Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iCloud.com Now Utilizing Two-Factor Authentication

D

digitalove

macrumors regular
Jun 12, 2012
197
1
Not working for me: once I log into iCloud.com I can access my apps without any extra login.

Should I enable this two-factor authentication or maybe the roll out isn't done yet?
 
C

camnchar

macrumors 6502
Jan 26, 2006
434
415
WolfSnap said:
This has been working for MONTHS!!

I noticed it a while ago when I logged in months ago. This isn't news, this is just a feature that hasn't been reported on yet.

The whole iCloud "break in" is the dumbest piece of reporting I've seen in a while.

They used a password like, "PASSWORD" or "passw0rd" or "Pass123" or something equally dumb. This is a story about idiots and their bad passwords, not about Apple. Ugh, pisses me off.
Click to expand...

Easy passwords, maybe. Apple is on the hook for never notifying the celebs in question that there were multiple failed attempts at logging in under their user name, allowing the criminals to keep trying, over and over, until they broke through. Two-factor authentication should prevent that from happening again, even if a criminal guesses (or uses a program to find) an easy password.
 
C

collegitdept

macrumors regular
Nov 17, 2009
109
39
PinkyMacGodess said:
Couldn't they just go to a token system, something active that generates a number, like the Blizzard token fob. It would make sense to use that as an option. They could call it the iToken, and license it for other companies to use too...

Blizzard calls them 'Authenticators'...

View attachment 492159

I did work a job that used the RSA SecureID tokens. It was funny that people sticky noted their passwords on the back of them all the time...:rolleyes:
Click to expand...

This IS a token system. Only that the 4 digit passcode is sent to a phone via a Push Notification.

This is better since most don't have token generators and are expensive. Also the user must have the token generator on person at all times to login.
 
PinkyMacGodess

PinkyMacGodess

Suspended
Mar 7, 2007
10,271
6,226
Midwest America.
collegitdept said:
This IS a token system. Only that the 4 digit passcode is sent to a phone via a Push Notification.

This is better since most don't have token generators and are expensive. Also the user must have the token generator on person at all times to login.
Click to expand...

$6.50 for the Blizzard 'Authenticators'...

AND the 'Authenticator' could be an app too...
 
C64

C64

macrumors 65816
Sep 3, 2008
1,236
222
digitalove said:
Not working for me: once I log into iCloud.com I can access my apps without any extra login.

Should I enable this two-factor authentication or maybe the roll out isn't done yet?
Click to expand...
Yes, you need to enable two-step verification in order for two-step verification to work...
 
SMIDG3T

SMIDG3T

Suspended
Apr 29, 2012
3,859
2,316
England
zorinlynx said:
I'd like to enable this, but am wondering...

Does it do the two factor EVERY TIME? Or does it place a cookie on your computer so that you don't have to do it again unless you change computers (or delete the cookie)?

My bank uses two factor, but it remembers each device so you only have to use it when logging in from a new device.
Click to expand...

You can check "Remember This Browser" and as long as you use the same computer and funnily enough the same browser you won't need to this every time.
 
revanmj

revanmj

macrumors member
Jun 2, 2010
73
177
Poland
Access to iCloud.com apps like Mail, Contacts, Calendar, Reminders, Pages, Numbers, and Keynote is restricted until the verification code is entered on the website, but Find My iPhone remains accessible.
Click to expand...

So you still can wipe a device remotely without a one-time authorization code?
 
PinkyMacGodess

PinkyMacGodess

Suspended
Mar 7, 2007
10,271
6,226
Midwest America.
Blizzard uses the Vasco Digipass Go 6 and at the prices Blizzard charged originally, I can't think they made much, if any, money off selling them, but after their huge hacking incident, it made sense...

Some might think it extreme, but wait until YOU are hacked.

I like the impression of security that a token gives people. I think pretty soon, with the way things are going, we will all have one implanted at birth...
 
LV426

LV426

macrumors 68000
Jan 22, 2013
1,836
2,266
PinkyMacGodess said:
$6.50 for the Blizzard 'Authenticators'...

AND the 'Authenticator' could be an app too...
Click to expand...

Rubbish idea. It's madness to think of lugging around a 2FA fob when an iPhone will do exactly the same job. As well as a lot of other things like... being a smartphone.
 
PinkyMacGodess

PinkyMacGodess

Suspended
Mar 7, 2007
10,271
6,226
Midwest America.
LV426 said:
Rubbish idea. It's madness to think of lugging around a 2FA fob when an iPhone will do exactly the same job. As well as a lot of other things like... being a smartphone.
Click to expand...

But the communication to the iPhone can be hacked too. And what if you're not in an area where you can get a message?

Apple *could* use an app to generate tokens too...

----------
collegitdept said:
Apple needs to apply this most importantly to iCloud backups!
Click to expand...

Yeah, finding out that the backups weren't protected was like finding out that there really IS a Santa Clause and he won't be coming this year...
 
N

newagemac

macrumors 68020
Mar 31, 2010
2,091
23
G2244 said:
Doesn't this go too far in the other direction though? I have used iCloud.com in the past when traveling (and don't have phone service) to access my email on a public computer, etc. Now if I don't have my device *and* have service I am screwed?
Click to expand...

Don't ever access your accounts on a public computer. You're just asking for problems. I either use my phone or my laptop or tablet. If I have none of those I just don't login. I survived without internet before and I just make sure I'm never without a personal device with access if it is important.

----------
revanmj said:
So you still can wipe a device remotely without a one-time authorization code?
Click to expand...

Not going to do anyone any good since you still need the username and password to access the iCloud account when setting the wiped device back up.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom