Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Expanding Two-Step Verification to iCloud.com

trrosen said:
Stupid stupid stupid. If I have my IOS device with me why would I log into icloud? So were creating a system that only works when you don't need it?
Click to expand...

Just because you don't log in doesn't mean others don't, and if someone were to try and compromise your account anyways they would use iCloud.com to gain access since they don't have access to your iPhone.

This isn't stupid, this is the right step into preventing all of the social engineering that surrounds the security issues of today. Social engineering is more common place now a days than any other type of "hacking."
 
bushido said:
lol my family will never understand this .... they already dont get those security questions. my sister for example is always like "huh??? how does it know what my favorite book is????" and my aunt is like "what is an apple id? ... after putting in her gmail account info for like 5 times and getting her apple id blocked" :rolleyes:
Click to expand...

That is the most true, and funniest thing, that I have heard today! :)
 
It is great to see Apple continuing to lead the way in terms of enhancing security. I just wish others would follow that lead with all the hacking and compromising of data going on.
 
dumastudetto said:
It is great to see Apple continuing to lead the way in terms of enhancing security. I just wish others would follow that lead with all the hacking and compromising of data going on.
Click to expand...

Lead - no, they're behind the curve significantly. take a look at Google and others how have better security.
 
maflynn said:
Lead - no, they're behind the curve significantly. take a look at Google and others how have better security.
Click to expand...

Yes, to a large part, I agree. Gmail has had two-step authentication for ages and the use of Authenticator makes the process very quick. I use the Authenticator with LogMeIn, Wordpress, Microsoft and Facebook.

I'd be interested to know how many people reading this thread now have two-step active?

Could Macrumors activate a pole to find out?
 
anyjungleinguy said:
You're assuming that the user only has a single option for receiving the code, which as far as I can remember, is impossible.

Regardless, you'd gain access using a backup code or, if set up, use an alternative emergency number that you specified. That should be obvious without statement, so tone down your advice on thinking before posting if you don't follow it yourself.

Having a two factor authentication system available and letting it be bypassed to allow potential attackers to not only track and remote lock devices, but also remote wipe them, is, in my opinion, moronic.
Click to expand...

I didn't assume anything, unlike yourself. Most people only have one mobile, or one iPad etc. It is not impossible to have a single device for 2 factor auth, I would make the guess that this is the situation for most people.

The backup code is for reseting your AppleID password should you forget that. Nothing to do with FMiP.

If I lost my mobile, someone has access to my 2 factor auth. This isn't "bypassing" 2 factor auth. Neither is not requireing it for FMiP.
 
bathurstguy said:
I didn't assume anything, unlike yourself. Most people only have one mobile, or one iPad etc. It is not impossible to have a single device for 2 factor auth, I would make the guess that this is the situation for most people.

The backup code is for reseting your AppleID password should you forget that. Nothing to do with FMiP.

If I lost my mobile, someone has access to my 2 factor auth. This isn't "bypassing" 2 factor auth. Neither is not requireing it for FMiP.
Click to expand...

Yeah 2FA is easily possible with only one device! Since it MUST be registered to your phone number if someone steals your phone you just cancel your old sim and get a new one with the same number. You could also even simpler just log into your Apple account with your password and recovery key (backup code) and change your trusted device until you get a new phone. Not a big deal at all if you only have 1 trusted device.
The recovery key tho is not only used to reset your password, it's a 3rd authentication method of 2FA used in the situation above.
 
Last edited:
pubwvj said:
Two-step verification is a pain in the butt and a waste of time. This is a very bad solution that creates more problems. Apple needs to completely rethink the problem and come up with something that stops hackers without inconveniencing valid users.

Me, I avoid the cloud.
Click to expand...

Great logic there
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back