Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Huh. What's the "official" way to deal with this? I never stopped to think about it because I have multiple Apple devices, but how do you get an authentication code if you just own (say) one iPhone and nothing else from Apple?

When signing into a replacement iPhone:

When prompted to enter the verification code, there are several options listed. You select "Didn't Get A Code?" and select a new code to be sent to either the trusted email or trusted phone number.

When singing into iCloud on a new/different device, have your iPhone handy.
 
  • Like
Reactions: ignatius345
When signing into a replacement iPhone:



When singing into iCloud on a new/different device, have your iPhone handy.

In my case and with most cases, when a phone is replaced, they erase your old device and then take it in. by that time you have lost the ability to get the code onto that device.
 
Here is the difference !

I can "accidentally" publish my Apple ID right here in this forum.

and with 2 step verification I am still safe!

Try that without 2 step verification.

your apple id is not the secret - the password is

all apple ids are known by default - only the passwords are not - or let me be precise the combination of id with password ist not.

so whats your point?
[doublepost=1549870151][/doublepost]
Also if you wanna trust a new device then you’ll need one of your already trusted macs or iPhones to get the code. So as soon as someone tries to login with your iCloud credentials you’ll get notified. I think it’s a pretty fair and easy extra layer of security, quite easy to handle.

its all but easy and its not apple style

it should work, if i press "yes" than thats it, not entering a 6 digit code manually somewhere - thats the opposite of secure its terrible!
 
I honestly don’t know how some people make it through life. Your iPhone is your “most beloved product”. Yet, you have no idea what your APPLE ID is to your APPLE iPhone, don’t know the password and don’t have a clue if your information is saved.

I really do wish people would take more responsibility.

As for 2 Factor, it has been totally fine for me. Pretty weird that it can’t be turned off later though.
 



New York resident Jay Brodsky has filed a frivolous class action lawsuit against Apple, alleging that the company's so-called "coercive" policy of not letting customers disable two-factor authentication beyond a two-week grace period is both inconvenient and violates a variety of California laws.

two-factor-apple-800x487.jpg

The complaint alleges that Brodsky "and millions of similarly situated consumers across the nation have been and continue to suffer harm" and "economic losses" as a result of Apple's "interference with the use of their personal devices and waste of their personal time in using additional time for simple logging in."

In a support document, Apple says it prevents customers from turning off two-factor authentication after two weeks because "certain features in the latest versions of iOS and macOS require this extra level of security":The complaint is riddled with questionable allegations, however, including that Apple released a software update around September 2015 that enabled two-factor authentication on Brodsky's Apple ID without his knowledge or consent. Apple in fact offers two-factor authentication on an opt-in basis.

Brodsky also claims that two-factor authentication is required each time you turn on an Apple device, which is false, and claims the security layer adds an additional two to five minutes or longer to the login process when it in fact only takes seconds to enter a verification code from a trusted device.

The complaint goes on to allege that Apple's confirmation email for two-factor authentication enrollment containing a "single last line" alerting customers that they have a two-week period to disable the security layer is "insufficient."

apple-two-factor-email.jpg

Brodsky accuses Apple of violating the U.S. Computer Fraud and Abuse Act, California's Invasion of Privacy Act, and other laws. He, on behalf of others similarly situated, is seeking monetary damages as well as a ruling that prevents Apple from "not allowing a user to choose its own logging and security procedure." Read the full document.

Article Link: Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After Two Weeks
Let’s just agree to move these people to Android.. all in favor say “I”

People amaze me sometimes..
 
Last edited by a moderator:
I disabled 2FA because I don't want to be signed into iCloud and you can't use 2FA without being signed in. Apple/iCloud is just too intransparent about what it is acutally syncing. Even if I turn off all iCloud features except Find my iPhone, some data like call logs and other preferences will still be synced with Apple servers. Therefore I turn it off completely and only use my Apple ID to sign into the App Store.

If there was enrypted iCloud syncing with keys in my possesion, or much more granular syncing settings, I would probably turn it on again.
 
  • Like
Reactions: Craiguyver
They should also be sued for asking for 2-factor on the same Mac that the web page is being used on.
I see this response too often. Your Apple ID is signed into iCloud in system preferences. Therefore your Mac is a trusted device. So when signing into iCloud.com through a web browser your 2FA authentication code is sent via push notification to all trusted devices. If you were not signed into iCloud in system preferences the code would not go to that machine. The browser session is what’s not trusted yet. But the machine itself is a trusted device. Assuming a bad actor did get into your machine there is no point for them to even go into iCloud.com they already have access to a trusted device. They can see pictures contacts calendars etc. without ever needing to log in to iCloud.com through a browser. The only reason I go to icloud.com on my computer is to set email rules. I can’t think of many reasons you’d need to go to iCloud.com on a trusted device when all that information is already on the device itself.
 
  • Like
Reactions: chabig
It is pairing a trusted device with a password. A hacker wouldn't be trying to log in from a trusted device. Think of it like your bank atm card. It is two step essentially... Your pin, and the physical card. Need both to access.
FINALLY someone gets it. If someone that shouldn’t be is trying to get into your iCloud account via the website from your unlocked trusted device you have bigger problems than that code going to that device.
 
  • Like
Reactions: chabig and dr1320
I can’t think of many reasons you’d need to go to iCloud.com on a trusted device when all that information is already on the device itself.

Find iPhone
Find Friends
Pages (web version)
Numbers (web version)
keynote (web version)
 
The way the opening sentence reads make this site sound like some 3rd rate geocities blog. Maybe feign an attempt at objectivity?

I will say that the fact that you can't disable two factor is not sufficiently communicated - which wouldn't necessarily be the end of the world if it weren't for apple's planned obsolescence - my mother in law turned it on and was in no way warned that she would no longer be able to use her 2nd gen Apple TV, rendering it completely useless.

Planned obsolescence is part of any tech companies products. But what other company supports devices as long as Apple? The 5s is still supported. Most flagship androids get maybe 2 years of updates? Also I can’t say for sure because I don’t have a 2nd gen Apple TV, but after entering the password once doesn’t it prompt you to sign in again but to add the 6 digit code to the end of the password? That’s how it works on macs that aren’t updated for the 2FA interface.
[doublepost=1549879470][/doublepost]
In my case and with most cases, when a phone is replaced, they erase your old device and then take it in. by that time you have lost the ability to get the code onto that device.
That is what the trusted phone number is for. When prompted to enter code tap “didn’t get code” and then “text code to phone number” code will fill in automatically if that number is active on the device that your signing into.
 
So funny how you just got done saying how you don't care about anyone but yourself, then criticize him for being condescending.... :rolleyes:
Yeah, that's funny. I don't care about Apple, for sure. (1) Apple is not "everyone" (2) to read smth is only beginning. The other part is to comprehend what you've read. See my point?
[doublepost=1549880433][/doublepost]
I hope the day will soon come when ridiculous lawsuits get fined for wasting everybody‘s time.
[doublepost=1549838340][/doublepost]

Or they just don‘t want to be held responsible by the same idiots after they have gotten their data stolen by clicking on a phishing link.
Why do you defend corporations and call their customers idiots? I wonder what kind of human being assumes such arrogance to call other people idiots. Most likely those looking at themselves in the mirror.
Didn't occur once in a while that it is corporations that are idiots? Reality abounds.
 
It’s my personal choice to, if I don’t bring others in jeopardy, to make my own decisions and be able to use possible interesting things for which the way is cut off for me because I am not handy enough to use the two factor authentication: someone here said he couldn’t keep up with the loads of too fast disappearing codes and that’s exactly why I turned it off as soon as possible.
Your personal choice is to use the software or not. Apple owns the software, you do not. It is their choice on the security they require. Would a choice be nice? Yes, but Apple is not legally required to.
 
So I'm assuming all of you have 2FA set on your Gmail, Facebook, Instagram, Dropbox and Amazon accounts as well Apple? Yep, I didn't think so.....
Actually people do. I have it set up on every account I can. Apples system isn’t much different than the text/Authenticator app system that can be set up with google/amazon/etc. Banks require it for log in. No other companies are getting sued for this though.
 
In my case and with most cases, when a phone is replaced, they erase your old device and then take it in. by that time you have lost the ability to get the code onto that device.
You can have the code texted to the trusted number on your account as well.
[doublepost=1549881569][/doublepost]
Actually people do. I have it set up on every account I can. Apples system isn’t much different than the text/Authenticator app system that can be set up with google/amazon/etc. Banks require it for log in. No other companies are getting sued for this though.
Banks require it for login and that’s the same reason Apple requires it to use certain features. They are legally required to provide that level of security to use them.
[doublepost=1549881725][/doublepost]A
It is pairing a trusted device with a password. A hacker wouldn't be trying to log in from a trusted device. Think of it like your bank atm card. It is two step essentially... Your pin, and the physical card. Need both to access.
And if they have both the device and your password well then 1. You gave someone to much info or 2. You need to keep up with your stuff
 
They do this because IMO Apple is all about the perception of security not necessarily the reality. Now don't get me wrong, Apple's reality is better than the other's perception or reality, the others just don't care. But in the end, given real security (at a high cost) or the perception of security at a low cost, Apple will choose perception every time, thanks to Mr. Cook.

Banging people around for two favor authentication makes users feel better at night. At least if the users are idiots. Think about it, if someone steals or access my device while it's not locked (like walking away from a work iMac), what good is two factor authentication? Search the web, there are a number of ways to get around two factor authentication. Secure two factor authentication is only really secure when the authentication device is completely separate and requires a password every time to view the authentication code.

It's the same reasoning that occurred during in the initial flying days after 911. Airline security broke the nail file off of the nail clippers. They had to do something to convince stupid people (the masses) that they were doing something, and that no security action was too small, they did them all. The public idiots assumed that if they focused on these small items, then they must be really diligent about the big ones. We now know it was a farce, even today smuggled items succeed more than they are caught. They can't keep weapons and explosives off of planes. But everyone feels the false sense of security is worth the inconvenience it causes. BTW, I don't. Idiots don't mind giving up anything or everything as long as they feel better.

For example, why is two factor authentication at the account level and not the device level? When I am traveling I would use two factor authentication on my laptop, but when I am at home on my Mac, why? We have security system and when we leave the Mac's are shutdown. I have no need for 2 factor on my Mac.

Of course if someone has gotten into my iPhone, all they have to do is tap yes to the 2 factor prompt. What good is that. See it is security theater, where the real security has been eviscerated for ease of use, nothing more.

Yes, there are a couple of situations where 2 factor the way Apple does it might be beneficial, but in a lot of cases it is not, unless, of course, one does not know anything about security. In which case you are Apple's demographic. That is dumb enough to pay more for the perception of reality and don't care about what is really going on.
It’s not security theatre. It is more secure. As long as you have a device passcode and texts don’t show previews on the lock screen no one should be able to gain access to the trusted device but you.
[doublepost=1549882532][/doublepost]
A lawsuit is ridiculous, but Apple does need to get rid of the notification/icon badge, etc. for 2 Factor. If someone doesn't want to use it, then leave them alone. Particularly since 2 Factor is nearly useless as a security measure.
You can get rid of the badge. Once the 2 factor set up screen comes up choose don’t upgrade security. You basically have to say no twice for the badge to go away.
 
  • Like
Reactions: chabig
A person should have the option whether to use 2FA or not for whatever their reasoning may be. There are other business/agency that gives the user the option to choose 2FA, however, I would recommend it being used.
 
I’m just going to sue apple for feature requests now. The phone icon is prejudiced against young people who aren’t familiar with what a telephone looks like. It’s ageist and insensitive. Now give us all three cents for the emotional damage this has caused us.

Why the heck do they make these new fangled phones so light? Used to be when a robber tried to mug me I could throw my phone at him and knock him out. I throw my phone at him now, he catches and says "thanks gramps."
 
your apple id is not the secret - the password is

all apple ids are known by default - only the passwords are not - or let me be precise the combination of id with password ist not.

so whats your point?
[doublepost=1549870151][/doublepost]

its all but easy and its not apple style

it should work, if i press "yes" than thats it, not entering a 6 digit code manually somewhere - thats the opposite of secure its terrible!
It's 6 digits.. no rocket science. It maybe takes 5 - 10 seconds.
And what are you guys doing? How many times a day do you actually have to authenticate yourself via 2 factor authentication? I have several macs + iPhone for work and personal use and I have to type in those digits maybe once a month.

Also to access 'Find my iPhone' (or Mac) on your iPhone you just need the password if the session is expired and you want to log in again.
the same goes for iCloud.com if you just want to use 'Find my iPhone'. No 2 factor authentication needed.

I read somewhere the digits are hardly noticeable because they disappear too fast, I just checked it. First you'll be informed that someone tries to access your account and you have to allow it (This notification will show up on all your trusted devices).
If you hit 'Allow' the notification disappears on all devices (it remains on a locked iPhone until you unlock it) but the one you used to allow the access. Immediately afterwards the 6 digits show up on that very device and you have all the time in the world to read the digits. They don't disappear until you press 'Done'.
It takes more time to type in my apple ID + password then the verification afterwards.
 
This is why we need tort reform. Baseless case over a valuable feature. This is like suing your landlord for not allowing you to remove the locks from your apartment door.
 
Totally valid suit IMO. Why 2 weeks, seems totally arbitrary. I hope the suit wins. 2FA is a huge PITA. Those that want it great, but personal choice should outweigh all.
 
Shame on this writer for calling this frivolous (let us form our own opinions, rather than telling us what to do and think as Apple does) , and... what a mean crowd. It's not about security, it's about choice and being in control of our devices instead of being dictated to. Shame on Apple.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.