How to Request a Copy of Your Apple ID Account Data

So i just logged in on my iMac and straight away i get warning messages sent to my iPhone, iPad, and the same iMac i'm actually using, stating that a new device has signed into my account. It then gives me a two-factor authorisation code on the iMac that i'm currently using to input into the iMac i'm currently using.

I've had this iMac for 8 years....

You're missing the point where the login was done on a trusted device. The entire point of two factor authentication is something you know and something you have. If Apple considers the iMac trusted, then why is it asking for a PIN?

Imagine if someone else gained access to the iMac via their creds. What good is two factor if the PIN is sent to the intruder so they can just enter it?

I had the same bug, its sending me the code on the same machine it is asking me for... Very unsafe.
[doublepost=1527083880][/doublepost]

The code should not be sent to the same device! It should be sent to my iPhone or iPad, not the same machine I was using. Imagine someone else like a thief using my Mac and the code is sent straight to him!

The reason for this is that a browser does not have access to the "trusted device" data that is set up in your iCloud settings on your computer. It's, in effect, sandboxed away from all of that. This is why you get a pop up notification with the code when you're signing into an Apple webpage. Whether you're using Safari, Chrome, or Firefox, the only way a browser can send the "I'm a trusted device" flag is via a cookie, which it won't have the first time you log in.

You can test out the same behavior on iOS. Open up Safari on your iPhone or iPad, and go sign into http://appleid.apple.com. It will show a popup right there on the iOS device you're trying to sign into... for the same reason: the browser can't send the necessary "trusted device" settings the first time.

That’s how two factor authorization works. You attempt a log in and Apple sends an authorization code to your trusted devices to make sure the login attempt is from you. This method prevents a bad actor from getting into your account from an untrusted device even if they know your password.

You can read about it here: https://support.apple.com/en-us/HT204915

You're missing the point where the login was done on a trusted device. The entire point of two factor authentication is something you know and something you have. If Apple considers the iMac trusted, then why is it asking for a PIN?

Imagine if someone else gained access to the iMac via their creds. What good is two factor if the PIN is sent to the intruder so they can just enter it?

It’s not a bug. Your iMac is a known, trusted device, registered to your AppleID. An ATM on the street corner isn’t.

Well if it was a known trusted device (which it should be after 8 years) why was it asking for an authorisation code?

Read Apple’s web page again. Nobody else can use their credentials to use your stuff or login to your account. Other people with accounts on your machine can’t get into your account nor will they see the two factor authorization code. Sending an authorization code to your trusted devices is another level of security. You have to keep your personal login credentials to yourself or all bets are off. If you let other people use your trusted devices and share your password, then they can do anything they want with your stuff.

You are missing the point. What is the advantage of sending a PIN to a trusted device to ensure its trusted?

A PIN should not be sent to a device that is requesting access. It's the same as trusting the password only.

Guys I’m not complaining i am merely highlighting what must surely be a bug.

Tell me what the point of sending a device authorisation code to the actual device that is in question?

Imagine visiting an ATM at a bank and when you put your card in it asks for the PIN number but at the same time shows on the screen what the PIN number is.....

You're missing the point where the login was done on a trusted device. The entire point of two factor authentication is something you know and something you have. If Apple considers the iMac trusted, then why is it asking for a PIN?

Imagine if someone else gained access to the iMac via their creds. What good is two factor if the PIN is sent to the intruder so they can just enter it?

I agree that doesn’t make sense. The two factor should use another trusted device to show the pin, not the computer who is requesting the pin. I can’t say I’ve had that happen. My MacBook will send a pin to my phone or iPad but not to itself. Same with the iPhone and iPad. They won’t send it to themselves but to another trusted device. Very odd indeed

You are missing the point. What is the advantage of sending a PIN to a trusted device to ensure its trusted?

A PIN should not be sent to a device that is requesting access. It's the same as trusting the password only.

I had the same bug, its sending me the code on the same machine it is asking me for... Very unsafe.
[doublepost=1527083880][/doublepost]

The code should not be sent to the same device! It should be sent to my iPhone or iPad, not the same machine I was using. Imagine someone else like a thief using my Mac and the code is sent straight to him!

Exactly!

Why can’t the other people see what seems to be common sense?

Are the people who say it’s working as intended mis-reading everything in their hurry to defend Apple?