Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Brookzy

macrumors 601
Original poster
May 30, 2010
4,985
5,578
UK
After using the Find My iPhone app today to play a sound on a misplaced iPad, it dawned on my that this app doesn't use Two Factor Authentication!

Indeed it is the only iCloud service I can think of that does not require a verification code when 2SV or 2FA enabled on your account.

Someone could, knowing just your iCloud password, erase every device you own. Of course this is still a long shot, but it is becoming more and more apparent that just a username and password isn't secure enough anymore with constant security breaches from various sites and more cunning phishing attempts.

I understand that many people will own just one Apple device, and so if it is lost, must have a way to access Find My iPhone without access to a trusted device for a verification code. But I am amazed there isn't an option to require 2SV/2FA for users with many trusted devices.

Am I missing something? Does wiping your device require one more authentication step when you actually follow through with the process? Even something basic like a confirmation email to your alternative email address would be nice, but that doesn't appear to be the case.
 
Well, perhaps Apple could intelligently allow users with multiple devices to enforce 2FA/2SV. Such would be grateful.
Or Apple adds SMS verification before enabling remote device erase.
Cool.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.