Confused about 2FA, Trusted Devices, Device linked to Apple ID

Question

Level 1

5 points

Confused about 2FA, Trusted Devices, Device linked to Apple ID

I am having a hard time understanding the relationship on these security features.

First off, I have 2 iPhone, my old one is being used by my son, and also have some other apple devices.

Since I use my apple ID on both iPhone, both appear as trusted devices on my account info. I really want this so if I ever lose any of them, I can use Find My Device.

My problem comes If I try to log in to my account on any laptop (example) and I get the Verification Message on all the trusted devices and sometimes when my son is using the device he accidentally presses de cancel/ignore before I can accept on my iPhone, so I have to retry to log in. It's kind of annoying, and yes I have talked to him about not pressing it, but it happens anyway. Also I am better off if he presses the not allow option, what if it isn't me trying to access the account. Price to pay for security I guess.

TL; DR : So my questions are, can you remove an iPhone (B) from trusted devices so I can get the verification codes just on my other iPhone (A) , and will that iPhone (B) once untrusted still be linked to my apple ID, be able to use Find My Device and be linked to apple ID activation if tried to restored (basically making it useless if stolen) , or must a device be trusted to be linked to my account/find my device? if it's the latter, can you somehow configure then which device recieves the verification codes? Also once untrusted will the iPhone (B) resign or get listed again as trusted for any reason?

iPhone 8 Plus

Posted on Aug 13, 2020 9:00 AM

Reply

Answer 1

Best reply

Eric Root

Level 10

684,147 points

Aug 13, 2020 10:45 AM in response to Warura

If it is a trusted device, there isn't a way to disable the ability to receive verification codes. You also can't make the device not a trusted device and still retain access to all Apple Services. From the article below.

If you set up two-factor authentication for your Apple ID, removing a device will ensure that it can no longer display verification codes. It also won't have access to iCloud and other Apple services, including Find My, until you sign in again with two-factor authentication. The device won't reappear in the list unless you sign in again.

Apple ID device list -Check to see where you‘re signed in.

Reply

Answer 2

Aug 13, 2020 9:03 AM in response to Warura

See these documents on Two-Factor Authentication and the quoted/inserted information from each below.

See Two-factor authentication for Apple ID https://support.apple.com/en-us/HT204915 See this section especially Setup two-factor authentication for your Apple ID. From this section, "Two-factor authentication is available for Apple ID accounts with at least one device that's using the latest iOS, iPadOS, or macOS. Learn more. You can follow these steps on your iPhone, iPad, or iPod touch to turn on two-factor authentication."

And, Use the “learn more” link above to see more about the Availability of two-factor authentication for Apple ID https://support.apple.com/en-us/HT205075. From this link: "While most iCloud users can now turn on two-factor authentication, certain account types may still be ineligible at Apple’s discretion."

See Get a verification code and sign in with two-factor authentication https://support.apple.com/en-us/HT204974 Below is an excerpt, but read the whole document. See the bold italics below.

Whenever you sign in with your Apple ID on a new device or browser, you'll confirm your identity with your password plus a six-digit verification code. There are a few ways you can get a verification code. You can use the code displayed on your trusted device, get a text or phone call, or generate a code from your trusted device [see the additional information in the article].

A trusted device is an iPhone, iPad, or iPod Touch with iOS 9 and later or a Mac with OS X El Capitan and later that you've already signed into using two-factor authentication.

If you can’t sign in, reset your password, or receive verification codes, you can request account recovery to regain access to your account. This link takes you to:

Recover your Apple ID when you can’t reset your password https://support.apple.com/en-us/HT204921

“Account recovery might take a few days or longer, depending on the specific account information you can provide to verify your identity. After you request account recovery, you'll get an email with a confirmation of your request and the date and time of when you can expect to regain access. … When the wait period is over, Apple sends you a text or automated phone call with instructions to regain access to your account.” Read the whole document carefully.

Reply

Answer 3

Warura Author

Level 1

5 points

Aug 13, 2020 9:16 AM in response to donv_the_ghost

Thanks some info I didn't know. I know how to turn 2FA on or off (you have two weeks after you turn it on), but I think I didn't explain my self right. Basically, 2FA once activated stays permanent with your Apple ID, I know you need to use it to log into new devices, but once logged in can you make it so that new device isn't a trusted device to receive future verification codes but is linked to my apple ID (for Find My Device purposes).

Reply

Answer 4

Warura Author

Level 1

5 points

Aug 13, 2020 12:58 PM in response to Eric Root

So basically, any device I want protected with an appleID from theft, must be logged with that appleID and so becomes a trusted device for verification purposes.

This seems inconvenient on some situations. Apple should address this, as it makes the whole system less secure, over complicated with many ideas/terms that are then linked to be used all together.

It would be convinient to be able to link devices to an apple ID to prevent theft, and also be able to specify which ones can work as a device for code verification.

No point by apple on using terms like trusted devices when actually any device you log into will become linked and will access and recieve all the security codes/modifications/liberties to modify account information. Just call it, linked device to an apple ID.

Lets say I have an iPad and iPhone, someone steals my iPad while I have it unlocked and working in a park. The thief could just go into the setting and change apple ID stuff cause he could reset password using trust device verification code which will also apear on that same stolen iPad.

Granted I still have my iphone, and could make adjustments to disable that ipad, but what if he does that first? In the moment if that happens I dont think many would stop to think, ok lets disable my stolen device. If you are lucky you could remember the day after. By then I will have a stolen iPad and probably locked out of my iPhone. You definitely need to be able to specify what devices should be able to recieve or not a verification code.

Reply

Answer 5

Aug 13, 2020 12:56 PM in response to Warura

To provide feedback to Apple, use Product Feedback https://www.apple.com/feedback/. Apple probably will not see your feedback here.

Reply

Answer 6

Aug 13, 2020 10:46 AM in response to Warura

You are very welcome. Be safe.

Reply

Answer 7

Eric Root

Level 10

684,147 points

Aug 13, 2020 1:00 PM in response to Warura

They would need to know the existing password to reset the password.

Reply

Answer 8

Warura Author

Level 1

5 points

Aug 13, 2020 3:05 PM in response to Eric Root

Not on a trusted device that is unlocked, you could reset it from the settings menu from that iphone or ipad using the same trusted device to receive the verification code for the change.

Reply

Confused about 2FA, Trusted Devices, Device linked to Apple ID

Similar questions