understanding. WHY does the authorisation code appear on the very machine I’m using to log into my Apple account? It’s pointless.

We understand completely. It's you that doesn't.

The 2FA code is meant to protect your account, not the device.

Secure access to the device comes from your username and password FOR YOUR Mac. Once you have successfully passed that stage, any time you need access to your Apple data, you ask for a verification code (2FA) to be sent to the device you have demonstrated secure control of.

Since only you should be able to sign in to your Mac, the 2FA code is secure and allows only you to access your Apple account and content.

If your Mac is left unlocked or has an easily guessed password, then yes, 2FA may not appear to have any value.

You have added a trusted number in two factor authentication account and it is verified , but the text will appear on mobile number when both Mac and device ( it will be iPhone only and not an android phone ) are signed in with same Apple ID and password , however the android device can be configured to get the code , perhaps it cannot be signed in with Apple ID and password .

And if the Mac and iPhone are signed in with same apple id and password , you can click any one of it to get the code ( click on get a verification code on iPhone screen or if you cancel it will appear on Mac .

See these articles https://support.apple.com/en-us/HT204974

https://support.apple.com/en-in/HT204915

If somebody managed to login to my laptop and tried to log in to my apple account, they would receive the security code on the same machine they are using, ie, my macair.

Which is why your Macs need to have a strong password to prevent this.

2FA does not protect hardware, it protects your account.

The 2FA code will appear on the primary machine / the account is created from as Mac .

Just to explain with an example from my Mac , I create 2FA from Mac and add two trusted numbers and both are verified in the account , but they are not synced using same Apple ID and password , the code will not go to the device however the account is active on iCloud server the Mac acts as device and will generate a code over it ( suppose I turn off the iPhone , or if iPhone is damaged for some reason ) , it doesn't mean the account is disabled on the server .

Note : location services is turned as on , find my Mac is turned as on , so Mac is searched using IP address of mine and code is displayed over the Mac .

Who can access you laptop ? is it an admin account , there is an option click on cancel it would have prompted using maps location before the code appeared ( click on allow ) .