two-factor authentication question

Question

Level 1

17 points

two-factor authentication question

I now get daily requests from Apple, both on my iPhone and every Mac I use in my household, to set up two-factor authentication (2FA) for my accounts. Even now when I logged in to this forum to ask this question, I was first diverted to a page on which I had to say that I do not want to activate this feature for my account.

I did activate 2FA once and then cancelled it, because it was still in the 2 week window from activation.

Here is the issue I had with 2FA. Perhaps someone has some idea how this problem could be avoided.

Some years ago I activated 2FA just before setting up a new iPhone. While setting up the iPhone a code was sent to my "other device" while I was setting up the iPhone.

That was a problem, because I have a very large number of active devices linked to my account in my household (one other iPhone, 4 iPads, more than 4 Macs of various kinds), some of them turned off, some of them at another location used by my family members, so not all of them in my immediate proximity to be looked at and checked if they received the code or not.

I basically could not figure out where the code went. The message I received only said that the code was on my "other device" with no indication which one of my other devices received the code. I could not set up the iPhone. I was fortunately within the 2 week cancellation period for the 2FA. I cancelled it and set up my iPhone when the 2FA was turned off for the account.

My guess is that this 2FA issue will not be a problem for me as long as I have the iPhone available and I am setting up another device, but when my main iPhone (I also have an older model as back up that is mostly not used and is off) is changed and I try to set it up with use of 2FA, it will definitely be a problem for me.

For this reason I have never again set up 2FA and will not be able to do it until this issue is resolved.

So here is the question:

How do I control where this code is sent, when it will not go to my iPhone? Is there an option to choose where the code is sent, another phone number, another email address (I have 3 different ones registered with Apple), anything I can access with certainty other than a code that is briefly displayed on the screen of a device that is not with me or not turned on at the moment?

Banks and email accounts that I have 2FA set up for usually give several options where and how the code will be sent. Why is Apple not giving the same option to send the code to a definitive location that we can select from a list that we have set up ourselves?

Thank you.

Posted on Jan 11, 2023 11:08 AM

Reply

Answer 1

Top-ranking reply

IdrisSeabright

Level 10

169,055 points

Jan 11, 2023 12:27 PM in response to tutlek

tutlek wrote:

I have 3 email accounts set up as Apple IDs for various purposes.

I wonder if that isn't part of the problem.

I do not see why Apple cannot create an option where it asks me at the time the code needs to be sent where I want to receive this code on a previously set up method that I chose myself. If my email accounts and banks where I have set up 2FA can do this, why can Apple not do the same?

No one here in this user-to-user forum can answer that. You can let Apple know your concerns here:

Product Feedback - Apple

I'd suggest putting the feedback under "iCloud".

f Google and Yahoo can do this, why cannot Apple? Seems like a no-brainer to me.

Again, no one here can answer that. What I can say is that Apple has a much better reputation for keeping data secured than either Google or Yahoo.

Reply

Answer 2

FoxFifth

Level 10

472,059 points

Jan 11, 2023 11:14 AM in response to tutlek

The code is supposed to be sent to all of your devices that are "trusted devices." In my own experience that usually does happen but sometimes does miss one device (no pattern of which device that I have noticed). There is no option to have a code go to an email address but you can have it sent to a trusted phone number and you can specify (at the time of the request) which trusted phone number. See the following for more information on trusted devices and trusted phone numbers: Two-factor authentication for Apple ID - Apple Support

Reply

Answer 3

tutlek Author

Level 1

17 points

Jan 11, 2023 11:32 AM in response to FoxFifth

Limnos, if the code was sent to ALL of the devices signed in under the same Apple ID, I would have no problem. Unfortunately, it is sent to ONE device, with no indication which one it is.

FoxFifth, last time I tried this is was sent to ONE device, not all of them. But even if it is sent to ALL devices on my account, if I travel and have my iPhone with me and nothing else (common occurrence) and have an issue with the iPhone that requires me to use 2FA when there is a problem with that particular iPhone, I will not be able to receive verification codes. See text below copied from the link in your message.

So basically, until Apple creates an option to receive a code via email or some other manner that is accessible when the iPhone cannot receive the code, I cannot use 2FA, unless I want to take a chance and be locked out of my own iPhone while overseas with no other Apple device with me that might or might not receive the code when I desperately need it. Having been in that situation once, I see that as bigger problem than someone stealing my Apple ID password, frankly. And it is a problem Apple has created and can fix very easily.

"What is a trusted phone number?

To use two-factor authentication, you need at least one trusted phone number on file where you can receive verification codes. If you have a phone number that isn't associated with your trusted device, consider verifying it as an additional trusted phone number. If your iPhone is your only trusted device and it's missing or damaged, you won't be able to receive verification codes required to access your account."

Reply

Answer 4

Limnos

Level 10

418,435 points

Jan 11, 2023 11:38 AM in response to tutlek

The problem with them sending it to your email address is if somebody has managed to get into a device then they can also read the email received by the device. With the way the system is et up it is a bit like hiding a key under the doormat.

Reply

Answer 5

tutlek Author

Level 1

17 points

Jan 11, 2023 11:59 AM in response to Limnos

Not true. The email address can be a different one. Not the one with the compromised password. I have 3 email accounts set up as Apple IDs for various purposes.

I do not see why Apple cannot create an option where it asks me at the time the code needs to be sent where I want to receive this code on a previously set up method that I chose myself. If my email accounts and banks where I have set up 2FA can do this, why can Apple not do the same?

Gmail and Yahoo Mail let you set up "rescue" accounts where you can receive verification codes, in addition to a phone number. They periodically, every few months, verify that these rescue accounts are still in use and available. They also notify you to these rescue accounts that there was an unusual log in to your account. When you have trouble logging in, they give you an option to receive the code in one of the rescue email accounts or the phone number.

If Google and Yahoo can do this, why cannot Apple? Seems like a no-brainer to me.

Reply