A Macworld reader who prefers to remain unidentified (since we’re talking about security issues) wondered why Apple asked for his iPhone passcode when he was setting up two-factor authentication (2FA).
I am a great supporter of 2FA as a way to deter the potential of ne’er-do-wells achieving access to your accounts through password breaches or other problems, since 2FA requires a physically present element in your possession (like your Mac or another iOS device) to confirm an account login.
However, our reader didn’t want to give up his passcode to Apple. What’s the point of having a secret passcode that protects your data and keeps criminals, governments, and nosy parkers out of your affairs if you simply hand it over?
Hold the phone, I wrote back—quite literally: hold the phone. The problem is that Apple is explaining poorly why they’re asking for your iOS’s passcode. The company does everything in its power to never know your secret codes, and this case isn’t an exception. It’s just that Apple, in an effort at simplicity, doesn’t provide reassurance and documentation about what’s happening behind the scenes.
The dialog our reader sees reads as follows:
That sure sounds as if Apple possesses the passcode after you enter it. However, Apple uses an encryption technique in which it makes use of the passcode only when it is entered on the device to encrypt the set of data described. It doesn’t retain the passcode in unencrypted form on the device ever—the passcode itself is stored only in a cryptographically transformed version in iOS devices’ Secure Enclave chips—and the passcode isn’t passed off your device to Apple. Instead, only the encrypted form of the data becomes available on other iOS devices. Using the same passcode on these other devices unlocks that encryption on those other devices. Apple never possesses the secret: only you do. You typically see this or a similar dialog only with iCloud Keychain, which is the basis for a lot of user-access-only transfers of data via iCloud.
The uniqueness of this request for one’s iOS passcode makes it seem different, and, without a lot of reassurance, it seems wrong.
Apple explains this in painstaking detail in a white paper, “iOS Security,” updated mostly recently in January 2018. But it could provide much less exotic warm fuzzies by stating: “Your passcode never leaves your device” or something similar. It doesn’t even mention the possibility of the above dialog box in its 2FA setup instructions, seemingly an oversight.
Never take it on trust what a company is doing with your data. That makes this undocumented and underexplained portion of 2FA setup unfortunate on Apple’s part, even if we can determine that it’s still adhering to its security and privacy philosophy.
Ask Mac 911
We’ve compiled a list of the questions we get asked most frequently along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to email@example.com including screen captures as appropriate, and whether you want your full name used. Every question won’t be answered, we don’t reply to email, and we cannot provide direct troubleshooting advice.