Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Tim Cook: Apple to Add Security Alerts for iCloud Users, Broaden Two-Factor Authentication
- Thread starter MacRumors
- Start date
- Sort by reaction score
^^^This
It's like saying that we should have checked out the terrorist background before they crashed a commercial plane into a building killing 1000's of innocent people.
Or
We should not let 9 year old girls handle UZI machine guns after accidentally killing her instructor.
The damage is already done and is irreversible. I'm just surprised that Apple let this happen in the first place. You're sitting on all this money so it's not like you don't have the resource to hire outside vendors to find weaknesses in the system.
He's also clever. Apple still hasn't addressed or admitted to their initial screw up that led to all of this. Yes they fixed the multiple login attempts but have not addressed it. If they weren't going to be introducing so many shiny new products in 4 days, the press would be asking questions about that mistake. It's a gamble but how much do you wanna bet no one calls them out on their security goof this Tuesday? Tim is willing to bet all will be forgiven by then.
I never said that. What are you talking about? But Apple needs to improve their security practices. That no one can question.
I agree Tim Cook admitting they screwed up is good but a "fantastic CEO" would foresee this and prevent it from happening before it happens. He's definately got some room to improve...
I want to set up 2 step authorization but can't remember my security question answers. (Well, I think I remember but it's not accepting them.) Apparently I don't have an emergency email with Apple so I have to call support. Thus, I keep putting it off.
Guess I was lucky in that I had such a crummy teacher I actually remembered his name when I signed up for two factor the other day, lol.
or not have backups in the cloud (have local only), which is another option you can choose to make this sort of thing impossible.
That works well for people who never travel but I travel a lot for work and need my stuff synced while I'm on the road.
If you somehow still think Apple's security doesn't SUCK DONKEY BALLS, see:
http://mashable.com/2014/09/04/i-hacked-my-own-icloud-account/
http://mashable.com/2014/09/04/i-hacked-my-own-icloud-account/
Actually, they have inside people constantly testing the system for flaws. Like a security expert in another article says, Apple is trying to balance ease of use with high security. Anyone who has worked for a company who locks down their employee computers to the point of almost making them unusable for work understands this. I have one client who can't use iTunes at work to find music for shows, even though she is the company's show director. She has to do it at home on her own computer. She's also my only client who can't share files on Dropbox with me so I have to have a special Box account just for them. It's ridiculous.
Last edited:
I feel really sorry for all those people who got their private stuff stolen and broadcast around the net.
But the truth is, If software companies used robust authentication system, most folks would not use them. Or complain that it is too inconvenient. So they try to find a ballance between ease of use and security.... two things that really don't go together well.
I jumped on 2 step as soon as it was available and actually forgot I had it until I wiped my device and tried to restore it.
I like it. And i am also glad Apple is expanding it.
But the truth is, If software companies used robust authentication system, most folks would not use them. Or complain that it is too inconvenient. So they try to find a ballance between ease of use and security.... two things that really don't go together well.
I jumped on 2 step as soon as it was available and actually forgot I had it until I wiped my device and tried to restore it.
I like it. And i am also glad Apple is expanding it.
But here's the thing: if I've lost my pw to a site, that means I've somehow lost access to my pw manager app. Turning the security question answers into just three more "passwords," stored in the same app, doesn't solve the problem -- I won't be able to recover those, either.
I guess the fallback position is to just accept that you won't be able to recover a pw if you lose it, but that could be a real headache for certain sites/services.
Security questions do feel like a weak link, and they have always made me uncomfortable, but I can see how it can be a reasonable risk/compromise to allow a user to reset a pw via a combination of BOTH (a) knowing the answers to the questions, and (b) being able to access the recovery-link email. Heck, I've had to do it several times myself...
Last edited:
How?
How do you do local backups? I don't own a computer - can I backup to a thumb drive or something?
How do you do local backups? I don't own a computer - can I backup to a thumb drive or something?
I don't want 2 factor authentication based on SMS messages pushed down my throat. Apple should use the same scheme Dropbox uses and allow for off-line apps to generate the token. At least give that choice. SMS doesn't work that well when traveling abroad without roaming
Let me answer my own question.
http://support.apple.com/kb/HT5787
If I had been in charge, I would have immediately drawn a huge X through that whole mess and fired the person who was stupid enough to have presented it as an option. The very first time I was ever confronted with such, I treated the security questions as additional passwords and generated them randomly with KeePass as I do all my passwords. Then if asked, I entered a fake birth date. I record all this information in the KeePass "Notes" field for the database entry. I realize most people aren't this security conscious, and they shouldn't be set up to fail.
Can't confirm what a TMZ article says but it says there's indication that at least a few of the people gave up their own log in credentials because of a phishing email they thought was from Apple. And it seems Kate Upton's photos were actually from her boyfriend's account since there were also pics and videos of other women in the stash (in one of the videos a girl actually addresses him by name so that's how they know it's his). There are a whole bunch of human mistakes at play here that could account for most of the mess.
----------
I don't want 2 factor authentication based on SMS messages pushed down my throat. Apple should use the same scheme Dropbox uses and allow for off-line apps to generate the token. At least give that choice. SMS doesn't work that well when traveling abroad without roaming
Would you really be initiating a new device to your iCloud account while traveling abroad? That doesn't sound very smart.
I think you're missing the "and a little bit of luck" bit in that article. You also still need to know someone's password.
I choose not to use 2factor because every extra step is a PITA. To compensate for my astonishing lack of security awareness I don't take nudie pics.
What city were you born in?
sO3*-3h*j-H^ea-9UrI
Also, coming soon: technology consultant abuses his position to download naked pictures... If they get taken, they will find a way out. Like a caged animal in a zoo, they yearn to be free subconsciously, even having been born in captivity.