Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Two-factor authentication asks for device passcodes - legit?
- Thread starter augu2000
- Start date
- Sort by reaction score
It depends on the TFA application. It may ask you for your mobile number (for sending of codes), pairing your device to the TFA application (via push msg, face ID, or fingerprint).
Then TFA will require the needed authentication info via text (code), push message (that you need to accept), face ID (your face ofc), or fingerprint scan (your fingerprint ofc).
Then TFA will require the needed authentication info via text (code), push message (that you need to accept), face ID (your face ofc), or fingerprint scan (your fingerprint ofc).
The reason why you are asked to identify yourself as the legitimate user using FaceID / TouchID / device passcode, is because it would be quite bad if some hacker were able to set up two-factor authentication for your phone, so this will be normal. You should only ever be asked to enter the passcode _on your device_. Anyone asking you to enter the passcode on a website, that is an attack - don't enter it. Only enter the passcode on your device.
If a family member learns your passcode, and they can access your phone, for example while you are asleep, that of course makes your device much less secure. Same if a colleague at work learns your passcode, unless you look after your device like a hawk.
Hackers are usually working remotely, so even if they had the passcode of your device, without your device it is absolutely worthless. There's absolutely nothing anyone can do with your passcode other than typing it into your device. Only if someone is specifically after _you_, and with deep pockets, they might try to trick you into handing over your passcode and then send a burglar to your home to get the matching device. If you are in doubt: Enter a random passcode instead of your correct passcode. If you are tricked by some hacker, they don't _know_ your passcode, so they will accept that random code you entered. If your phone complains, then you know you are not being tricked.
Thanks! What was kind of weird is that (I believe) that I was asked to enter a device's passcode into another device. E.g. to enter an iPhone passcode into my macbook. I don't exactly remember this, because there were several steps in the setup process, but I do think that that's what happened. It seemed strange, and made me think that my devices' passcodes/passwords were being kept in storage somewhere. Is that the case?
I wonder if it's continuity/handoff between your phone and MBP? It's enabled on my new Mini and I was a bit surprised the first time I saw it. You don't have to manually type in codes that are sent to the iPhone via SMS, which is handy. But I don't ever recall having it ask for my phones unlock code, if that's what you mean.
I recall getting a message on the Mac that I had to unlock my phone in order to do something like import photos, but that needed to be entered on the phone itself.
Continuity features and requirements for Apple devices - Apple Support
Continuity features make it seamless to move between your Mac, iPhone, iPad, Apple Watch, Apple TV, and Apple Vision Pro devices that meet the system requirements.