How does apple verify my list of trusted devices and browsers?

When I logged in to icloud for the first time on my windows pc, my iphone made a loud notification sound and a message saying that another device has just attempted to log in to my icloud account popped up. I selected "allow" on my iphone and the verification number was then displayed. From my pc, I entered the given code and was taken to the icloud launchpad, where I received a prompt asking me if I wanted this browser to be remembered as trusted (so I dont have to go thru that process again, I assume). I selected yes and I logged out soon after. Later, I went back to icloud with a different browser and immediately another warning was displayed on my iphone. Going back to tbe browser I originally signed in on didnt ring any alarm...although it;s the same device that wants to access my account. My question is what info is exchanged in the verification process to ensure that I dont have to repeat the two factor step with a trusted device? Also, is there any data from this exchange stored on my pc?


This is ensured by storing a cryptographic proof in cookies on your local computer. In authentication schemes like this, it is often named a "token".

This allows Apple's server to later confirm that the browser is indeed trusted because the contens of the cookies are sent automatically to their server when you browse for example www.icloud.com.

The cookies are prefixed X-APPLE (for example X-APPLE-WEBAUTH-HSA-LOGIN. 2FA is HSA version 2). You'll be able to see these cookies for yourself by opening the developer tools while on for example www.icloud.com, and then access the Resources tabs and select Cookies.