You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Apple two-factor authentication is faulty. It sends the two factor security code to the same device from which I am requesting a log-in

Apple two-factor authentication is faulty. It sends the two factor security code to the same device from which I am requesting a log-in. If I need to sign in to Apple ID, Icloud etc, I receive the code on the same device that I am trying to log in on. this is NOT 2 factor authentication. Additionally, when I just changed my apple ID password using my Macbook Pro, I could not log-in to apple ID using the same password on my phone. When I requested to change my Apple ID password on the phone, I was able to use the same password as the new password, eventually. However, I am quite confused about how this is supposed to work, because it doesn't.

The reason I needed to change my password was because I received a notification that someone tried to change my Apple ID password. So I decided I had better try to change it myself. this proved difficult, as some devices would not work with the new password. I wanted to change my apple ID itself, but since it needs to be a valid email address, this is not possible. Why can't we use a different user ID than an email address? This seems to be a major security vulnerability, as millions of people know what my email address is and can request to change the password. And because Apple 2-factor authentication sends the security code to the requesting device, it is not a secure system. Very much a flawed system.

iPhone SE, iOS 15

Posted on Jul 13, 2022 7:27 PM

Reply
Question marked as Top-ranking reply

Posted on Jul 14, 2022 11:34 AM

Apple doesn’t routinely monitor the discussions. These are mostly user to user discussions.


If you want to, you can send Apple feedback. They won't answer, but at least will know there is a problem or a suggestion for change. If enough people send feedback, it may get the problem/suggested change solved sooner. Pick the closest topic you can find.


Click here to send Feedback   -

Similar questions

2 replies
Question marked as Top-ranking reply

Jul 14, 2022 11:34 AM in response to Grangecam

Apple doesn’t routinely monitor the discussions. These are mostly user to user discussions.


If you want to, you can send Apple feedback. They won't answer, but at least will know there is a problem or a suggestion for change. If enough people send feedback, it may get the problem/suggested change solved sooner. Pick the closest topic you can find.


Click here to send Feedback   -

Jul 14, 2022 11:50 AM in response to Grangecam


Grangecam wrote:

Apple two-factor authentication is faulty. It sends the two factor security code to the same device from which I am requesting a log-in. If I need to sign in to Apple ID, Icloud etc, I receive the code on the same device that I am trying to log in on. this is NOT 2 factor authentication.

It's not faulty. It is working as designed.


2FA is designed to protect your Apple ID, not your devices. Your devices are protected by the device passcode. The "two" in two-factor authentication means that you will need two factors to log into your Apple ID. The first factor is your Apple ID password. The second is the code. Apple will send the code to all of your trusted devices. Lots of people are confused by this and think that the two factors are two different devices. You can use 2FA with just one device, but, if you do, you should have a back up trusted phone number.



Apple two-factor authentication is faulty. It sends the two factor security code to the same device from which I am requesting a log-in

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.