You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Tuffy Nicolas
Tuffy Nicolas Author
User level: Level 2
272 points

Does a restart count as "signing out" of Apple ID account, requiring Two-factor authentication to sign back in?

I turned on "Two-factor authentication" three days ago for my Apple ID account.


From what I understand of it, having Two-factor authentication turned on means you need to have a second "trusted device" also signed in to the account in order to receive a six-digit verification code sent to that other device, which you then enter into the device you're signing in on.


My main question is simple:


If you're using a device (Mac or iPhone), are signed in to your Apple ID account with Two-factor authentication enabled, and then you "shut down" or power off -- does that mean that when you power it back up or restart, the act of restarting means that you have logged out of your Apple ID account, and will require the Two-factor authentication six-digit code to log back in to your own account?


If so, does that mean that one ALWAYS needs to bring two Apple devices when traveling, and always leave one powered on, so that you will be able to receive the six-digit code on the other one in order to log back in to the one that's powered off?


If not, does that mean that once a person has ever signed in even once on a device, it is always remembered as a "trusted" device, even after having been shut down?


My secondary question is:


I see many articles and support questions saying that once Two-factor authentication is enabled, it can never be disabled. But some sources say that there is a two-week grace window, where you can turn it off if less than two weeks have passed since you first enabled it. Which is true?

iPhone 12 mini

Posted on Apr 11, 2022 5:56 PM

Reply
Question marked as Top-ranking reply
User profile for user: Chattanoogan
Chattanoogan
User level: Level 7
25,628 points

Posted on Apr 11, 2022 6:21 PM

“Logging Off” as a Mac USER is not the same as signing-out of iCloud.


Similarly, shutting down and restarting an iPhone is not the same as signing-out of iCloud.


You will NOT need your 2FA credentials to shut-down / start-up Apple devices normally.


Most users rarely need to use their 2FA credentials; when they do, it’s usually to use a browser from an “untrusted” device OR to setup a new Apple device as “trusted.”


Re: “… does that mean that once a person has ever signed in even once on a device, it is always remembered as a "trusted" device, even after having been shut down? … “


Yes … that IS how it works !!


(note that simply using a browser on a friend’s computer does NOT “sign in” that individual’s computer to your iCloud account)

View in context

Similar questions

6 replies
Question marked as Top-ranking reply
User profile for user: Chattanoogan
Chattanoogan
User level: Level 7
25,628 points

Apr 11, 2022 6:21 PM in response to Tuffy Nicolas

“Logging Off” as a Mac USER is not the same as signing-out of iCloud.


Similarly, shutting down and restarting an iPhone is not the same as signing-out of iCloud.


You will NOT need your 2FA credentials to shut-down / start-up Apple devices normally.


Most users rarely need to use their 2FA credentials; when they do, it’s usually to use a browser from an “untrusted” device OR to setup a new Apple device as “trusted.”


Re: “… does that mean that once a person has ever signed in even once on a device, it is always remembered as a "trusted" device, even after having been shut down? … “


Yes … that IS how it works !!


(note that simply using a browser on a friend’s computer does NOT “sign in” that individual’s computer to your iCloud account)

Reply
User profile for user: Chattanoogan
Chattanoogan
User level: Level 7
25,628 points

Apr 11, 2022 6:51 PM in response to Tuffy Nicolas

Good questions:


2FA requires good computer hygeine on your “trusted devices”. Specifically your Mac user password AND iOS Passcode must remain known ONLY to you.


You must also KNOW and not disclose your AppleID password.


Plus, even when using a trusted device … to make critical security-related changes to your AppleID … you’ll STILL need to manually enter your iCloud password.


Lastly, you can setup additional “trusted numbers” to receive 2FA codes to ANY SMS or voice number(s) you designate. (The selection of these numbers warrants some serious thought - think “disaster recovery”)


Apple Card is the 1st service which I KNOW requires 2FA. There are others I can’t cite from memory.


Bottom line, there is no good reason to NOT use 2FA.


See:

Two-factor authentication for Apple ID - Apple Support

and

Apple ID security overview – Apple Support (AU)





Reply
User profile for user: Tuffy Nicolas
Tuffy Nicolas Author
User level: Level 2
272 points

Apr 11, 2022 6:23 PM in response to Zgriptzy

OK, I just now took the risk of turning off my devices, one at a time, and turning them back on, and luckily Two-factor authentication was not required to "sign back in" to my Apple ID account from the off-state of either my Mac or iPhone.


But now I'm curious in the opposite direction: If Two-factor authentication is not required to sign back in from a shut-down Mac or iPhone, then what extra security does it provide, and what function does it serve? If someone steals my Apple device, all they need to know is my normal password to log in a see everything — Two-factor authentication did not protect it at all.

Is Two-factor authentication's main function to protect your account being breached by distant hackers who somehow get your password, but don't have your actual device? Is that its main raison d'etre?


I'm also very curious about the vague statement in the Apple Support page that says "Certain features in the latest versions of iOS and macOS require this extra level of security...". What features?


If I turn off Two-factor authentication (within the two-week grace window), what features will I lose access to?

Reply
User profile for user: Tuffy Nicolas
Tuffy Nicolas Author
User level: Level 2
272 points

Apr 11, 2022 7:21 PM in response to Chattanoogan

Thanks for your help.


Even so, I decided, after a great deal of research and reading people's opinions and comments, to turn off Two-factor authentication while I still have a chance to. I was able to do so because it has been less than two weeks since I turned it on, and I was able to find the confirmation email that Apple sent me when I first turned it on, and in that email is a link that takes you to a page where you have the option to turn it off. Which I did.


From what I can tell, if I ever change my mind, I have the option to turn it back on again. But if I left it turned on for two weeks, I would never be able to change my mind back in the other direction.


If, after experiencing life without Two-factor authentication for awhile, I realize that it is helpful/necessary, then I will turn it back on. But I'm just an average schmoe who really has no need for all these extreme levels of security nor all the features that come with 2FA, so I'll try to get along without it (as I have done using Apple products since 1982 without needing it so far) and see what happens. I don't use Apple Pay, no one has any reason to hack me, my devices are kept very safe, etc., so for now I'll take simplicity over security.

Reply

Does a restart count as "signing out" of Apple ID account, requiring Two-factor authentication to sign back in?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up