Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iCloud.com Now Utilizing Two-Factor Authentication

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,165
38,937



Apple's two-factor authentication system is now enabled for iCloud.com, with the site asking for a verification code before allowing users with two-factor authentication enabled to access various iCloud.com apps.

Access to iCloud.com apps like Mail, Contacts, Calendar, Reminders, Pages, Numbers, and Keynote is restricted until the verification code is entered on the website, but Find My iPhone remains accessible.

twofactor.jpg
Users also receive an email when their Apple ID is used to sign into iCloud via the web browser, a feature that was implemented following the recent hacking of celebrity iCloud accounts that led to hundreds of photos being shared on the Internet.

icloudemail.jpg
Following the hacking incident, Apple CEO Tim Cook pledged to improve iCloud security by expanding two-factor authentication to iCloud and sending out security emails when a device is restored, iCloud is accessed, or a password change is attempted. Cook also said that Apple will aim to increase awareness about two-factor verification.

Originally implemented back in March of 2013, two-factor verification is an opt-in system designed to increase Apple ID account security by requiring identity verification before allowing users to make account changes or purchase content on new devices. It replaces standard security questions with a security code delivered to a trusted device.

Apple first tested two-factor authentication for iCloud.com back in June, well ahead of the iCloud breach, but the feature was not implemented until today.

Article Link: iCloud.com Now Utilizing Two-Factor Authentication
 
Article Link
https://www.macrumors.com/2014/09/16/icloud-two-factor-authentication/
Just curious. If you turn on "Remember this Browser", does that mean you need to somehow reset the remembered browser if you sell your device? Or will resetting the device itself take care of that for you? If not, how do you reset what browsers are remembered?
 
I'd like to enable this, but am wondering...

Does it do the two factor EVERY TIME? Or does it place a cookie on your computer so that you don't have to do it again unless you change computers (or delete the cookie)?

My bank uses two factor, but it remembers each device so you only have to use it when logging in from a new device.
 
newagemac said:
Just curious. If you turn on "Remember this Browser", does that mean you need to somehow reset the remembered browser if you sell your device? Or will resetting the device itself take care of that for you? If not, how do you reset what browsers are remembered?
Click to expand...

Well if you logout of iCloud you need to verify again. I did notice on the SMS verify screen it knew I had and iPhone 5.
 
How can i get this to happen? Im on iCloud.com and i don't see anything.
 
For the past few days, I have been getting prompted, on my iPad and iPhone, for an iCloud password for my .mac address. Is that a feature now or did the .mac addresses finally disappear?

Anyone else having that happen?

It's odd, because everything else works, or seems to, just fine...
 
Doesn't this go too far in the other direction though? I have used iCloud.com in the past when traveling (and don't have phone service) to access my email on a public computer, etc. Now if I don't have my device *and* have service I am screwed?
 
Couldn't they just go to a token system, something active that generates a number, like the Blizzard token fob. It would make sense to use that as an option. They could call it the iToken, and license it for other companies to use too...

Blizzard calls them 'Authenticators'...

authenticators.jpg

I did work a job that used the RSA SecureID tokens. It was funny that people sticky noted their passwords on the back of them all the time...:rolleyes:
 
This has been working for MONTHS!!

I noticed it a while ago when I logged in months ago. This isn't news, this is just a feature that hasn't been reported on yet.

The whole iCloud "break in" is the dumbest piece of reporting I've seen in a while.

They used a password like, "PASSWORD" or "passw0rd" or "Pass123" or something equally dumb. This is a story about idiots and their bad passwords, not about Apple. Ugh, pisses me off.
 
G2244 said:
Doesn't this go too far in the other direction though? I have used iCloud.com in the past when traveling (and don't have phone service) to access my email on a public computer, etc. Now if I don't have my device *and* have service I am screwed?
Click to expand...

You can receive an Apple Push Notification instead of an SMS. They're free like iMessage so no cost if you're traveling overseas.

----------

The most important question remains: does this apply to accessing iCloud backups, Photo streams, etc...?

Can anyone please verify?
 
PinkyMacGodess said:
Couldn't they just go to a token system, something active that generates a number, like the Blizzard token fob. It would make sense to use that as an option. They could call it the iToken, and license it for other companies to use too...

Blizzard calls them 'Authenticators'...

View attachment 492159

I did work a job that used the RSA SecureID tokens. It was funny that people sticky noted their passwords on the back of them all the time...:rolleyes:
Click to expand...

http://en.wikipedia.org/wiki/SecurID

Blizzard uses RSA for their authentication system.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back