You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Two-factor authentication on my Macbook sends a code... to my Macbook??

I feel pretty sure that two-factor isn't supposed to send the code to the same device that is asking for the code. See screenshot, in which signing into iCloud from my Chrome browser 1) demands 2-factor every time and sends me a "new device sign-in" email, and 2) sends the verification code to the very Macbook Pro I'm signing in from.


Both parts of this seem deeply broken. I am not signing in from a new device, but the same one I always sign in from. And, if Apple doesn't recognize the device I'm signing in from, why is it sending the verification to that same device?




User uploaded file

MacBook Pro with Retina display, macOS High Sierra (10.13.5)

Posted on Jun 23, 2018 11:10 AM

Reply
18 replies

Jun 26, 2018 8:08 PM in response to Shelia Addison

Shelia Addison wrote:


"Whenever you sign in with your Apple ID on a new device or browser, you'll confirm your identity with your password plus a six-digit verification code."


So why does it require identity confirmation when I am signing in with the same device, and same browser, I sign in from every time? That's the problem.


Well, it shouldn't if you are signing into iCloud.com. It always will require a Verification Code if you are signing into your Apple iD account. Do you sign out of iCloud.com when you are done? Have you checked to make sure that the little box is selected:


User uploaded file


Just checkin'....


GB

Jun 23, 2018 5:14 PM in response to Shelia Addison

That makes zero sense from a security perspective.

Incorrect. It makes perfect sense.


2FA does not protecct your device. It protects your account.


2FA is secure when used, and understood, as designed. Without physical access to your unlocked device, nobody can make use of your username and password.


You use your strong local password to unlock your device, where you ask for, and receive a verification code from Apple to access your account.


If I have your locked device, I can't see and make use of the code.


If I have your unlocked device AND your username and password, only then could I compromise your account.

Two-factor authentication on my Macbook sends a code... to my Macbook??

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.