Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
66,600
35,882



Apple introduced an additional layer of security for iPhone, iPad and Mac users in 2013 by rolling out two-step verification for Apple ID accounts. Two-step verification prevents anyone but you from accessing your Apple ID account, even if they know the password, by requiring a four-digit verification code sent via SMS or Find My iPhone on trusted devices. When you enable two-step verification, you must register at least one trusted device capable of receiving SMS text messages.

twostepverification.jpg

Once activated, two-step authentication is required when managing your Apple ID through My Apple ID, signing into iCloud, or making iTunes, iBooks or App Store purchases from a new device. Apple has also expanded two-step authentication to iMessage and FaceTime, requiring users to input an authentication code from a verified device on accounts that have two-factor verification enabled to prevent unauthorized entry attempts through both services.

Click here to read more...

Article Link: How to Enable Two-Step Verification for Apple ID
 
This security isn't worth the hassle for me. I'm constantly prompted to sign in to facetime and iMessages on my home mini, mb air, and work iMac. Then I get notifications on each plus iPhone and iPads that I signed in on one of those computers. And continuing the minor annoyance factor, iMessages still doesn't reliably sync read/deleted messages, so I get to delete Google or Evernote two-step verification texts four or five times.
This is just adding a new layer of notifications that I tend to think I don't want.

Please note: I have twice specified that this is my experience and my opinion. YMMV.
 
This is dumb.

Wasn't the iPhone's fingerprint scanner supposed to do away with passwords?
 
Thought I would do it.....but before I could enable it, it wanted me to change my password.
My password is pretty good already and Apple has already made me change it at least once before.
I'm not interested.
 
By making the option available, Apple is putting the security responsibility on the user, where it belongs. If you choose to not use it or use weak passwords, you can only blame yourself.
 
This is dumb.

Wasn't the iPhone's fingerprint scanner supposed to do away with passwords?
But say I'm logging into iCloud on a PC, I log in with my credentials and then it sends a code to my verified iOS devices (iPhone in my case) that I have to type into iCloud. This is a good use of two-step verification (multifactor authentication), and I don't see how Touch ID would replace it.

The fingerprint scanner does do away with some instances of needing passwords on your phone, and this has grown to some third-party apps since the release of iOS 8 and opening up the iCloud Keychain. I imagine this will continue to grow.
 
Protip, if you want to set this up for your elderly parents, add your personal cell phone as an additional second factor method, that way you can provide tech support much easier.

Also, have your significant other's cell phone be a 2nd factor for your account, and your cell be a 2nd factor for your SO's account. You can have multiple cell phone numbers as 2nd factors.
 
Protip, if you want to set this up for your elderly parents, add your personal cell phone as an additional second factor method, that way you can provide tech support much easier.

Also, have your significant other's cell phone be a 2nd factor for your account, and your cell be a 2nd factor for your SO's account. You can have multiple cell phone numbers as 2nd factors.

What?

----------

2 factor auth is not available in my country.

Be thankful.
 
Just integrate a fingerprint scanner into my Mac if you have to. I'm not going to fiddle around for my phone for a second form of ID. Now an Apple Watch? Maybe...
 
This security isn't worth the hassle for me. I'm constantly prompted to sign in to facetime and iMessages on my home mini, mb air, and work iMac. Then I get notifications on each plus iPhone and iPads that I signed in on one of those computers. And continuing the minor annoyance factor, iMessages still doesn't reliably sync read/deleted messages, so I get to delete Google or Evernote two-step verification texts four or five times.
This is just adding a new layer of notifications that I tend to think I don't want.

Please note: I have twice specified that this is my experience and my opinion. YMMV.

That does sound annoying. Too many notifications. I use Google's Authenticator, and Symantic's VIP Access apps. I prefer these types of code generators over codes being pushed. Even the Facebook app will generate codes. I just can't figure out how to make them stop sending them via SMS, too. THIS is the way to do it, IM(NV)HO.
(In My [Not Very] Humble Opinion)
 
That does sound annoying. Too many notifications. I use Google's Authenticator, and Symantic's VIP Access apps. I prefer these types of code generators over codes being pushed. Even the Facebook app will generate codes. I just can't figure out how to make them stop sending them via SMS, too. THIS is the way to do it, IM(NV)HO.
(In My [Not Very] Humble Opinion)
I also prefer Google Authenticator for every service that supports it. Actually, I use Authy now, which supports Google Authenticator tokens.
 
Basically, if you and your SO both have Apple IDs, add each others cell phone numbers to the list of 2nd factor devices.
Pretty straightforward what you are saying. I currently have two-step verification enabled with my phone as both my iOS verified device and my SMS verified device. It makes sense to add someone you trust, like a spouse, to the SMS verified device list in case your phone goes missing. It acts as sort of a backup to not needing to use the Recovery Key.

Speaking of the Recovery Key, take Apple seriously when they say you should keep it available but safe. Copy it into 1Password, LastPass, or similar software/service if you don't feel like keeping it on a piece of paper.
 
By making the option available, Apple is putting the security responsibility on the user, where it belongs. If you choose to not use it or use weak passwords, you can only blame yourself.

Sounds a lot like a touch of elitism you have there.

What you're advocating is that a user's security be proportional to their understanding of dictionary attacks, rainbow tables, password entropy and other nerdy esoterica. Why would you want that, and more to the point, why would Apple, of all companies want that? Apple has people who know this stuff inside out. Why shouldn't the users benefit from that knowledge directly, instead of having to learn it all in parallel from blogs and forums?

----------

This security isn't worth the hassle for me. I'm constantly prompted to sign in to facetime and iMessages on my home mini, mb air, and work iMac. Then I get notifications on each plus iPhone and iPads that I signed in on one of those computers. And continuing the minor annoyance factor, iMessages still doesn't reliably sync read/deleted messages, so I get to delete Google or Evernote two-step verification texts four or five times.
This is just adding a new layer of notifications that I tend to think I don't want.

Please note: I have twice specified that this is my experience and my opinion. YMMV.

I completely agree. The spurious password popups on iOS that give absolutely no reason why you should be entering your password again, are ripe for exploitation. It's training users to give away their passwords to any popup that asks for it.
 
But say I'm logging into iCloud on a PC, I log in with my credentials and then it sends a code to my verified iOS devices (iPhone in my case) that I have to type into iCloud. This is a good use of two-step verification (multifactor authentication), and I don't see how Touch ID would replace it.

You don't see how?

Say I'm logging into any internet service on a PC, I log in with my username only and then the server sends a request via Apple to my verified iOS devices (iPhone in my case) that I have to touch the fingerprint sensor to complete the login.

That would be great, no? Very simple. And also quite simple to add extra security layers for those who don't trust the sensor alone.
 
Not usable by me in the case of a lost iPhone - I go to log into a PC to track my stolen phone and the thief gets the 4 digit pass code?!
 
WTF do you need 2 factor authentication - are people really this stupid, and trusting people with more security is just asking for more issues. Ive never had my account hacked, no odd charges, and don't keep my CC / DC on my account. I suspect these hacked accounts are because people are submitting information via non-secure means and responding to those - easy to tell - fake emails - again they deserver it if caught. Might teach them a lesson. This adds more complexity to an existing issue - how the hell is that going to make this better? When are people going to learn?
 
Just cut off the heads of the hackers. That'll stop them - permanently.
Those AirHeads ruin people's lives and do not deserve to exist.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.