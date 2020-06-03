We have recently explained what is double factor authentication and below how to activate and use it on our devices, and the topic still gives more. Today we’ll see some idiosyncrasies of how two-factor authentication works on our devices and how we can configure some details of great importance for optimal operation.

How we protect our Apple ID if the code is displayed on the device

One of the questions that I am asked the most during the training about double factor authentication is What’s the point?

At first glance it might appear that if the code needed to log into the Apple ID is received on the device, it does not represent a major security improvement. But we must take into account a matter of great importance: devices are always locked.

Seen this way, to access our Apple ID, you need the password and, in addition, access and be able to unlock one of our trusted devices. We call a trusted device the one in which We have already logged in with our Apple ID at some point and that, therefore, it is able to show us the security codes necessary to log in again.

If a third party has access to a person’s device and it is also unlocked, access to two-factor authentication verification codes surely it is the least of the worries. On the device is all the information of the Apple ID and also the options to manage it, how to change the password for example, so the situation is serious in itself.

And if I don’t have the device at hand￼

Another important question is what happens when I don’t have my device at hand. Two-factor authentication is designed to provide us with access to our Apple ID from one of several Apple devices. In this sense if we are trying to log into a new iPad we receive the code on our iPhone or on our Mac or on our Apple Watch. But what happens when we only have one device? And, even more, what happens if we do not have any device at that time?

Even having a single device, activating two-factor authentication provides the same security to our Apple ID account as if we had many points in which to receive the code. Keep in mind that Apple offers to send us a code by SMS in case we do not have our device within reach and, therefore, we can use the system even if we only have an iPhone.

It is very important that we correctly update the trusted telephone numbers that can receive our code if we need it. Further, especially if we travel abroad, and especially if we do it only with our iPhoneIt is very interesting that we add the phone number of our family or friends to the list of trusted numbers. The reason is simple: In case the iPhone disappears, obtaining a duplicate of the SIM card, necessary to receive the codes and be able to log in to iCloud or a new device, can be either very difficult or directly impossible depending on the operator.

We can manage trusted phone numbers from our iPhone or iPad in Settings> Our name> Password and security> Edit> Add phone number. From our Mac we will do it in System Preferences> Apple ID> Password and security> Edit> “+”.

The importance of SIM and eSIM

Regarding the trusted phone numbers that we have just talked about, another detail to keep in mind about the security of the codes that are sent by SMS is that the physical card of an iPhone can be removed from the phone. Instead if we use an eSIM we can be sure that only the phone where it is located installed you can receive the codes that are sent via SMS. In this sense, if we have the option of using an eSIM with our operator, we can consider the change. A change that will also benefit us in other services that rely on SMS to send codes.

All in all, double factor authentication in our Apple ID is a huge little function that has several interesting details in its operation. At first glance it may seem simple, and Apple has invested a lot of dedication in making it so, but if we work on it we will see that it has details that are important to know.

