Apple's two stage verification gets my location wrong every time?

Discussion in 'iOS 10' started by Cakefish, Mar 31, 2017.

  1. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #26
    You might need to set up your account with developer access (for free) at https://developer.apple.com/programs/register/ first.
    --- Post Merged, Apr 8, 2017 ---
    At the very least you generally get an ability to track your bug reports through Apple's bug reporter compared to just sending something in via feedback. Beyond that bug reports through the bug reporter seem to get into the hands of some technical/engineering team more directly vs. feedback that is submitted that often doesn't get any follow up or anything else.

    Realistically speaking, if someone has an issue they want to see resolved, aside from directly contacting Apple by phone or chat perhaps, it's probably best to submit it through any means possible to try to increase the odds that someone would actually look at it (although that doesn't really mean that anything would be done about it, or that even if something might be done, how soon it would be done).
     
  2. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #27
    The privacy police would have a field day with that approach. IP addresses have owners, Apple has to rely on what the owners tell it, good or bad. But the location is the least important element of two-factor - most users would know if they had just entered a login that would trigger a second-factor check...the correlation in time would be obvious.
     
  3. Aetles, Sep 26, 2017
    Last edited: Sep 26, 2017

    Aetles macrumors regular

    Aetles

    Joined:
    Nov 13, 2002
    Location:
    Sweden
    #28
    I recently switched from two-step verification to two-factor authentication and encountered this issue as well. I know my home IP address is correctly pinpointed geographically (like creepily precise) in every other form location based service and hasn't changed in a long time, so why is Apple off by 40 miles?

    For non-power users this must seem like they're being hacked all the time.

    Also; why can't Apple just tell me the IP address? Then I immediately would know if it's me or not. Both appleid.apple.com and icloud.com will only give me the currently logged in devices, but not their IP-address. I can't find any log either of previous logins.
     
  4. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #29
    Because they clearly use a different 3rd party DB and it isn't as precise - but you describe more precise as "creepily" so its hard to get that right???

    TBH the security comes from the timing of the login (was it one you have like <just> initiated...) rather than the where the login occurred from.
     
  5. GreyOS macrumors 68040

    GreyOS

    Joined:
    Apr 12, 2012
    #30
    Agree on last point, so they ought to remove the map from the pop up and show that in a secondary ‘more details...’ thing as a suggestion. If they really can’t improve accuracy that is.
     
  6. LoveToMacRumors macrumors 68020

    LoveToMacRumors

    Joined:
    Feb 15, 2015
    Location:
    Canada
    #31
    Same with me, it's your ISP
     
  7. Aetles macrumors regular

    Aetles

    Joined:
    Nov 13, 2002
    Location:
    Sweden
    #32
    My point was that I don't believe there is any 3rd party DB that bad. Any kind of location-by-IP will get my home town correctly. The "creepily" part is bothering on occasion, but since the information is out there already, freely and publicly available, I would very much like Apple to use this information when telling my account is being accessed.

    Otherwise, what is the point with showing me a map if the location is so randomly off that it looks like I'm being hacked. That will only confuse people.

    Yes, but you see, it isn't always that immediate, not for me at least. If it would happened instantly, then I would assume it is my own action but when the request is delay a couple of minutes or more, then it seems suspicious. What if I've fallen for a phising scam and it's the attacker that is trying to use the login information?

    All of this would be so easily solved if Apple just showed me the IP address of the login attempt. Preferably with an exact time stamp of the attempt. I don't ge the logic behind hiding that, is it because they think common users don't understand IP addresses?
     
  8. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #33
    Why? You get the warning notification that a login has been made within a few moments, just how many logins do you carry out where you could possibly require the location information to discriminate between your multiple legitimate ones??? If you didn't login but the location showed your house would you trust it was "you"?

    Again the actual benefit comes from the timing, if I get a notification right now I'd know it wasn't genuine irrespective of any location information because I haven't initiated a login for a couple of days. The location information, accurate or not (and tbh to a regional level is probably sufficient), is "interesting" to "irrelevant" information (or you should teat it as such), when deciding whether an access attempt is genuinely you or not.
     
  9. Aetles macrumors regular

    Aetles

    Joined:
    Nov 13, 2002
    Location:
    Sweden
    #34
    As I said I recently switched from two-step verification to two-factor authentication, and that meant that I hade to login again from all my devices, and I have some old iPhones and Mac running as well, and when the location and the timing was off in Apples message then I hit deny and hade to redo it later. So unusually many logins right now, but enough to be bother by the confusion.

    If they just showed me my home town instead of a different town halfway across the country, the I would assume it was from my IP and it was my doing.

    Now I've got an alert from a completely different location that clearly isn't me, so now I have stop and think: is this really my login with a mistaken location? Or is it a hacker, a man-in-the-middle-attack, a phising scheme? Why is Apple showing me this other different location? Why can't they pinpoint me like everyone else?

    I don't understand your arguments, why are you defending a clearly confusing behaviour from Apple? Why is it so hard to understand that pushing a map in my face with some other location is less optimal then actually showing my location? Remember that any other location service gets my location correct, and therefor I'm extra suspicious if a big company like Apple couldn't, so the first thought is "this must be someone else".

    Again, it does not always happen instantly. For example, I entered my iCloud credentials on an old iPhone and went on doing other stuff and then, perhaps 5 minutes later, I get the message with the wrong location and no IP address and no timestamp. That is not good UX.

    Also, it's not only about me, I'm thinking of how other users, non-power users, is experiencing this. They will probably be scared unnecessarily.

    (And again, Apple have all the information I need, if the just did like Facebook and Google and others do – giving me the IP-address as well – it wouldn't be the same issue, then I could quickly dismiss the incorrect location data.)
     
  10. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #35
    Long story short, you want your location pinpointed otherwise you aren't happy. I'm simply saying that necessary and you shouldn't primarily be guided by the location. As to why they don't pinpoint - I suspect that may be a technical limitation (which they may or may not want to fix/improve), or it could be deliberate as showing precise locations they (note "they") may consider a privacy issue...I don't know, I'm not Apple. This isn't a discussion one of us needs to win, its just a difference of opinion.
     
  11. kevinthebright macrumors newbie

    Joined:
    Dec 4, 2013
    #37
    I'm in Seattle and it always says I'm signing in from Peoria, IL.
     

Share This Page