Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
55,476
17,820



Apple's two-factor authentication system is now enabled for iCloud.com, with the site asking for a verification code before allowing users with two-factor authentication enabled to access various iCloud.com apps.

Access to iCloud.com apps like Mail, Contacts, Calendar, Reminders, Pages, Numbers, and Keynote is restricted until the verification code is entered on the website, but Find My iPhone remains accessible.

twofactor.jpg
Users also receive an email when their Apple ID is used to sign into iCloud via the web browser, a feature that was implemented following the recent hacking of celebrity iCloud accounts that led to hundreds of photos being shared on the Internet.

icloudemail.jpg
Following the hacking incident, Apple CEO Tim Cook pledged to improve iCloud security by expanding two-factor authentication to iCloud and sending out security emails when a device is restored, iCloud is accessed, or a password change is attempted. Cook also said that Apple will aim to increase awareness about two-factor verification.

Originally implemented back in March of 2013, two-factor verification is an opt-in system designed to increase Apple ID account security by requiring identity verification before allowing users to make account changes or purchase content on new devices. It replaces standard security questions with a security code delivered to a trusted device.

Apple first tested two-factor authentication for iCloud.com back in June, well ahead of the iCloud breach, but the feature was not implemented until today.

Article Link: iCloud.com Now Utilizing Two-Factor Authentication
 

newagemac

macrumors 68020
Mar 31, 2010
2,091
23
Just curious. If you turn on "Remember this Browser", does that mean you need to somehow reset the remembered browser if you sell your device? Or will resetting the device itself take care of that for you? If not, how do you reset what browsers are remembered?
 

zorinlynx

macrumors 604
May 31, 2007
7,047
12,748
Florida, USA
I'd like to enable this, but am wondering...

Does it do the two factor EVERY TIME? Or does it place a cookie on your computer so that you don't have to do it again unless you change computers (or delete the cookie)?

My bank uses two factor, but it remembers each device so you only have to use it when logging in from a new device.
 

whsbuss

macrumors 68040
May 4, 2010
3,909
821
SE Penna.
Just curious. If you turn on "Remember this Browser", does that mean you need to somehow reset the remembered browser if you sell your device? Or will resetting the device itself take care of that for you? If not, how do you reset what browsers are remembered?

Well if you logout of iCloud you need to verify again. I did notice on the SMS verify screen it knew I had and iPhone 5.
 

bmms8

macrumors 68020
Dec 19, 2007
2,487
111
How can i get this to happen? Im on iCloud.com and i don't see anything.
 

PinkyMacGodess

macrumors G3
Mar 7, 2007
8,335
4,407
Midwest America.
For the past few days, I have been getting prompted, on my iPad and iPhone, for an iCloud password for my .mac address. Is that a feature now or did the .mac addresses finally disappear?

Anyone else having that happen?

It's odd, because everything else works, or seems to, just fine...
 

G2244

macrumors member
Mar 4, 2009
89
2
Doesn't this go too far in the other direction though? I have used iCloud.com in the past when traveling (and don't have phone service) to access my email on a public computer, etc. Now if I don't have my device *and* have service I am screwed?
 

PinkyMacGodess

macrumors G3
Mar 7, 2007
8,335
4,407
Midwest America.
Couldn't they just go to a token system, something active that generates a number, like the Blizzard token fob. It would make sense to use that as an option. They could call it the iToken, and license it for other companies to use too...

Blizzard calls them 'Authenticators'...

authenticators.jpg

I did work a job that used the RSA SecureID tokens. It was funny that people sticky noted their passwords on the back of them all the time...:rolleyes:
 

WolfSnap

macrumors 65816
Sep 18, 2012
1,021
860
SoCal
This has been working for MONTHS!!

I noticed it a while ago when I logged in months ago. This isn't news, this is just a feature that hasn't been reported on yet.

The whole iCloud "break in" is the dumbest piece of reporting I've seen in a while.

They used a password like, "PASSWORD" or "passw0rd" or "Pass123" or something equally dumb. This is a story about idiots and their bad passwords, not about Apple. Ugh, pisses me off.
 

collegitdept

macrumors regular
Nov 17, 2009
109
39
Doesn't this go too far in the other direction though? I have used iCloud.com in the past when traveling (and don't have phone service) to access my email on a public computer, etc. Now if I don't have my device *and* have service I am screwed?

You can receive an Apple Push Notification instead of an SMS. They're free like iMessage so no cost if you're traveling overseas.

----------

The most important question remains: does this apply to accessing iCloud backups, Photo streams, etc...?

Can anyone please verify?
 

TheHateMachine

macrumors 6502a
Sep 18, 2012
846
1,354
Couldn't they just go to a token system, something active that generates a number, like the Blizzard token fob. It would make sense to use that as an option. They could call it the iToken, and license it for other companies to use too...

Blizzard calls them 'Authenticators'...

View attachment 492159

I did work a job that used the RSA SecureID tokens. It was funny that people sticky noted their passwords on the back of them all the time...:rolleyes:

http://en.wikipedia.org/wiki/SecurID

Blizzard uses RSA for their authentication system.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.