After using the Find My iPhone app today to play a sound on a misplaced iPad, it dawned on my that this app doesn't use Two Factor Authentication!
Indeed it is the only iCloud service I can think of that does not require a verification code when 2SV or 2FA enabled on your account.
Someone could, knowing just your iCloud password, erase every device you own. Of course this is still a long shot, but it is becoming more and more apparent that just a username and password isn't secure enough anymore with constant security breaches from various sites and more cunning phishing attempts.
I understand that many people will own just one Apple device, and so if it is lost, must have a way to access Find My iPhone without access to a trusted device for a verification code. But I am amazed there isn't an option to require 2SV/2FA for users with many trusted devices.
Am I missing something? Does wiping your device require one more authentication step when you actually follow through with the process? Even something basic like a confirmation email to your alternative email address would be nice, but that doesn't appear to be the case.
Indeed it is the only iCloud service I can think of that does not require a verification code when 2SV or 2FA enabled on your account.
Someone could, knowing just your iCloud password, erase every device you own. Of course this is still a long shot, but it is becoming more and more apparent that just a username and password isn't secure enough anymore with constant security breaches from various sites and more cunning phishing attempts.
I understand that many people will own just one Apple device, and so if it is lost, must have a way to access Find My iPhone without access to a trusted device for a verification code. But I am amazed there isn't an option to require 2SV/2FA for users with many trusted devices.
Am I missing something? Does wiping your device require one more authentication step when you actually follow through with the process? Even something basic like a confirmation email to your alternative email address would be nice, but that doesn't appear to be the case.
