“Following Glenn Fleishmann’s recent article about setting up two-factor authentication to allow a wrist computer to unlock a desktop computer, I decided to turn on Apple’s augmented security to see how this feature worked,” Kirk McElhearn writes for Macworld.And it was a disaster.”
“I activated two-factor authentication (2FA) and easily logged into my iMac, but was unable to log into any of my other devices,” McElhearn writes. “Apple’s support site was no help, and I eventually had to call AppleCare. The first thing I found out was that your devices become ‘trusted’ when you’ve logged into them.”
“Unfortunately, this didn’t work for me,” McElhearn writes. “I found that only my iMac was trusted, and even that didn’t show as being a trusted device on the Apple ID website… Needless to say, I just turned off 2FA. This system clearly does not work well.”
Read more in the full article here.
MacDailyNews Take: We’ve had better luck. Have you, too, or did your experience with Apple’s two-factor authentication more closely mirror Kirk’s?
I have used 2FA for a while. I believe that strengthening online security is a worthy endeavour and I’ve found Apple’s solutions to be reliable and reasonably easy to implement.
I often get a warning that my Apple ID is being used to sign into a device near Perth Australia when I’m signing into a new device. I’m in Sydney Australia about 4,000 Kms away. My locations are all set correctly on every device.
I live in about the most southern point of Spain you can get, when I tried TFA, it showed me a map view and text location of an attempt in Madrid. It was bad experience and like the author – only worked on some devices. The crazy part is when using my iPad Pro, the TFA came to that device! To continue using my iPad I needed to enter the code — that come to *that* device. Stupid. So for all the convience it brought, it was broken.
The worst thing is it broke logging into my Apple TV (3rd Gen) but has now be resolved.
I put a new Duracel batt. in the remote that has been fighting strong for a couple of years with a LOT of use. I bought the correct batt. Can’t remember right now but it was the correct c# battery. After install the down button stopped working completely. And there is no way I will but the 4th Gen!
If GPS location isn’t available during TFA, it will go by geo-ip location which can be inaccurate, but consistent. It’s not really the fault of Apple, but rather your ISP (sort of). The bottom line is learn where your geo-ip is, and then recognize attempts outside of that as being a potential issue.
The TFA will come to any device registered to Apple with your Apple ID. Yes, it will actually come to the device you’re originally signing up with. It’s an intentional verification. Without it, one could disable all your devices if they got into your Apple ID account and you hadn’t yet turned on TFA.
For the remote, try removing the battery. Leave it out for a few hours. Then re-install. It may or may not fix it, but it’s worth a shot.
The 4th generation is pretty awesome, but if you’d rather have a 3rd, you can buy used ones or just the remote for very little money.
That sounds logical but I just checked my IP address location and it’s Sydney Australia. All devices were on this Wifi network when I was doing TFA yesterday when I got one of the warnings. I suppose it’s possible that my IP address has changed since then but I’ve never seen it as being based in Perth before. Come to think of it, I got the Perth warning when I was signing in with TFA at Sydney airport on Wednesday using cellular data.
I’ve been using it for years. It is important to print the backup key in case something unforeseen happens. Printing a code feels like a security vulnerability to me but it must be done to prevent lockout.
That’s not 2FA; it’s the older two-step authentication. They work differently.
I’ve used 2FA since Apple introduced it, never been a problem.
My $0.02.
2FA is a problem when setting up a new iphone in-store after trading in the trusted one; icloud on the new phone cannot be enabled without the 2FA code, which is sent to your other devices that may not be with you in the store; bring another portable idevice or have someone standing by at home to read you the code from your imac screen
It always send the code to a machine that I am not in front of – I wish it would default and sent to my iPhone as I always have that on me. Other than that it works great.
Didn’t you set your phone as the default device? When you set this up, it makes you decide, and the default is a phone # (your phone) so it can send you an alert/text to the phone with the 6 digit code to authenticate the login.
When I set it up, there was no way of choosing a “default” device, and on the Apple ID website, there is nothing about a default device either.
same here. no default device.
Hmm…thinking back..I did set this up the first time on my iPhone..and maybe that is why it defaulted to phone. Maybe turn it off, then start over but do it from your phone (if that’s what you want as default).
Same here. Wasn’t asked for a default device. Same problem others have had in getting message someone was logging in many miles away. Changed my password because of it. Turns out it was me logging into my Mac at home. How come they can’t map it when they can on Find Friends? Otherwise, it’s worked well as long as I disregard the warnings.
It takes a while for 2FA to recognize all devices – I don’t know why. But eventually it does. And there is no distinction between “devices” and “trusted devices”: every device with the same Apple ID becomes a trusted device, and receives the pop-up notification whenever necessary.
That’s why I switched to two-step authentication. More user-friendly. You can choose which devices are trusted, and you can choose which one trusted device will get the authentication code.
That’s totally at odds with what Apple’s support told me, and it doesn’t correspond to Apple’s technical documents either.
It’s at odds with what I experienced as well. I had a ton of devices on two-step and was dreading the necessary migration to two-factor, but it was a breeze.
Two factor killed my Apple TV. Would not send code. Went back to single. Big hassle.
It worked perfectly for me. MBP and iP6+ like a charm.
I had just updated my 15″ MBP to Sierra while I was at home in VB. Then I went on travel to DC. While there I updated my 17″ MBP to Sierra. When I activated 2FA, it sent a code to my MBP in VB. Needless to say, I had to call my daughter to get the code. I don’t understand why it did not go to my 6s+. I just accepted it and moved on.
No issues at all with either Apple two-step or two-factor authentication.
I’m guessing user error was a factor. Kirk McElhearn is always complaining about iTunes or other Apple services. Based on what I’ve read from him, especially about iTunes, he seems to be stuck in the past.
I use appleid.apple.com to manually manage my trusted devices. Just crossing your fingers and hoping something that could permanently lock you out of your own account will work is not a good idea.
Apple told me that I should be able to manage my trusted devices on the Apple ID website, but there was no such option. The person didn’t believe me, so we did screen sharing so she could see. Of course, I never got any answer as to why that was the case…
No trouble here. AppleID showed devices and also past devices as well that I needed to remove.
I have multiple IDs some going way back before @mac.com days and my FMI ID for trusted devices was made brand new just for that function.
So there maybe some legacy issue for some users.
It’s a complicated AID quagmire, where I wish we could merger AIDs but I suspect now that users are having problems, is a good reason not to. Apple even suggests separate AIDs for different functions.
The watch unlocking the desktop is not always consistent as we have more than one wireless network and if it grabs the wrong one it does not work. Otherwise it works perfectly.
When I went to the Apple Store to trade my iPhone 6 for a 7, I brought my iPad along specifically to serve the purpose of two factor authentication. We did everything at the store and it went off without a glitch. I came in and left with a fully functioning iPhone configured to a fairly complex set of apps, connections and such. Cannot see how a more pedestrian setup should be much problem.
This time everything “just worked”, which used to be Apple’s claim to fame. Nice to see that someone did a great job this time out.
I also used 2FA but found it tedious when I kept having to enter in my Apple ID when my devices somehow forget they we logged in. Also I had problems with the AppleTV 3. For some reason entering my Apple ID followed by the code was a 2 step login. Ditched 2FA after 2 weeks.
Maybe setting up your Mac with an iCloud account is not the best way. Using a local account produces a more consistent experience. 2FA, certainly is a problem if you have to log on your system that way every time.
I spent a week trying to shut it off. It keeps coming back. All it does is annoy and create false warnings. And prevent any non Apple device from using my .mac email account. A real tribute to Apple “engineering”
Have used both since they had it… Can’t recommend it enough. Everyone should have 2-step on everything that supports it.
I only ever get the 2FA numbers sent to one device, my recently-upgraded-to-Sierra MacBook Air. Even when I’m logged onto that laptop, which kind of defeats the entire purpose of 2FA.
Fortunately I can specify that the numbers be sent to my phone, although that is not an option with all of Apple’s services; their Bug Reporting service for Developers doesn’t offer the option to text a number to the phone.
Had nothing but annoyances, mostly because the device they were sending it to was in another room, and, it was kicking in much too frequently. Had to abandon it.
Been there, done that. I found that not even Apple’s first and second line tech staff understood their two-factor authentication. Further up the chain, I was (after weeks of chatter) able to get them to removed the two-factor authentication, allowing my life to become sane again. That was a year and a half ago.
For those easily confused, my experience above had nothing to do with the Watch. I was using 2FA with my Macs and it was FAILing.
Agreed, I had a hell of a time getting two factor authentication to work. Three weeks after I started the attempt it finally started working on my iMac and my MacBook Pro. Apple has serious s/w issues and has for several years now
never never use two-factor authentication.
i used and now all my 3 iphones locked
apple cant help my
i always reset my password over email but with two factor i cant,i got 6digit code send to my phone, but still everything locked nobody from apple can help my is already more than 2 weeks sorry apple but never again apple products
yes, it DOES work perfectly, when all the stars are aligned, but take this scenario as something to consider. You don’t update your credit card number, and you don’t or haven’t updated your reference phone number, and you have no other apple device except your phone. Make that your situation, and tell me how perfectly the system works. LOL. So for all the sheeple that have to be led around by the feed bucket, you’re delusional.