The Apple two-step: My disastrous attempt to use Apple’s two-factor authentication
2FA is a good idea to stay secure, but it shouldn’t be this hard to use it.
Following Glenn Fleishman’s recent article about setting up two-factor authentication to allow a wrist computer to unlock a desktop computer, I decided to turn on Apple’s augmented security to see how this feature worked.
And it was a disaster.
I activated two-factor authentication (2FA) and easily logged into my iMac, but was unable to log into any of my other devices. Apple’s support site was no help, and I eventually had to call AppleCare. The first thing I found out was that your devices become “trusted” when you’ve logged into them. Apple’s support document says:
A trusted device is an iPhone, iPad, iPod touch with iOS 9 and later, or Mac with OS X El Capitan and later that you’ve already signed in to using two-factor authentication. It’s a device we know is yours and that can be used to verify your identity by displaying a verification code from Apple when you sign in on a different device or browser.
Unfortunately, this didn’t work for me. I found that only my iMac was trusted, and even that didn’t show as being a trusted device on the Apple ID website. When I tried to get a code on my iPhone later that evening—while not in front of my iMac—I was unable to do so. It turned out that an alert displayed on my iMac asking me to allow a code to be sent to the device, but if an alert falls in a forest and no one sees it, then, well...
Interestingly, I was able to log into the Apple ID website via Safari on my iPhone. When I didn’t receive an authorization code via a system alert, I was able to request that one be sent by text message.
According to Apple’s documentation, this should have led to my iPhone being trusted, but that wasn’t the case. I needed to re-authenicate in the Settings app in order to download App Store updates, and was unable to do so.
There was no option to receive a code by SMS, and when I tapped Try Again in the dialog below, the Settings app simply crashed.
And so to AppleCare.
This experience with Apple support was disastrous. A first technician told me she would get back to me, but did not do so. It turned out she was in Singapore (I’m in the United Kingdom), and our time zones didn’t overlap very well, so she couldn’t call me back the following morning as she had promised. A second technician I contacted the next day simply didn’t understand 2FA, and some of the information he told me conflicted with the text I quoted above about how trusted devices work.
After a bit of back and forth, and his consulting with a senior advisor, his recommendation was that I erase my iPhone and restore it. This was something I was not willing to do. Most likely, I would have had to do the same with my iPad Pro, my iPad mini, my iPod touch, and perhaps even my MacBook. Because none of those devices could get codes either.
Needless to say, I just turned off 2FA. This system clearly does not work well. But imagine if I had turned on 2FA and left home to travel, thinking that all would be well. Because I wasn’t in front of the only one of my eight Apple devices that was trusted, I would have been locked out of my iCloud account.
Oh, and the feature where the Apple Watch unlocks my Macs? That didn’t work very well either.
Good job, Apple.