Two-factor authentication on 2017 MBP

Posted:
in Genius Bar
When I upgraded my iPhone to iOS 11, it had me convert all devices to two-factor authentication. That's fine, seems like a good way to secure my accounts.  Except the behavior on the MBP is a bit weird.  The computer is a trusted device and is logged in to the same iCloud account as everything else.  Any time I log in to my Apple ID account using the MBP, I get the little location pop-up to confirm I'm logging in near Austin. Also the other devices get a similar notification.  On the Mac it says "Your Apple ID is being used to sign in to a new device."  It's not new, it is a trusted device.  Since the MBP gets the same pop-up as all the other devices, I can click "Allow", it gives me the six digit code and I'm in.  And that is what bothers me.  How is that secure in any way? Seems to me if you give the code to the device trying to log in, you have lost any extra security.  The two-step authentication made more sense as the code always went to my phone.

Can someone explain how sending the code to the computer that is trying to log in makes any sense at all?

Comments

  • Reply 1 of 2
    cmd-zcmd-z Posts: 32member
    Think about it ... two factor authentication (2FA) is not to protect access to your computer, it is to protect access to your Apple account/ iCloud.  With 2FA, someone who happens to know your Apple log-in will not be able to log into your account from their device, at least not without you knowing ... that is the point.

    I know what you're saying, but the scenario you're thinking of would mean that someone trying to log into your account using your computer, which means (a) possession of it, and (b) able to get past your Mac's log-in screen ... sure, it could happen but that's not what 2FA is trying to protect.
    edited October 2017
  • Reply 2 of 2
    welshdogwelshdog Posts: 1,637member
    Right, but what's the point of the code if Apple already knows the device is a trusted one?  I know the code is only sent to trusted devices.  Still seems it's more secure to send the code to a device some thief wouldn't have.  
Sign In or Register to comment.