Apple needs to rethink two-step verification before iOS 8 gets released

[Yun0]

With iOS 8, we finally can store all of our files and photos on iCloud. I can't wait to start using iCloud Drive and eagerly await the new Photos app for Mac. I would much rather pay Apple for seamless cloud solutions compared to my current third-party monthly storage providers.

However, if someone gains my Apple ID password, they can easily access all of my information and remotely wipe all of my devices. This is a huge concern of mine.

Apple launched two-step verification a few years ago, but it's not implemented everywhere. For example, someone can sign on to icloud.com without needing to use this verification step.

My hope is that Apple looks into this, and adds a secondary level of security, such as rotating between security questions upon logging in, adding nearby device support for two-step verification or using TouchID to authenticate users on other iOS / OS X devices.

welcome to cloud based storage, like that everywhere. part of why you should still use a physical device for precious data..doesnt matter if you have 10 step verification, database breeches can still happen ie sony's psn & others..

 

[myforwik]

Touch ID is nothing more than another 4 digit password.

Thats completely wrong.

Touch ID is also used to avoid having to input your apple ID password.

Apple have not allowed passcode to unlock apple ID password automatically, but they have for Touch ID.

So those saying touch ID is not extra security are wrong. Touch ID will have a way higher bit count than a 4 digit pass code.

It is likely that touch ID will be high enough for mastercard/amex/visa to accept for NFC payments.

----------

welcome to cloud based storage, like that everywhere. part of why you should still use a physical device for precious data..doesnt matter if you have 10 step verification, database breeches can still happen ie sony's psn & others..

I would never trust any 3rd party with private data.

If I have private data to put in icloud drive - I will put it in an encrypted container. Then if your whole account leaks, it really doesn't matter.

I am VERY affraid of apple ID. It just seems way to powerful. Get access to everything. Get access to see where all your devices are and wipe them.

I have not actually turned on two factor authentication on by new apple ID yet. Does anyone know how many devices you can put in and how you can select which ones get the authentication? Also do they give you a master recovery code? And if so can someone with your icloud password simply issue a new recovery cloud making yours useless or is it set in stone forever?

 

[kaiseryeahhh]

With third party apps, download a icloud backups, only requires an apple id and password, and the two step verification bypass with this software.

 

[irnchriz]

Apple definitely need to push this out through all aspects of iCloud and Apple ID. They also need to take steps to educate users and make it easy to understand and setup. I know it's all environmental to ship out kit with as little paper etc but a proper instruction guide would be helpful or even a built in step by step idiots guide to setting this up on the device itself would do.

I have a number of clients who don't know half of what they can do with their smartphones and tablets these days because instruction manuals seem to be frowned upon by manufacturers these days.

Yes, I know Apple makes a digital manual that you can download but that's not helpful for many of the lay users out there.

iOS 7.1 manual for iPhone

 

[Padmini]

Two factor authentication, on the Mac, on the Web, on iPad....using TouchID on your iPhone.

And actually TouchID, not my password instead of TouchID because I restarted the phone once two weeks ago.