Apple Introduces Revamped Two-Factor Authentication for iOS 9 and OS X El Capitan

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jul 8, 2015.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    With the third betas of iOS 9 and OS X 10.11 El Capitan, Apple is introducing a revamped two-factor authentication system, according to both the beta release notes and a detailed support FAQ that outlines the changes.

    The new two-factor authentication system is different from Apple's existing two-step verification system, using "different methods" to trust devices and deliver verification codes. Apple also says it includes a "more streamlined user experience."

    Based on the support document, the new two-factor authentication system works similarly to the existing two-step verification system. Any device that you sign into using two-factor authentication in iOS 9 or El Capitan becomes a trusted device that can be used to verify identify when signing into other devices or services linked to an Apple ID.

    [​IMG]

    Apple recommends that iOS 9 and OS X El Capitan beta testers using the new two-factor authentication system update all of their devices to iOS 9 or El Capitan for "the best experience." As outlined in the release notes, customers who use two-factor authentication with older devices may be required to put a six-digit verification code at the end of a password instead of using a dedicated verification field.
    Older devices are also not able to receive two-factor authentication codes when used with devices running iOS 9 and El Capitan, but customers who stick with the older two-step verification system should not run into any issues as Apple tests the newer two-factor authentication system. Apple does not recommend that customers using two-step verification swap over to two-factor authentication until the feature is available to all.

    First introduced in March of 2013, two-factor verification is an opt-in system that increases the security of Apple ID accounts. Since its debut, Apple has been working to expand two-factor authentication to cover several different services like iCloud, iMessage, and FaceTime.

    It is not entirely clear what other changes the new two-factor authentication system brings to iOS and Mac devices, but the switch to a new system may allow Apple to further extend the functionality of two-factor authentication in the future.

    Update: An Apple spokesperson told Macworld that the troublesome recovery key feature that has caused people to lose their Apple ID accounts in the past has been removed in the new two-factor authentication system.

    With the existing two-step verification system, either a recovery key or a trusted device/trusted phone number is required to access an Apple ID account. If both should be lost, such as when a trusted device is stolen, an Apple ID is irretrievable.

    With the new authentication system, Apple's customer support team will help users recover their Apple IDs through a recovery process should both trusted devices and phone numbers become inaccessible.
    As noted by Apple, not all beta testers and developers will have access to the new two-factor authentication system right away, but Apple plans to add additional testers gradually as we get closer to the release of iOS 9 and OS X El Capitan.

    Article Link: Apple Introduces Revamped Two-Factor Authentication for iOS 9 and OS X El Capitan
     
  2. musika macrumors 65816

    musika

    Joined:
    Sep 2, 2010
    Location:
    New York
    #2
    I actually really like the new wallpaper in iOS 9.

    Now let's fix those icons. It's been two years.
     
  3. east85 macrumors 65816

    east85

    Joined:
    Jun 24, 2010
    #3
    Apple still refuses to use my Google Voice # for authentication purposes. Not real enough for Apple, but I use it daily. Ah well.
     
  4. jjduru macrumors member

    Joined:
    Apr 3, 2015
    #4
    Hey Juli Clover,

    Did you just post two different articles on macrumors.com that started with the same introduction?!

    Recycling at its heights, journalism at its lows.
     
  5. myname70 macrumors 6502a

    Joined:
    May 5, 2014
  6. Attirex macrumors 6502

    Joined:
    Apr 8, 2015
  7. christarp macrumors 6502

    christarp

    Joined:
    Oct 29, 2013
    #7
    Good, app specific passwords, two factor authentication, etc as it is right now is just confusing as all hell. It took me like 30 minutes to sign into imessage on my mac because of the app specific password crap. It was a PITA to set up.
     
  8. Westside guy macrumors 603

    Westside guy

    Joined:
    Oct 15, 2003
    Location:
    The soggy side of the Pacific NW
    #9
    Two-factor auth is good, but I'm glad Apple is trying to smooth out the rough edges a bit. I've had iCloud keychain suddenly forget everything a time or two, including disconnecting all my devices simultaneously. And even though it remembered my "trusted" list, it wouldn't let me sign any of my devices back in - I had to essentially reset my iCloud keychain starting from my computer (which fortunately had a more-or-less up to date copy of the keychain data).

    I'm fairly patient, and understand the complexities involved here - but when that happens to non-technical users, they're gonna squawk.
     
  9. MH01 Suspended

    MH01

    Joined:
    Feb 11, 2008
  10. OriginalMacRat macrumors 6502

    Joined:
    Mar 9, 2007
    #11
    Until Grandma gets locked out.
     
  11. farewelwilliams macrumors 68000

    Joined:
    Jun 18, 2014
    #12
    they need to relax on the rate limiting of attempted verification codes.

    i called in on Apple Support, they told me to turn off icloud and turn it on. when turning back on, I needed to send a verification code. verification code never got send to my SMS or my Google Voice, never got pushed to my iPad, and then i tried my iPod touch but the verification process said I was attempting too many codes.
     
  12. Robert.Walter macrumors 65816

    Joined:
    Jul 10, 2012
    #13
    Agree. I have to complete the App Specifice passwords things so often I wonder how I would recognize if they were bogus pfishing attempts.
     
  13. Robert.Walter macrumors 65816

    Joined:
    Jul 10, 2012
    #14
    I'm about in your category, in addition to being the guy that recommends enabling such security things to everybody and often being the one folks come to with their hiccups.

    I find the present state of the 2FA and iC Keychain to be just wobbly enough to be disconcerting to a guy like me, and confusingly unmanageable for a normal user.

    I have the latest of iOS devices connected to my Apple ID and iCloud accounts yet the iPhone 6 doesn't sync timely and the iPad Air 2 won't sync at all (I finally just turned off the keychain there after trying all known remedies.)

    The fact that the syncing of keyboard shortcuts across devices is an even bigger shambles, in that deleted shortcuts will arise from the dead never to be killed, is enough to feed the fear of malfunction (of the 2FA and iCK) that hides in the corner of one' consciousness.

    I sure hope they can finally fix these bugs as I think they are my biggest gripes in drivability outside of Safari jitteriness on iOS.
     
  14. Goldfrapp macrumors 601

    Goldfrapp

    Joined:
    Jul 31, 2005
    #15
    Idiots!

    Why are they involving humans in recovery process yet again???

    Did they not learn from the infamous 2012 case???

    Leave it 100% to machines!!

    Humans can be easily manipulated.
     
  15. Skoal macrumors 65816

    Joined:
    Nov 4, 2009
    #16
    Machines can be as well. They've changed the way "humans are involved". As with anything, if it can be secured. It can be unsecured.
     
  16. jkbuster macrumors newbie

    jkbuster

    Joined:
    Jun 9, 2007
    Location:
    Arvada, CO
    #17
    I'm guessing they take advantage of email -> text addresses provided by phone carriers. Unfortunately, Google has not made this available for Voice. I'd use it in a ton of places as well.

    As for having the ability to have them to let you back into your account in case you're locked out, I hope that isn't a requirement for everyone. As someone who operates rather securely, if I screw something up and lock myself out, I want that data to be completely inaccessible. I do not want Apple retaining a secondary backup key to access my information; only I should have the key. Though, not everyone is comfortable with the potential loss of data, which is why it should be an opt-in feature.
     
  17. mrbofus macrumors newbie

    Joined:
    Jul 22, 2002
    #18
    "The new two-factor authentication system is different from Apple's existing two-step verification system"

    "the new two-factor authentication system works similarly to the existing two-step verification system."


    So is it different or is it similar?
     
  18. jclo, Jul 8, 2015
    Last edited: Jul 8, 2015

    jclo Editor

    jclo

    Staff Member

    Joined:
    Dec 7, 2012
    Location:
    California
    #19
    Those two posts were written simultaneously because they were interrelated and it was at a time when we were doing a million things at once. I didn't mean to word them exactly the same way though, so I apologize for that, and I've changed the beta post.

    Sometimes when you write, you skip over whole words and phrases when you read it back to yourself and repetitive bits like that can go entirely under the radar. Sorry for the brain fart there.

    By the way, if you see a typo or a title/phrase/word in a post that you have an issue with, you can email us and it'll get our attention faster. It sometimes it takes me awhile to get back to the comments on a post when it's busy. tips at macrumors.com or juli at macrumors.com.
     
  19. mazz0 macrumors 68000

    mazz0

    Joined:
    Mar 23, 2011
    Location:
    Leeds, UK
    #20
    The fact that people are involved isn't what concerns me. What concerns me is that for this to work Aplle must retain the ability to access your account, meaning they can be obliged to access your account by the American government, and people hacking Apple can access your account too. This I bad news. Remember when Apple were promoting the fact that if the NSA asked for access to your account Apple were unable to comply even if they wanted to? Clearly this is no longer the case.
     
  20. jjduru macrumors member

    Joined:
    Apr 3, 2015
    #21

    I appreciate the reply and I apologize for the harsh words. Just please don't submit them at the same time, because they definitely pop-up in my notifications area one after another. I just happened to click on them right away.
     
  21. jjduru macrumors member

    Joined:
    Apr 3, 2015
    #22

    Duly noted.
     
  22. groovyd Suspended

    groovyd

    Joined:
    Jun 24, 2013
    Location:
    Atlanta
    #23
    absolutely hate this 'other devices' authentication (like for keychain)... since i don't have any other devices and it thinks i do plus not having a cell number with sms kinda makes it hard to verify. i been going back and forth with support to get my keychain working from iCloud on my laptop for weeks now. they just don't get it and the osx itself is stuck in an infinite loop waiting for verification from those devices and trying to send me an sms code to my skype number. i can't even turn it off now as it re-enables the checkbox automatically a second after trying to disable it.
     
  23. Erukian macrumors newbie

    Joined:
    Jul 3, 2007
    #24
    This, a thousand time this. Apple being able to provide access to your account means apple holds the master key to unlock your account. This is a blow to us who rely on Apple for privacy as it's allows open season access for the US Govt or clever social engineers.
     
  24. tozz macrumors regular

    Joined:
    Mar 7, 2014
    #25
    That has always been the case, why do you think resetting your password works?
     

Share This Page