mailjeh wrote:
Hello John, I read your comments on the thread you referred to and can see what you're saying. I guess my point is that if you're already on and using a 'Trusted Device' why bother sending out more codes AND displaying them on that same trusted device. I'd understand if the codes were displayed on another separate trusted device but to display it on the device you're using is a lowering of security if anything.
Issue you are focused upon: stolen device
Issues Apple ID 2FA is addressing: compromised Apple ID credentials
Issues you are focused on: not covered by Apple ID 2FA.
Issues Apple ID 2FA is addressing: Apple ID password re-use and cramming, Apple ID phishing, and particularly these and other activities and these Apple ID credentials exploits that are happening remotely from yourself, and remotely from your devices. That do not involve your devices.
If you want Apple ID 2FA separate from and not associated with Messages, SMS, or phone calls, configure and use NFC or USB security keys, or (potentially more problematic) a recovery key. That addresses issues particularly with SMS, but does not address device theft.
Your iPhone or iPad can itself be used as a second factor in some cases, an approach which—like the Apple ID 2FA—reduces the exposure to passcode compromises.
With iPhone, Stolen Device Protection can act sorta-kinda like a second factor for the iPhone passcode itself, using common locations as the second factor. If you want 2FA for your iPhone or iPad itself in addition to the device passcode or password, I've not encountered a means to provide that (past Stolen Device Protection), and you will want to log feedback with Apple.
