Apple Expanding Two-Step Verification to iCloud.com

bathurstguy · Jun 30, 2014

riskerin said:
What does one do, however, if you are logging onto another computer to iCloud, so you can use Find my iPhone to locate that trusted IOS device they would normally send the verification code to?

If someone happens to get/guess your iCloud password:
a) the user needs to take some responsibility for using a simple password or not utilising best practice
b) they may use FMiP to find you, but really - if you are suggesting they are going to mug you for your iPhone just to gain access to your iCloud account I think that is a little far fetched. What are they going to achieve in the small window of opportunity they have before you call Apple and disable your account? Purchase a song...?

We are talking about an iCloud account here people. Yes it is linked to a credit card, however in an event like this Apple would refund you any illegal purchases and/or your Credit Card company.

trrosen · Jun 30, 2014

Moronic

Stupid stupid stupid. If I have my IOS device with me why would I log into icloud? So were creating a system that only works when you don't need it?

Killerbob · Jun 30, 2014

If Apple is serious about this, they HAVE to include the countries currently NOT able to be SMSed.

I live in Greenland, and we cannot pick our coutry code (+299) in the pull-down list, for two-step authentication, or for SMS key in iCloud KeyChain syncing.

It is a disgrace!

aajeevlin · Jun 30, 2014

Killerbob said:
If Apple is serious about this, they HAVE to include the countries currently NOT able to be SMSed.

I live in Greenland, and we cannot pick our coutry code (+299) in the pull-down list, for two-step authentication, or for SMS key in iCloud KeyChain syncing.

It is a disgrace!

Apple should just go with the Google Authenticator. I have my dropbox, google, and bunch other two-factor authorization code in there. Very useful. No SMS, or needing a signal.

jdag · Jun 30, 2014

trrosen said:
Stupid stupid stupid. If I have my IOS device with me why would I log into icloud? So were creating a system that only works when you don't need it?

Really? You can't think of any reasons that, even if you have your iPhone and/or iPad with you, that you might want to use a desktop or laptop computer instead?

pubwvj · Jun 30, 2014

Pain in the butt

Two-step verification is a pain in the butt and a waste of time. This is a very bad solution that creates more problems. Apple needs to completely rethink the problem and come up with something that stops hackers without inconveniencing valid users.

Me, I avoid the cloud.

Primejimbo · Jun 30, 2014

trrosen said:
Stupid stupid stupid. If I have my IOS device with me why would I log into icloud? So were creating a system that only works when you don't need it?

Really? Just because you don't need it, so no one does? I go on a computer to type a log email, because it's so much easier.

pubwvj said:
Two-step verification is a pain in the butt and a waste of time. This is a very bad solution that creates more problems. Apple needs to completely rethink the problem and come up with something that stops hackers without inconveniencing valid users. Especially having banks accounts connected to emails, family/friends email and their contact info. Don't you want that stuff protected?

Me, I avoid the cloud.

Then don't use it. I use 2 step verification on anything that offers it. Dropbox, outlook, Facebook, and others. All or takes is one hacking, and you have a lot to fix.
Everyone makes a big deal how it's an innocence, and it's not. My home computer I log on once, click "remember this computer" and that's all. On my home computer, I don't have to do it again, how is that a big deal? Don't you want you stuff protected as much as possible?

anyjungleinguy · Jun 30, 2014

bathurstguy said:
It makes sense not to require second factor authentication for FMiP. If you have lost your iPhone, then how are you going to retrieve the code sent to your iPhone... You really need to think before posting!

Also, worst case if your device is erased, you simply restore from iCloud Backup and change your password. It really isn't that bad TBH.

You're assuming that the user only has a single option for receiving the code, which as far as I can remember, is impossible.

Regardless, you'd gain access using a backup code or, if set up, use an alternative emergency number that you specified. That should be obvious without statement, so tone down your advice on thinking before posting if you don't follow it yourself.

Having a two factor authentication system available and letting it be bypassed to allow potential attackers to not only track and remote lock devices, but also remote wipe them, is, in my opinion, moronic.

Rigby · Jun 30, 2014

aajeevlin said:
Apple should just go with the Google Authenticator. I have my dropbox, google, and bunch other two-factor authorization code in there. Very useful. No SMS, or needing a signal.

Agreed, they should add this as an additional alternative to Apple Push and SMS. Also note that the mechanism that Google Authenticator uses is not Google-proprietary, but a standardized IETF protocol. There are several other apps for iOS and Android to generate the one-time codes (personally I use this one, since it has more features than Google Authenticator).

Small White Car · Jun 30, 2014

Primejimbo said:
Then don't use it. I use 2 step verification on anything that offers it. Dropbox, outlook, Facebook, and others. All or takes is one hacking, and you have a lot to fix.

Everyone makes a big deal how it's an innocence, and it's not. My home computer I log on once, click "remember this computer" and that's all. On my home computer, I don't have to do it again, how is that a big deal? Don't you want you stuff protected as much as possible?

You do understand that clicking "remember this computer" is exactly the same as not using it at all, right?

And you're criticizing others for not using it when that's your plan too?

Primejimbo · Jun 30, 2014

Small White Car said:
You do understand that clicking "remember this computer" is exactly the same as not using it at all, right?

And you're criticizing others for not using it when that's your plan too?

This is my home computer, how is that the same not using it at all? It's just remembering that one computer, not all computers. There is also an option to log off all computers through iCloud.com. So I can go on another computer and log off if needed.
With iCloud.com, it's also the browsers too that it's saving. So you log on safari with it, it won't save it from Chrome.

If my house gets broken into, I doubt they are breaking in to go on my computer and read my email

Tech198 · Jun 30, 2014

Too early to come out, is this why apple disabled two-factor for some iCloud accounts?

It wouldn't be "accidental" if Apple only disabled it for some, not all..

Something else is a-foot.

techgeek1900 · Jun 30, 2014

Oh my

This should be great for the idiots who sign up for accounts and are too lazy to fill out the wrong answers nor writing down their information.

edgonzalez32 · Jun 30, 2014

This took way too long for them to implement.

----------

trrosen said:
Stupid stupid stupid. If I have my IOS device with me why would I log into icloud? So were creating a system that only works when you don't need it?

iCloud is not just catered towards you.

When I'm logged in at school under my username and I need to write out an email, I'm not going to do it on my phone. I'm going to use the ****ing keyboard in front of me.

EdgardasB · Jun 30, 2014

In which countries is two-step verification available?

Two-step verification is available in the countries below. When additional countries are added, two-step verification automatically appears in the “Password and Security” section of your account when you sign in to My Apple ID.

Australia
Canada
France
Germany
Ireland
Italy
Japan
New Zealand
Spain
United Kingdom
United States

ARE YOU KIDDING ME APPLE with such small supported countries list after so long period....?

Tech198 · Jun 30, 2014

I'm on the list

I wonder what Apple's reason is for NOT rolling out two factor to all counties at the same time..

I can get physical products, but this is only on Apple's servers..

I think Apple's been saying the same "When additional countries are supported..." for a while now.

trrosen said:
Stupid stupid stupid. If I have my IOS device with me why would I log into icloud? So were creating a system that only works when you don't need it?

I said the same thing a few months ago, but i have to now regret, i DO use iCloud on ios now. Mainly for Match

~Mus1cLover~ · Jun 30, 2014

MacRumors said:
[url=http://cdn.macrumors.com/im/macrumorsthreadlogodarkd.png]Image[/url]

Apple appears to be testing its two-factor authentication system on some iCloud.com accounts, asking for a verification code before allowing users with two-factor verification enabled to access various iCloud.com apps.

First noticed by AppleInsider, the two-factor verification system for iCloud.com requires users to enter a verification code sent via SMS or to a trusted iOS device before the iCloud.com versions of Mail, Contacts, Calendar, Reminders, Pages, Numbers, and Keynote can be used.

Image
Previously, accessing these apps only required an Apple ID password, but now "Find My iPhone" is the only app that remains accessible without a two-factor verification code. Computers used to access iCloud.com have a "Remember This Browser" option, requiring a verification code to be entered only once.

Originally implemented back in March of 2013, two-factor verification is an opt-in system designed to increase Apple ID account security by requiring identity verification before allowing users to make account changes or purchase content on new devices. It replaces standard security questions with a security code delivered to a trusted device.

At this time, it is unknown if Apple is simply testing the feature with some users or working on a wider rollout for all iCloud.com users with two-factor verification enabled.

Update 3:30 PM PT: Apple appears to have disabled two-factor verification for some iCloud.com accounts that previously had access to the feature, suggesting it may have seen an accidental early launch.

Article Link: Apple Expanding Two-Step Verification to iCloud.com

Are you serious? This will just be more of a pain just do a handprint recognition for this put us through less pain if you're going to lock down iCloud apps

MattInOz · Jun 30, 2014

karstas said:
In which countries is two-step verification available?

Two-step verification is available in the countries below. When additional countries are added, two-step verification automatically appears in the Password and Security section of your account when you sign in to My Apple ID.

Australia
Canada
France
Germany
Ireland
Italy
Japan
New Zealand
Spain
United Kingdom
United States

ARE YOU KIDDING ME APPLE with such small supported countries list after so long period....?

That list would cover what 3/4 of their user base?

Oletros · Jun 30, 2014

karstas said:
In which countries is two-step verification available?

Two-step verification is available in the countries below. When additional countries are added, two-step verification automatically appears in the Password and Security section of your account when you sign in to My Apple ID.

Australia
Canada
France
Germany
Ireland
Italy
Japan
New Zealand
Spain
United Kingdom
United States

ARE YOU KIDDING ME APPLE with such small supported countries list after so long period....?

Is the problem of using SMS as validation system. And worse, even in the supported countries, if you don't have a sanctioned carrier, it won't work the SMS authorization.

SeaFox · Jun 30, 2014

Oletros said:
Please, Apple, use an standard system like TOTP used by almost all the other companies

Apple using an existing industry standard. LOL!

EdgardasB · Jun 30, 2014

MattInOz said:
That list would cover what 3/4 of their user base?

So what? Even that 1/4 is more than 100million of Apple users...Furthermore, Google, Dropbox, Hotmail, Facebook, Twitter and other OS supports almost all available countries/ languages...

----------

Oletros said:
Is the problem of using SMS as validation system. And worse, even in the supported countries, if you don't have a sanctioned carrier, it won't work the SMS authorization.

Check iCloud keychain sms verfication supported countries, it has almost all countries included

Tech198 · Jul 1, 2014

Unfortunately, the reason i'll never use two factor from Apple it's you need a trusted device.. I actually only found SMS to work because i had to first trust my iPhone.

Why must i have a "trusted device" set up, like my iPhone, just so i can use two factor from Apple? More secure i gather.

Just do what Google does and require two factor once enabled..giving you number does not make it trusted.

Trusted devices are only if you Don't always need a code. I dunno why Apple makes you jump through hoops.

Google authenticator is good to

Primejimbo · Jul 1, 2014

Tech198 said:
Unfortunately, the reason i'll never use two factor from Apple it's you need a trusted device.. I actually only found SMS to work because i had to first trust my iPhone.

Why must i have a "trusted device" set up, like my iPhone, just so i can use two factor from Apple? More secure i gather.

Just do what Google does and require two factor once enabled..giving you number does not make it trusted.

Trusted devices are only if you Don't always need a code. I dunno why Apple makes you jump through hoops.

Google authenticator is good to

Edit: I miss read this post. Sorry

mono1980 · Jul 1, 2014

As usual, people have to bitch about everything.

Fuchal · Jul 1, 2014

This can't come fast enough. I was surprised it wasn't already implemented when I turned on two step for my apple id.

Apple Expanding Two-Step Verification to iCloud.com

macrumors newbie

macrumors regular

macrumors 68000

macrumors 65816

macrumors 6502a

macrumors 68000

macrumors 68040

macrumors 6502

macrumors 603

macrumors G4

macrumors 68040

Cancelled

macrumors newbie

Suspended

macrumors 6502a

Cancelled

macrumors newbie

macrumors 68030

macrumors 603

macrumors 68030

macrumors 6502a

Cancelled

macrumors 68040

macrumors 6502

macrumors 68030

Our Staff