UGH! why in the world would i want to make it MORE difficult for myself. Less security, NOT more, please Apple!
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Increases Account Security With Optional Two-Step Verification System for Apple IDs
- Thread starter MacRumors
- Start date
- Sort by reaction score
Agreed and that app also works in situations where you can't get an SMS.
I know, 99.9% of the time you need to deal with verifying your Apple ID, you're going to have SMS access but there are conceivable situations where you wouldn't, like travelling overseas or where cell service isn't available. I guess you have to fall back on that backup code in that case?
I really do think that Authenticator app (or the Apple-supplied equivalent) would have been more convenient here.
(This is yet another of my crazy extrapolations, but here goes...)
Maybe the "trusted device" concept, as Apple has currently implemented it, is merely setting the stage for biometric user identification in future iPhones and iPads. Tighter security is always more inconvenient for users. Adding the trusted device verification code is a huge improvement in security, but it's an extra hoop for users to jump through. For now.
But if and when Apple adds thumbprint scanners to iOS devices, the two-step verification hassle almost totally disappears. Any iOS device on which you swipe your thumb (and maybe other digits, just in case you need to wear a band-aid on your thumb) will become a "trusted device." You might have to enter your Apple ID password and verify it with the 4-digit challenge code sent to that device. But just once.
The biometrics would guarantee that it really is you trying to log in to your iCloud / iTunes account. Especially if the thumbprint sensor detects the density and/or other "liveness indicator" of your digit, to foil amputated thumb login attempts. The good news: your iCloud / iTunes account stays safe. The bad news: you're missing a thumb.
OK, yeah. The amputated thumb thing wouldn't be good. So maybe Apple could just use the FaceTime camera instead of a thumbprint reader. Apple has the software chops to do it, and they could leverage their years of experience with face recognition in iPhoto. Let's not forget that Apple acquired Polar Rose, and their face recognition technology and expertise, in 2010. Face recognition could be a key feature in Apple mobile and legacy computing devices in the future. Not to mention a key feature in Apple's television solution. But I digress.
And how would this biometrics benefit Apple? Well, the vast increase in ease-of-use would be a big draw. Only the latest iOS devices would have the thumbprint sensor. Or only iOS 7+ devices would have the face recognition biometrics feature (which means, of course, only the iPhone 6 and other next-gen iOS devices.) The biometric login system would be the next generation of iOS devices' "killer feature." I'd love it. Especially if Apple enforces the two-step login every time for all older devices.
Whatever they would do with the iWatch, why couldn't they just do it with existing iOS devices? Make an iOS device act as some kind of wireless login key. Whenever you type in a password on one Apple device, it'll try talking to its trusted key device via Bluetooth. If it can't, then it disallows the password field to even be used. Better yet, skip the entire login, have the Bluetooth communication be enough to both identify and authenticate the user.
I'm surprised Apple, who enjoys talking about how easy and secure everything Apple is, would even consider allowing people to have something as complicated as this. It leaves the impression that Apple accounts can either have complicated login processes or else those Apple accounts will be insecure.
Does the Google Authenticator app automatically log you into Facebook, Dropbox, etc.? If so, once that password is compromised, everything else the authenticator app logs you into is also compromised. You are basically having the application supply the password to other sites for you, but still relying only on one form of authentication that must be entered.
The two factor here is supplying two sets of qualifying credentials, with one being from a trusted device. Letting an app handle the other authentication for you does not satisfy that two factor verification. In fact, having a program that does that for you makes it worse.
Is Google's two factor auth the same as the Google Authenticator app being talked about above?
BL.
Great idea, except for the part where numerous studies have found biometric scanners can get outsmarted by gummy bears. I'm not sure where the technology stands today, but gummy bears...
Gummy bears!
Couldn't agree more. People forget that their email accounts probably have everything it would take to steal your life. Especially with the huge amounts of storage in mail accounts these days. At very least, everyone should use 2-step for emails. Theres no excuse not to really.
Thanks. I thought I read the article, but obviously not properly. I shall log in to my Australian account and see if I can get it working on that one.
Hmm...I'd still like to see Apple giving us the option to consolidate/merge multiple Apple ID accounts. Or is that now completely off the table?
Are you saying that this system by Apple is ONLY authenticated by SMS, so when they say "device" they really just mean only iPhone?
Gary
Really? I didn't know I could use it for those others. Cool
After a quick web search I don't see much on specifics and if I do, it's mostly speaking about the Android app but this page seems to have a bit http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two+factor-authentication-right-now
I really wish I could install the Google Authenticator on another device too. Right now it appears it'll only run on one device. The phone seems like the logical device since I generally have it with me, but I'm tempted to put it on the iPad instead since I could always have the authentication sent via SMS to the phone.
It'd just be easier if they supported a few devices, but I guess that's the same reason work only gives you one keyfob with the digitally rotating numbers for security, so you always know where the one is.
Gary
I'm afraid you are mistaken. The authenticator app does not allow you to login to Facebook, etc. And the authenticator app uses a time based code. I assume the code Apple sends is time sensitive too, otherwise that is not very secure.
Having access to the authenticator app would not give you access to any app that uses Google authentication. Google uses trusted devices and those are the only ones who can make changes to the authenticator app settings. The trusted devices are also the only ones who can remove authenticated apps (like feedly, etc). The Google system is exactly like the Apple system except for the more slightly more secure authenticator app. Either way both are very secure as far as we know.
I don't want any security system that would motivate anyone to remove one of my fingers or an eyeball
Gary
Got super excited and enabled this, only to discover it does absolutely nothing to protect logging into iCLoud.com. What I want is two-factor for iCloud.com logins.
I don't want any security system that would motivate anyone to remove one of my fingers or an eyeball
Gary
The dropbox page does specifically say you can use the google authenticator https://www.dropbox.com/help/363/en#2fa-apps
So does lastpass https://helpdesk.lastpass.com/security-options/google-authenticator/
I see similar pages for DreamHost, WordPress (plugin) and Amazon web services (S3 or Glacial).
I can't find anything for facebook and the Google Authenticator app.
Gary
And your point? You need your password and the time based code from the authenticator app to authenticate. The authentication is done on Google's servers not the 3rd party app. Time based rolling codes have been the standard for many years as it is very hard to break. And Google provides you with an interface for removing authentication for any app you give access to.
I can't see how this will work in my situation. My wife and I share one AppleID for purchases. Makes it hard to buy something if she has the trusted device or vice versa. Need more than one trusted device.