Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Increases Account Security With Optional Two-Step Verification System for Apple IDs

GenesisST said:
Hmmm... not there for me... US-only or gradual deployment or both?

EDIT: And yes, my password is compliant...
Click to expand...

nutmac said:
Me neither. None of 3 Apple ID accounts that I have tried (all US) have two-step verification available.
Click to expand...

fruitpunch.ben said:
Logged in to appleid.apple.com and can't find the option. Anyone know how the rollout is happening?
Click to expand...

From the article:

9to5mac said:
In which countries is two-step verification available?

Initially, two-step verification is being offered in the U.S., UK, Australia, Ireland, and New Zealand. Additional countries will be added over time. When your country is added, two-step verification will automatically appear in the Password and Security section of Manage My Apple ID when you sign in to My Apple ID.
Click to expand...

If you're not in those countries, you aren't going to see it yet.

Redbeard25 said:
They can't send the verification code via iMessage or email?
Click to expand...

No, because email isn't a trusted device. If you're using iMessage, you should already be on an iPhone, iPad, or a Mac, which would already be trusted. Anyone could get to your email; ask those who have had hotmail/yahoo/etc. hacked, like the guy that had all of his info wiped, Mat Honan. All it took was his email address and info from a site like Facebook.

Believe me, people may think this is annoying and inconvenient, but rhett said it best; you'll be better off dealing with this annoyance than spending time fixing identity theft, stolen CC numbers, and all sorts of **** being done in your name. In this aspect, TFA (Two Factor Authentication) is the best, hands down.

BL.
 
Only one trusted device?!?

I want my iPhone, iPad, and Mac to all be trusted devices so that, if I lose one, I will easily and seamlessly be able to carry on -- without the hassle of needing to keep track of a recovery key.
 
Enabled.

Noticed that they're keen to ensure you know that if something goes wrong it's your fault and Apple can't help you. It reminded me around 4 times during the process that if I lose the recovery key and forget my password / lose access to my trusted device then Apple can't help at all.

Covering their butts from a legal standpoint if someone alleges that Apple is to blame if account access is lost, I'm guessing.

----------
mcarling said:
I want my iPhone, iPad, and Mac to all be trusted devices so that, if I lose one, I will easily and seamlessly be able to carry on -- without the hassle of needing to keep track of a recovery key.
Click to expand...

You can select multiple trusted devices during the set up. It only requires at least one (and a recommended SMS-enabled device). But not Macs, only iOS devices as far as I can tell.
 
zin said:
Enabled.

Noticed that they're keen to ensure you know that if something goes wrong it's your fault and Apple can't help you. It reminded me around 4 times during the process that if I lose the recovery key and forget my password / lose access to my trusted device then Apple can't help at all.

Covering their butts from a legal standpoint if someone alleges that Apple is to blame if account access is lost, I'm guessing.
Click to expand...

Pretty sure that's to keep social engineering at a minimum. Since, ya know, that's the whole point.
 
Biometrics

When are we all going to stop messing with passwords and start using our thumbs or iris scan instead. We have the technology and it is relatively cheap to implement. I use 1Password now for storing all of this which is easier than remembering hundreds of passwords but still a pain.

Lets all go with something that we always have with us that can't be cracked. Steve Jobs said it, fingers.
 
zin said:
Noticed that they're keen to ensure you know that if something goes wrong it's your fault and Apple can't help you. It reminded me around 4 times during the process that if I lose the recovery key and forget my password / lose access to my trusted device then Apple can't help at all.

You can select multiple trusted devices during the set up. It only requires at least one (and a recommended SMS-enabled device). But not Macs, only iOS devices as far as I can tell.
Click to expand...

The first part is standard - basically they're telling you that you're setting your own lock, and if you forget, there's no way that they can help you out. You actually want this, as it closes the social engineering hole.

The second part is also fine, other communications can be intercepted more easily than SMS.

HOWEVER, I've never turned on verification with Gmail as I don't want Google matching up my phone number and my email account. Hell, if I lose my access to Gmail, no big deal, I'd just get another account.
 
It's a shame they can't use the same authentication that I use on Google, Dropbox, Facebook, and Lastpass. The Google Authenticator app works for all of these sites...
 
YES!!! Finally!

Thank you Apple. No longer will my password be the _only_ thing stopping someone from remotely wiping all my OS X/iOS devices.

(I assume this is done right. If not, I'll come back here and complain. :p)

Edit: Looks good, except "Initially, two-step verification is being offered in the U.S., UK, Australia, Ireland, and New Zealand. Additional countries will be added over time." Looks like I'll have to wait until it's in Canada. I hope not long.
 
Last edited:
dmrowley said:
It's a shame they can't use the same authentication that I use on Google, Dropbox, Facebook, and Lastpass. The Google Authenticator app works for all of these sites...
Click to expand...

But the problem there is single point of failure. If the Authenticator app gets compromised, Everything you have is compromised. You only have one layer of authentication there, which gets you into everything you have.

That is the problem that Apple has resolved.

BL.
 
ziggyonice said:
Seriously? Google introduces two-step verification and everyone goes gaga.

Apple introduces two-step verification and people complain.

Really sick of the anti-Apple everything happening these days. Sheesh.
Click to expand...

I'll turn it on for this since it seems to be per DEVICE and I only have so many devices that need to access my apple app/itunes accounts. Or will I need to do this for every app on my device? Any app that wants to do in-app purchases or just once for the whole device (so 3 times total: MacBook, iPad, iPhone).

On my Google account I did the two-step but I can't believe how many apps I have set up to access to google (mail, reader, calendar, etc.) on so many different devices. Every so often something doesn't work and I can't remember if I haven't used it since I enabled the 2-step or did it stop for some reason.

Gary
 
Last edited:
jonAppleSeed said:
In before the google lovers claim Android had this first.
Apple gets it right!
Click to expand...

Huh? Google supports sending your code via SMS too. They also have an app that provides rolling codes if you don't want to rely on SMS. How is Apple's version better? It seems both use almost the exact same method.
 
bradl said:
From the article:



If you're not in those countries, you aren't going to see it yet.



No, because email isn't a trusted device. If you're using iMessage, you should already be on an iPhone, iPad, or a Mac, which would already be trusted. Anyone could get to your email; ask those who have had hotmail/yahoo/etc. hacked, like the guy that had all of his info wiped, Mat Honan. All it took was his email address and info from a site like Facebook.

Believe me, people may think this is annoying and inconvenient, but rhett said it best; you'll be better off dealing with this annoyance than spending time fixing identity theft, stolen CC numbers, and all sorts of **** being done in your name. In this aspect, TFA (Two Factor Authentication) is the best, hands down.

BL.
Click to expand...

Thanks! I hadn't reach the bottom of the page on support.apple.com...

If there's the US plus the big Commonwealth countries and Ireland, then why isn't Canada there... I blame our government (for lack of a better term)! :D

And I agree with you, a minor annoyance for being a bit more secure is a good price to pay!
 
Johnny Vegas said:
Optional today, mandatory tomorrow. Even though online security is necessary, my hope is that it will be less annoying in the future.

~JV
Click to expand...
Nothing more productive than being pre annoyed by a possible future. Google is still optional on two step verification.
 
mcarling said:
I want my iPhone, iPad, and Mac to all be trusted devices so that, if I lose one, I will easily and seamlessly be able to carry on -- without the hassle of needing to keep track of a recovery key.
Click to expand...

Recovery keys are good stuff. You don't need to necessarily keep them in your wallet or anything like that. Me personally....I have a random account online somewhere that only serves to host recovery codes to a couple of my online accounts. There's nothing identifiable about the accounts to outside eyes and its tucked away in a corner of the internet anytime I need it.

This is just my little ole opinion, but Apple's way of doing this is a bit less of a hassle than Google, where you need to verify logins every 30 days
 
marathon_man5.jpg



Is it safe :D ? (The movie "Marathon Man")
 
About damn time. Thanks for finally joining the party Apple!

----------

Pretty crap that you cant use a Mac as a trusted device. I'd rather have to go home and login than have my phone stollen and have that as my trusted device.

The whole point of two phase is that you have two devices, so as it stands if you use 2 step on your iPhone, someone still only needs the password and Apple will give them the key as they are on the trusted device.
 
dmrowley said:
It's a shame they can't use the same authentication that I use on Google, Dropbox, Facebook, and Lastpass. The Google Authenticator app works for all of these sites...
Click to expand...

As far as I know Facebook doesn't work with Google Authenticator, but instead requires you to use its own iOS app. Care to enlighten me?
 
Microsoft Already Does it

It is so annoying when trying to enter a Xbox redeme code into the online xbox.com it prompts a code to my email and have to input it before i can even look at my account. So annoying.
 
bradl said:
But the problem there is single point of failure. If the Authenticator app gets compromised, Everything you have is compromised. You only have one layer of authentication there, which gets you into everything you have.

That is the problem that Apple has resolved.

BL.
Click to expand...

Huh? The authenticator app is not a single point of failure. It still requires your Google password to authenticate (thus 2-step authentication). Apple's version is no more secure. In fact, relying on SMS and the Find My Phone app makes it less secure than the authenticator app as there is much less chance of getting access to the authenticator app since it does not send any data over any network.
 
bradl said:
But the problem there is single point of failure. If the Authenticator app gets compromised, Everything you have is compromised. You only have one layer of authentication there, which gets you into everything you have.

That is the problem that Apple has resolved.

BL.
Click to expand...
This makes no sense. Care to elaborate on the difference?

With Google's two-step auth, you need a password and one-time code to get in.

With Apple's two-step auth, you need a password and one-time code to get in.
 
SirYossi said:
It is so annoying when trying to enter a Xbox redeme code into the online xbox.com it prompts a code to my email and have to input it before i can even look at my account. So annoying.
Click to expand...

It may be annoying but it is better than having your account hacked with social engineering and having people use the account to steal money from your account. This is what happened to Xbox last year on a pretty big scale. Adding additional protection is the way it is going to be with every service in the near future. Relying on a single password just is not secure enough.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back