[lxgr]

Quite disappointingly, this requires being logged in with iCloud as well as iMessage on the same device, so I can't use it on my work computer (I have different Apple IDs at work and home). I don't really see why the two need to be tangled together.

[anileated]

If you use two different Apple IDs on two different devices, how does that prevent you from using iMessage Key Verification? As far as this system is concerned, you are essentially two different people, both of whom can have key verification on independently (sort of the point).

The only scenario where this might break is if you log into personal accounts on work devices or vice-versa. I think that’d be ill-advised…

[heywire]

You sign into your personal Apple accounts on your work computer? Seems like a very bad idea to mix work and personal.

[makeitdouble]

I think many people end up in that situation.

An Apple account is required in many situations (e.g. you want to download something from the Mac Store, you want Find My Mac etc.), but Apple doesn't cleanly support multiple accounts on any of their devices (and they probably have no incentives to do so)

It's also a PITA to have single devices with single accounts. For instance 2FA is a pain, you also can't use features like sidecar.

All in all, Apple is really bad at this and makes you jump through hoops if you intend to have clean separation between your work and personal accounts.

[lxgr]

That's exactly the problem, in a nutshell. Everything is tangled in a big ball of yarn with Apple:

Theoretically the iTunes/App Store/TV account is independent of iCloud – except that it's tangled to Apple Podcasts.

- iMessage used to be mostly standalone (iCloud sync was explicitly optional!) – but not it's tied to iCloud via contact key verification.

- Books is a weird mix of iCloud (for media) and iTunes (for purchases).

- Having my device as a trusted login factor is a complete mess: I still haven't figured out what makes or doesn't make a device "capable of generating authentication codes".

- iTunes subscriptions can somehow only be managed on an Apple device or iTunes – and logging in for that purpose messes up podcasts (see the first point).

At least on macOS, it's possible to make a second account and log in to most of these cleanly, but it's still a hassle compared to e.g. Google's seamless support for multiple accounts in almost all of their products.

[octo_t]

The solution I landed on is having 2 iCloud accounts in the same “family” so things can be shared, but in a controlled manner.

[lxgr]

That's exactly what I'm not doing (iMessage is ok for me, all my iCloud data definitely not), hence no contact key verification for me.

[ezfe]

I mean, you literally are - you've signed into iMessage with your personal account on a work device.

I know it's not iCloud, but it's functionally the same as iCloud with all the checkboxes disabled.

[lxgr]

How are the two the same? iCloud automatically logs you into iMessage, but the reverse is not true.

Getting more access beyond iMessage requires another authentication (it’s definitely not just “enabling more checkboxes), and most importantly iCloud Keychain won’t even be touched without the required second factor (usually another device’s passcode on the same iCloud account).