“Erich Riehl uses Apple’s two-factor authentication (2FA) system with his iCloud account. This is the system that Apple released in September 2015, and which replaces the older two-step system entirely in iOS 11 and macOS 10.13 High Sierra,” Glenn Fleishman writes for Macworld.(If you’re using two-step and upgrade to either of those, Apple converts you to 2FA.)”
“The first step in Apple’s 2FA is a location alert that appears on every computer and iOS [device] you own logged into the same Apple ID account,” Fleishman writes. “The notion is that you should validate that the location is correct before you proceed to get the code.”
“For Erich, however, he’s seeing a login attempt from Monroe, Louisiana, which he found confusing. He gets this alert when he is trying to log in at iCloud.com, and wondered if it were legitimate,” Fleishman writes. “Because Apple doesn’t explain when you log in that it’s going to alert you on all your connected devices, this can seem counter-intuitive when you’re using a browser—because the device from which you’re logging in tells you there’s a login attempt. The location can also be imprecise.”
Read more in the full article here.
MacDailyNews Take: Apple’s 2FA is also bit wonky because you can authenticate your device, say your MacBook, from the same MacBook, making not exactly a true 2FA system. Still, it’s more secure than not using, so enable Apple’s 2FA if you haven’t already.
That’s good to know. Whenever I do it it says someone is trying to log in from London. I live nearly 150 miles away!
Mine said someone was logging in from the International Space Station!
(Only kidding).
When I am at work in Connecticut it says I am logging in from North Carolina. I know this is the location where the company intranet accesses the extranet. So I am guessing when you all see an odd location it is because of a similar situation.
It happens on other systems, too. Yesterday, my wife tried to log into her Google account from a computer in New Mexico, but the WiFi router belonged to a company with its head office in South Dakota. We both got a notice that somebody with an IP address in Sioux Falls had apparently hacked our account. I changed passwords before we figured out what had happened.
I receive the location of Apple’s Data Centers.
My location showed up as San Jose while I live near Tucson.
Tagging by IP address is commonly wrong.
I have a Verizon iPad and an Apple iPad Pro and when at work on weekends use our Windstream supplied WiFi. At home it’s the same excepting Comcast WiFi. All three devices will show different results which can also impact ad networks.
My hidden device notified me from the grid. Damn, gotta get my quarter and head back to the arcade.