I recently set up 2fa and chose google authenticator as the second method. My email accounts are outlook, gmail and icloud.
After setup I experienced what was expected, by which I mean a trade-off between convenience and security. I have struggled with outlook & thunderbird for example, my credentials (app password) expires every now and then, so I have to update every so often or just use a web browser. Gmail seems to be more stable but that isn’t my question here.
Mail on iphone (SE 2020, os 14.6) always works at first setup, never failing, despite only knowing my login password (each three providers). What is going on here? Am I dealing with a feature or a vulnerability?
Here is what I’ve considered but failed to query here or on google.
A) the smart phone connects to the server very often, therefore the app password does not expire
B) the smart phone always looks up one-time passwords on google authenticator, performing repeated logins that I do not see
C) the smart phone is a ”trusted device” that can somehow ignore 2fa
If this is a vulnerability, I would like to know if it is serious. If it is a feature, are there methods to implement it on other devices (e.g. ubuntu pc)