Separate names with a comma.
Discussion in 'Apple Music, Apple Pay, iCloud, Apple Services' started by Primejimbo, Dec 19, 2014.
Anyone else read this?
So what? Obviously if you have the appleid/password and a valid two-factor you can login, it's exactly what you use to log in iCloud. That means having access to a device where the two-factor code is sent.
A digital token is exactly what you use to stay logged in without re-entering the two-factor code each time. Obviously if you have it you can log-in too
So there isn't anything new in Engadget article. It's just a third-party app you can use to access a iCloud account if you have the account credentials.
I'm sorry, but I don't understand this... So if I go on iCloud.com, put in my info, get the 4 digit code from my phone, this is how they are getting this info? Is this only an issue if I select "i log on the computer frequently"? (or something close)
Nobody is getting any info at all, there is no issue here.
The engadget article talks about a program to download data from iCloud. But that app works only if the person using it has:
your appleid, password and a valid two factor code.
a token stored on your computer.
And the only way for them to get it is to have access to your devices or your computer.
Thanks for clearing that up for me!
In the past the software used the token that is generated when you log in to iCloud in the settings on Mac or the iCloud app on Windows. Not sure if they can now also use the browser cookie that is used to store the token for access to icloud.com.
In order to get to the token, an attacker would either have to have physical access to your computer, or use some exploit to remotely install malware that could grab them and send them over the Internet. One thing to note is that you will not get an email notification when someone uses a token to access your account.