two-factor authentication always needed when I change the startup disk.

[Mac Hammer Fan]

I run Ventura on my internal SSD and Monterey on an external SSD. Everytime I change the the startup disk and boot I have to re-activate iCloud with the two-factor-authentication and the code of six numbers that appears on my iPhone. Is there a way to avoid it?
TIA

 

[mmkerc]

I assume you have the two factor authentication turn on in you user id.

 

[arw]

If you do not need an active internet connection on one of those systems, disabling/blocking it on one should preserve the other one. At least on Intel Macs. And unless a recent update changed this behaviour.

 

[Mac Hammer Fan]

I assume you have the two factor authentication turn on in you user id.

Indeed, and it's impossible to turn it off.

 

[DeltaMac]

Yes, once you choose to upgrade (Apple calls it an upgrade. Maybe it is.) to 2FA, you can't return or turn it off. Anything that triggers AppleID authentication (reboot to a different system, using same or different AppleID) will need that authentication.
I think at some point in the near future, Apple will require that all AppleID accounts use 2FA. Hope not. I do software work for customers and friends, in my shop in my home. Sometimes I am doing installs late at night, and I dread discovering a 2FA AppleID that I did not expect at 11PM!
I have, so far, avoided turning on 2FA on my own systems, and I ALWAYS try to remember to think when I get to the screen that asks me to "upgrade" to 2FA. I have dozens of bootable system drives, and each one might ask for an upgrade. I don't want to accidentally turn that on, with the prospect of that additional layer of "protection" staring me in the face each time.
Again, I think that Apple will make 2FA mandatory at some point. So, I will just deal with it. Just adds a couple of steps (that I have to think about--when I prefer to not be thinking ) And just another part of life in tech service, eh?

 

[NoBoMac]

Are we talking about the Studio in the signature? If so, can see why this is happening and think no way of getting around it.

Silicon Macs have a Secure Enclave processor that handles and stores security items: encryption keys, Keychains, device unique IDs, etc. For example:

Protections on accessing iCloud Keychain​

An additional layer of protection is in place to protect against a rogue device getting access to a user's iCloud Keychain. When a user enables iCloud Keychain for the first time, the device establishes a circle of trust and creates a syncing identity for itself consisting of a unique key pair stored in the device's keychain.

So what I GUESS is happening is that when you are booted into one system, the Secure Enclave contains that system's secrets. When boot into other system, the Secure Enclave gets wiped or does not match (ie. different syncing identity), need to authenticate.