Is everyone required to partake in this two-factor system or will it remain opt in via appleid.apple.com?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Introduces Revamped Two-Factor Authentication for iOS 9 and OS X El Capitan
- Thread starter MacRumors
- Start date
- Sort by reaction score
Agreed. This is the first thing I though of when I read the article. Shame on Apple.
EDIT: I should have made it clear that I don't like the fact that humans are involved in the recovery process.
So, if both trusted devices are lost previously, Apple id is not possible to regain access to, but in this new systsen Apple will "help" you recover even in this same situation ?
And where does the security part come in ? I thought a trusted device IS supposed to be trusted, but if u now loose access, it doesn't matter because all u need if your phone number and Apple will recover this..
That's not security in my book. It's a back door in.
I don't only lock mine, i through away the key
And where does the security part come in ? I thought a trusted device IS supposed to be trusted, but if u now loose access, it doesn't matter because all u need if your phone number and Apple will recover this..
That's not security in my book. It's a back door in.
I don't only lock mine, i through away the key
That's an interesting point. So what were Apple talking about when they said they couldn't comply with government requests before? Presumably they could simply change your password whenever they liked, which would allow them to decrypt backups, unlock the physical device, etc.
Yeah, if this is not going to be opt-in/opt-out, then I'm really getting pissed. I'm currently using 2FA with my own master key that they provide during setup process. If this means they can still bypass this (currently or in the future, as the Apple spokesperson stated) then not only is it worthless but it also scares the **** out of me. If "not even Apple" gives you a fully private mobile OS (as they advertise it to be all encrypted and all), then who will? Android (google), windows (microsoft)? What about Tim Cook's statement about charging people while selling devices so they are consumers and not the product or being collected information about?
Given the fact Apple advertises their software to be private, this is really really bad news. If true, it's a dealbreaker for me, since the main reason I'm using Apple is because of privacy. I don't want anybody to be able to access my devices/information without me handing all the necessary keys over (aka passwords/PIN's/etc...). No company should have something like a "master-key", unless you specifically ask them to do so.
"Saying that you don't care about privacy rights because you have nothing to hide is no different than saying you don't care about freedom of speech because you have nothing to say."
Yeah, if this is not going to be opt-in/opt-out, then I'm really getting pissed. I'm currently using 2FA with my own master key that they provide during setup process. If this means they can still bypass this (currently or in the future, as the Apple spokesperson stated) then not only is it worthless but it also scares the **** out of me. If "not even Apple" gives you a fully private mobile OS (as they advertise it to be all encrypted and all), then who will? Android (google), windows (microsoft)? What about Tim Cook's statement about charging people while selling devices so they are consumers and not the product or being collected information about?
Given the fact Apple advertises their software to be private, this is really really bad news. If true, it's a dealbreaker for me, since the main reason I'm using Apple is because of privacy. I don't want anybody to be able to access my devices/information without me handing all the necessary keys over (aka passwords/PIN's/etc...). No company should have something like a "master-key", unless you specifically ask them to do so.
"Saying that you don't care about privacy rights because you have nothing to hide is no different than saying you don't care about freedom of speech because you have nothing to say."
Don't they already have access to your passwords though?... I don't get the concern. You make an account WITH Apple. They obviously have your password somewhere whether you have 2-Step Verification or not.
Not necessarily. They only need to store something encrypted using your password, not the password itself.
There's a big difference between account and data. With the encrypted data you need the private keys, for stuff like iMessage Apple supposedly doesn't have these. Your phone is encrypted without Apple knowing the key too (I think you can actually enable remote unlock, but that's on you then). For everything else I think Apple has full access, unless the keys are derived from the password, in that case getting access to your account wouldn't give you access to your data, only your purchase history etc, but IIRC you can get back your iCloud Drive documents etc with a reset.
Mind you I'm _not_ an security engineer so don't assume what I say to be the truth
The entire point with secure password management is that the service provider doesn't have to know your password. They only need to retain the result of a mathematical function where your password was one of the inputs.
This is a slightly different thing from the two-factor authentication here, though:
What Apple have allowed users to do up until now, is to say that "I'm a responsible person and I want to take full responsibility for owning my own 'master key' even if it means that my data will be lost if I lose most of my devices plus this master key."
This new two-factor system seems to show that they're moving to a less privacy-centric model, switching to a system where they, not you, own the master key, at least for those who adopt the new style authorization system. In other words, Apple puts themselves in a position where they have the ability to give away your private data to third parties.
If the old system was as safe as they claimed it was, then they won't be able to unlock data for those who refuse to upgrade to the new system, but any new customers will likely be forced to use the new, less private, less secure, system.
There's a big difference between account and data. With the encrypted data you need the private keys, for stuff like iMessage Apple supposedly doesn't have these. Your phone is encrypted without Apple knowing the key too (I think you can actually enable remote unlock, but that's on you then). For everything else I think Apple has full access, unless the keys are derived from the password, in that case getting access to your account wouldn't give you access to your data, only your purchase history etc, but IIRC you can get back your iCloud Drive documents etc with a reset.
Mind you I'm _not_ an security engineer so don't assume what I say to be the truth
So presumably if you get your password reset you'll lose all encrypted data such as backups, contacts, photos, messages, etc, but still have your apps, purchased tv programmes, Apple Music subscription, etc. That what you reckon? That makes sense, I'm less bothered now
I would hope so, but I doubt it, not all parts of the Apple infrastructure uses public/private keys in their setup.So presumably if you get your password reset you'll lose all encrypted data such as backups, contacts, photos, messages, etc, but still have your apps, purchased tv programmes, Apple Music subscription, etc. That what you reckon? That makes sense, I'm less bothered now
Has anyone on beta been able to confirm if this feature is opt-in only?
Thanks.
So, if both trusted devices are lost previously, Apple id is not possible to regain access to, but in this new systsen Apple will "help" you recover even in this same situation ?
And where does the security part come in ? I thought a trusted device IS supposed to be trusted, but if u now loose access, it doesn't matter because all u need if your phone number and Apple will recover this..
That's not security in my book. It's a back door in.
I don't only lock mine, i through away the key
That's exactly what I'm afraid of.
I'm curious as to whether this is opt in/opt out or just a forced change.
But in any case, even before this change none of the data stored on iCloud was encrypted client-side except for supposedly (take this with a grain of salt since Apple is a PRISM member) FaceTime and iMessage conversations.
All of the other data was stored on the server in an encrypted format to which Apple had the key. So they could comply with NSLs and other US government requests. Hence why I have iCloud disabled for almost everything.
So the NSA already had access. But now, anyone with good social engineering skills has access. This is a clear case of convenience over security.
Tim Cook is either a liar, hypocrite, or both since he talks a big talk about security and privacy while doing things like this and the spotlight suggested searches, etc.
https://fix-macosx.com
http://osxprivacy.com
But in any case, even before this change none of the data stored on iCloud was encrypted client-side except for supposedly (take this with a grain of salt since Apple is a PRISM member) FaceTime and iMessage conversations.
All of the other data was stored on the server in an encrypted format to which Apple had the key. So they could comply with NSLs and other US government requests. Hence why I have iCloud disabled for almost everything.
So the NSA already had access. But now, anyone with good social engineering skills has access. This is a clear case of convenience over security.
Tim Cook is either a liar, hypocrite, or both since he talks a big talk about security and privacy while doing things like this and the spotlight suggested searches, etc.
https://fix-macosx.com
http://osxprivacy.com
Is anyone on beta able to answer??
Thanks.
Maybe you can explain this to me, but I do not understand how you think apple has gained a master key to your account. Lets break down the existing method (which in my opinion is incredibly broken)
Existing Method:
You setup two step verification, which means for you to access services you must enter your apple id password + a randomly generated key for each and every service you want to communicate with your iCloud services. If you forget your apple id password you can use a trusted device or use the given master password for your account. If both of those become inaccessible than you lose access to your account. Even if the possibility is that apple is having trouble communicating with your cell phone for some reason (which is quite common). Now yes apple as this moment cannot reset your account in any capacity, which you would think provides better security, which it does. But the new method does not remove this security in the slightest, it just makes things recoverable in a worst case scenario.
New Method:
You setup two step verification, which means for you to access services you must enter your apple id password + a randomly generated code that is easily accessible form any trusted device. If you forget your apple id password, you can use a trusted device to reset it. If you lose access to a trusted device, you can reset it with a trusted phone number (aka the phone number on the account)
This is not apple having a 'Master Key'. We are all assuming apple has now given support staff the power to access all our accounts at their will. However this does not appear to be the reality, rather it would make more sense that apple has created software the support staff use that discretely cross checks specific information on the account that you provide to the staff to confirm identity and then the support staff are able to sent a reset link to your trusted phone number (again, aka the phone number on the account). The support staff does not have the ability to change the destination of the reset link, the support staff does not have access to your account... No one at apple has the power... Now you could claim, 'The Reset Link System is the 'Master Key'. But we know that the reset link system is randomly generated each time, and is only available upon the entering of specific key bits of information, inaccessible by apple directly.
I am really missing the fear everyone has... Now if apple said "If you forget your password, and lose access to your trusted device, you can call apple and they will send you a reset link right away to a phone or email", that obviously means they have direct access to reseting. But that is not the case. They can only send the reset link to a "trusted phone number" after review of your reset claim (which will most likely entail a bunch of questions about your recent account activity). This funny enough is almost the same system Microsoft uses... NO ONE HAS DIRECT ACCESS :O
The data is encrypted server side, which means Apple has and has always had the encryption keys.
They are able to access any and all data in your account, with the supposed exception of FaceTime and iMessages. This is well documented, I am not speculating. You can even read the EULA which says the same thing.
So this doesn't really change anything other than make it easier for non-state malicious actors to access your account via social engineering.
The only way to prevent Apple from accessing your data would be if it was encrypted client side. The vast majority of iCloud does not support this. You can use Boxcryptor for iCloud Drive; that's it.
They are able to access any and all data in your account, with the supposed exception of FaceTime and iMessages. This is well documented, I am not speculating. You can even read the EULA which says the same thing.
So this doesn't really change anything other than make it easier for non-state malicious actors to access your account via social engineering.
The only way to prevent Apple from accessing your data would be if it was encrypted client side. The vast majority of iCloud does not support this. You can use Boxcryptor for iCloud Drive; that's it.
If possible could you point out exactly where this is claimed that apple has the encryption keys? Cause as far as I remember (and yes I understand it is encrypted server side, meaning the data in transit from device to server is in the clear for the most part) Apple made clear that all data (yes server side) was encrypted in a manner inaccessible by apple, again if my memory serves me correctly, the manner in which the encryption is created is based upon multiple factors, including your apple id password, which apple would be unable to duplicate... Again no 'Master Key'. Should apple maybe also tack on point to point encryption to prevent people in-between, sure... But the more important stuff iMessage, FaceTime and I am sure Email is. Documents in the cloud is still basically in beta, and I remember reading some rumour on here claiming apple is working on better icloud data encryption so... I don't know...
The best way I see it is this... Apple is the less of three evil... (Apple, Microsoft, Google)...
No, the only data that Apple can not decrypt is FaceTime and iMessage.
All the other data is accessible by Apple
I couldn't find anything in the dev forums for this in particular other than a page from Apple describing the process for public beta folks. Is it recommended for us with dev accounts to turn off two step verification and re enroll with 2 step authentication or are folks just riding it out with the older 2 step while in beta?
hi there i am on beta - both devices for apple iPhone 6 and macbook air - i had seriously trouble with the two step set up - causing problems and unable to sign into services - i was eventually able to turn the 2 step process off
So as soon as you upgrade to iOS 9, two factor is enabled automatically and you have to approve other devices accordingly?