Using Two-Factor Without a Connection

What if you need to connect to your iCloud account, but your iPhone doesn't have an Internet connection? Then you won't get a prompt with the two-factor code, but you can still generate the code manually and use it even though your iPhone isn't connected. Two-factor codes don't need to rely on Internet connections for verification. You can also get a code from your Mac even if it isn't connected.
Video Transcript / Captions
Closed captioning for this video is available on YouTube: Using Two-Factor Without a Connection.

So one of the hesitations that people have about two factor authentication is what happens if you can't get that authentication code when you need it. Take for instance a situation like this. I'm using somebody else's computer or public computer and I want to log on to iCloud.com. I have my phone with me but it doesn't have connectivity. This could be a situation on an airplane. This could be on a situation on a cruise ship. In some remote area where you're using a wired in computer, for instance. So what happens.

Well, let's try to logon. So I'm going to logon. I'm going to enter my iCloud password. I know that. But I have no way to get my code. If you look at my iPhone you can see I'm in Airplane mode. So I have no connectivity. Despite that I'm going to go into Settings here. In Settings I'm going to go and tap on my Apple ID. Now I'm going to tap on Password & Security. Now normally if my phone was connected I would have gotten a prompt right there. Is it okay if this computer accesses iCloud.com from a web browser and I'd say okay and then it gives me my code.

But it hasn't done that because the phone isn't connected. It. It has no idea what's going on. But I'm going to tap Password & Security and it's going to confirm, I'm not connected. But there's a button there for Get Verification Code. If I tap that it's going to give me a verification code. So let me type that in. Sure enough it works! It works in this computer here even though they are not connected. They have no way to communicate with each other and my phone has no way to communicate with any server.

Because you see that those codes don't come from a central server. You're not calling out to Apple to get those codes. Right. They're being generated by an algorithm. An algorithm using your Apple ID, knowing you have the proper credentials, knowing what time it is. It's generating this code and that code can be confirmed even if there's no connection.

This is how two factor has always worked. Some of the earliest two factor devices didn't even have a connection. People could even get these little devices there that would just generate codes based on the time and, you know, some encryption data. So you don't need to have that second device connected in order to get a code in order to get access anytime you need access to iCloud. You just need to have a device like an iPhone that's setup with your Apple ID and you can then get these verification codes from that device.

But what happens in the opposite situation when you need to get the verification code from a Mac that's not connected so you can connect on another device. You have that same option here in System Preferences on your Mac. So in System Preferences go to iCloud. Then Account Details. Then under Account Details go to Security and then there's your get verification code button.

Comments: 9 Responses to “Using Two-Factor Without a Connection”

    Karl
    3 months ago

    How would you connect to iCloud without an internet connection to begin with?

    3 months ago

    Karl: You have situations where you don’t have one: like if you are using a public computer or a friend’s computer that is connected, but your iPhone is not (no mobile service and no Wi-Fi). So when asked for the two-factor code, you can get it from your iPhone even if it is not connected.

    Jacques Maurissen
    3 months ago

    When I am overseas and a verification code is sent by a bank to my iPhone, I don’t receive the code on my iPhone. Is there a way I can receive the code even though I do not have a special expensive contract allowing me to call the USA from Europe on my iPhone? Thanks, Gary!

    3 months ago

    Jacques: That’s a completely different situation. This tutorial is about Apple’s two-factor system. But another company (your bank) would need to provide their own solution to this. Check with them. Perhaps they have some other system than sending an SMS message. Perhaps you can have them send the code another way — sometimes voice is an option. Or maybe a different messaging service. Or, maybe you can find a service where you can get SMS online, like Google Voice, and use that instead of your mobile phone.

    Jf
    3 months ago

    When I log into iCloud on my Mac, (a) keychains auto brings up the passcode (hashed) after I type my login. Then it generates the 6 digit two factor code on all my devices that are online… including the Mac I am sitting at. IOW it shows me the code I am supposed to enter into the same computer!

    How is this secure? If someone got ahold of my computer all they would need is my iCloud login name.

    Kerrie Redgate
    3 months ago

    Jf, I’ve had the same question. I’ve had arguments with Apple Support staff about this. And with Gary’s great explanation here, I’m even more bewildered as to how Apple sees this as secure.
    Gary, if you have an explanation for why the code appears on the same device as the login, maybe it would be a good follow-up topic to this video. Thanks again, for your wonderful exposés.

    3 months ago

    JF, Kerrie: One way to look at it is the system and each app is a separate thing. So you can be logged into iCloud in the system, but the app is “sandboxed” and separate. So, for instance, when you try to log into iCloud.com in Safari, iCloud.com running in Safari is separate from your System being logged in to iCloud.

    Russell Johnston
    2 months ago

    That’s very interesting/informative. I always wondered how the “authenticator” apps worked without communicating directly with the site you’re logging into.
    Thanks, Gary.

    venos
    2 months ago

    Great video!!! learned something new today….

Leave a New Comment Related to "Using Two-Factor Without a Connection"

:
:
:
0/500 (500 character limit -- please state your comment succinctly and do not try to get around this limit by posting two comments)