2-step verification

Discussion in 'Apple Music, Apple Pay, iCloud, Apple Services' started by crashoverride77, Sep 20, 2014.

  1. crashoverride77 macrumors 65816

    Joined:
    Jan 27, 2014
    #1
    so 2step is finally working on iCloud.com apart from find my iphone. So when you go to look for a device you can still ERASE it. It even warns you that it will remove the device from your trusted list.
    This is awesome because if your password gets stolen all your devices can be erased and removed from trusted devices and you can only log back in via your Security code. :mad:
     
  2. madsci954 macrumors 68030

    Joined:
    Oct 14, 2011
    Location:
    Ohio
    #2
    Another way to look at it, you only have one device. It gets stolen, how are you suppose track or lock it? In its current state, you change your password, and restore your backup. The backups are encypted (if you use a passcode or Touch ID) now and your cloud data is safe.
     
  3. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #3
    Unfortunately nothing has changed with regard to the security of iCloud backups. It is still possible to download the backup with just the iCloud password and extract most of the data (the only exception being data that are tied to the device, like the keychain). The only thing that has changed is that users now receive a notification when their cloud backup has been accessed (previously hackers could download the backup without the owner ever knowing).
     
  4. anyjungleinguy macrumors regular

    Joined:
    Mar 6, 2012
    #4
    False.
     
  5. crashoverride77 thread starter macrumors 65816

    Joined:
    Jan 27, 2014
    #5
    I agree with you its just weird since 2 step is ment to make your account more secure. So a stolen password is not a disaster especially now since it works on iCloud.com apart from the fact that all your devices can still be whiped.
    Why not allow find my ihpone but to erase it you will need your 2step verification key?
     
  6. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #6
    This is just a bug in the Elcomsoft tool. Restoring an iCloud backup from an account with 2-factor authentication does still NOT require a secondary code. You can easily try this yourself by restoring a cloud backup to an iOS device.
     
  7. anyjungleinguy macrumors regular

    Joined:
    Mar 6, 2012
    #7
    You can't sign into a iCloud on a new device without a two factor authentication code. If you can't sign into iCloud, you can't restore from an iCloud backup.
     
  8. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #8
    I restored a new phone from an iCloud backup just yesterday. I did it from the initial setup process (the same that you get after erasing a phone). I was never asked for a secondary code.
     
  9. Solver macrumors 6502a

    Joined:
    Jan 6, 2004
    Location:
    Cupertino, CA
    #9
    Did your account have two factor authentication activated?

    Mine is activated and I couldn't restore a backup on a new device without a second authentication.
     
  10. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #10
    Yes, of course.
    Well, that's not what I saw yesterday (but it's exactly how I think it *should* work). I don't have another new iOS device to test right now unfortunately.
     
  11. Primejimbo, Sep 21, 2014
    Last edited: Sep 21, 2014

    Primejimbo macrumors 68040

    Joined:
    Aug 10, 2008
    Location:
    Around
    #11
    When I set up my new iPhone 6 and my wife did too, it asked us. We sent it a text to the phone we were setting up and it went from there. Even when I upgraded my iPhone 5s to iOS 8 it asked me to verify myself. Not sure what you're doing, but 3 times it asked me.

    My daughter ran into it also updating to iOS 8 along with mom on her iPad. Both also have 2 step verification set up.

    So 5 family members had this happen and people on here had it happen, something tells me you don't have it set up.
    It happens to me too, I was very happy
     
  12. crashoverride77 thread starter macrumors 65816

    Joined:
    Jan 27, 2014
    #12
    Yeah they have definitely added two factor to the set up process, I had to verify both my iPad and IPhone during the setup process for iOS 8. I think it's great same goes for iCloud.com, I just wish you couldn't erase in find my iPhone without second verification first.
     
  13. Primejimbo macrumors 68040

    Joined:
    Aug 10, 2008
    Location:
    Around
    #13
    But if the worse that can happen is they wipe my phone and I just have to restore it, I can live with it. It's a lot better than someone stealing your data.
     
  14. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #14
    Depends on the situation. I'm quite dependent on my phone when traveling these days, and it's not so easy to restore then. Also remember that they can just as well wipe your computer if you have "Find my Mac" activated (which is what happened to Matt Honan when his account was hacked).

    I agree that 2-factor should be enabled for "Find my iPhone". At least we now get a notification when someone logs into iCloud from an unknown device and starts tracking our location ...
     
  15. crashoverride77 thread starter macrumors 65816

    Joined:
    Jan 27, 2014
    #15
    This is the problem I see, the hassle of doing the resets. It's great that the data is safe and find my iPhone should work without 2step, just not the ERASING and LOCKING.
    If someone gets the password of an Apple ID and they realise that 2step is on they will almost certainly erase the devices, even if it's just for fun because they cannot do anything else. Exactly like you said happened to Matt, and if you have no backup you could loose a lot of private data.
     
  16. Primejimbo macrumors 68040

    Joined:
    Aug 10, 2008
    Location:
    Around
    #16
    At least it's a step in the right direction. As long as you don't use the same password for multiple things, you should be fine, but I do see your point. Seeing I have Touch ID now, I am going to make my iTunes password a little longer now. It's not bad now, but I think it could be better.
     
  17. crashoverride77 thread starter macrumors 65816

    Joined:
    Jan 27, 2014
    #17
    Yes it is. Not having 2 step before on icloud.com and during ios set ups was a major flaw, and hindered me to moving all my emails to an icloud alias.
     
  18. Solomani macrumors 68030

    Solomani

    Joined:
    Sep 25, 2012
    Location:
    Alberto, Canado
    #18
    Need clarification regarding 2-Step Authentication:

    The iCloud website states you need "another device", and that devices needs to be able to verify using SMS. But that device also needs to authenticate using a valid phone number.

    Sooo…. this means that iPads, iPods, PC/Mac cannot be used to verify a 2-Step Authentication. In other words, someone correct me if I am wrong, an iPhone (or another smartphone) is absolutely necessary to own in order to even initiate 2-Step Authentication?

    For example, an iMac or a PC can send messages via SMS easily. But they don't have phone numbers. Same can be said with an iPad Air or an iPod touch.
     
  19. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #19
    Apple can deliver the authentication codes to any iOS device via Apple Push Notification as long as it has Internet access. The trusted phone numbers for SMS are an additional delivery channel (and the number doesn't have to belong to an iPhone, but can be any type of phone that can receive SMS). So yes, you can add your iPad as a trusted device. Using a PC/Mac is currently not possible though. As far as I remember, you are required to add at least one trusted phone number.
     
  20. MoodyM macrumors 6502a

    MoodyM

    Joined:
    Aug 14, 2008
    #20
    I got asked on my iPhone 6 Plus today to verify. The only 2 options I had were "iPhone 6 Plus" or "phone number ending xxx".

    So basically I'm verifying that device from the device that I'm already on...
     
  21. crashoverride77, Sep 24, 2014
    Last edited: Sep 24, 2014

    crashoverride77 thread starter macrumors 65816

    Joined:
    Jan 27, 2014
    #21
    Yes you MUST HAVE at least one valid phone number (on a device SMS Capable) to use 2step but I don't think it has to be an iphone. In addition to the phone number you can use other ios devices like iPads/iPods if you got find my iPhone turned on (think you must install the app as well).
    That's what I do, use my iPad air and my telephone number. You cannot use Macs yet as a trusted device. We don't know yet how Apple will handle 2step via SMS with continuity working on ios8 and OS X Yosemite, probably the reason they delayed SMS continuity until October to figure this out.
    Hope that helps but feel free to ask more questions
     

Share This Page