iCloud.com Now Utilizing Two-Factor Authentication

Solomani · Sep 16, 2014

camnchar said:
My naked selfies are safe!

They are only at-risk if you are as good looking as Kate Upton.

nilnova · Sep 16, 2014

This is tangential to this story but I was wondering if anyone else experienced it. This evening when I logged into Apple's "Manage my AppleID" site so that I could add my iPad Mini as a trusted device for two-factor, it said that my password was insecure/too easy and made me change it. I was surprised, because my password was randomly generated in a password manager. 12 alphanumeric characters, mixed case.

It's kind of a bummer because it seemed random enough to me, and I had it memorized.

Now it's 22 characters and I probably have no hope of memorizing it.

RicD · Sep 16, 2014

Now Utilizing Two-Factor Authentication

Sorry, I must have missed the memo that states "we will not utilize utilize rather than utilize use".

My education taught me that utilize is what our body does with medication, food, and the like. Thus, my perception when I see utilize utilized is someone is incorrectly utilizing utilize.

Now, that sentence does not sound good does it?

charlituna · Sep 16, 2014

newagemac said:
Just curious. If you turn on "Remember this Browser", does that mean you need to somehow reset the remembered browser if you sell your device? Or will resetting the device itself take care of that for you? If not, how do you reset what browsers are remembered?

Browser access to iCloud.com is only available on computer. This remember is likely tied to your account so unless you are selling it to someone who could figure out your account credentials, you're likely fine

----------

camnchar said:
Easy passwords, maybe. Apple is on the hook for never notifying the celebs in question that there were multiple failed attempts at logging in under their user name, allowing the criminals to keep trying, over and over, until they broke through.

You presume they had to try over and over. If this was truly a targeted attack it's possible they only had to guess a handful of times to figure out the password based on various known details. or they changed the password using security questions, again with details easy to find with some research, figuring the target would just think she was remembering the wrong password. Or maybe they phished the password. There's lots of ways that wouldn't necessarily alert anyone.

----------

ipoppy said:
So...in other words Apple admit had weak iCloud protection?

nope. Not at all. If anything they admit that users can be idiots and need to be handheld.

----------

collegitdept said:
Apple needs to apply this most importantly to iCloud backups!

And how exactly is that supposed to work. Because you can't get to the messages app to receive a message until the phone is at the home screen, after loading the backup.

So how exactly do you get SMS to work on the phone before the backup or reprogram the entire system to allow a backup to be restored after setting up the iPhone as new to get the code.

please answer in detail with appropriate code strings of how to make it work.

----------

LethalWolfe said:
It wasn't just about passwords.
The Police Tool That Pervs Use to Steal Nude Pics From Apples iCloud

That tool only works if you have the user name and password or physical access to a computer that has been logged into the account.

----------

WolfSnap said:
That might be true, but a good password would have prevented access -- no matter what.

A password like "correcthorsebatterystaple" would have been impossible to crack due to its length.

but it can still be phished which is another issue that many folks forget about. They use the same password everywhere and are stupid about clicking links in emails etc

LethalWolfe · Sep 16, 2014

charlituna said:
That tool only works if you have the user name and password or physical access to a computer that has been logged into the account.

Which is why the article also talks about the use of iBrute and an exploit in Find my iPhone (which apparently was patched days after the leaked photos went public).

charlituna · Sep 16, 2014

LethalWolfe said:
Which is why the article also talks about the use of iBrute and an exploit in Find my iPhone (which apparently was patched days after the leaked photos went public).

iBrute used a preselected batch of weak passwords, what was it 5000 of them. it's possible that these accounts didn't use one of them.

That exploit isn't really one of that much worth. do you really think the system wouldn't notice if someone was slamming an account over and over enough to hit all the passwords on the iBrute list.

LethalWolfe · Sep 16, 2014

charlituna said:
do you really think the system wouldn't notice if someone was slamming an account over and over enough to hit all the passwords on the iBrute list.

The reported bug/exploit in Find my iPhone supposedly allowed exactly that to happen.

Apple patches 'Find My iPhone' exploit

The code exploited a vulnerability with the Find My iPhone sign in page that allowed hackers to flood the site with password attempts without being locked out. By employing bruteforcing techniques, hackers could use this to guess the password used to protect the account.

ugahairydawgs · Sep 17, 2014

ben123456 said:
Same issue. School won't allow use of phones. So would I not be able to access pages in icloud then?

Not unless you turn off Two-Factor Authentication.

PinkyMacGodess · Sep 18, 2014

ptb42 said:
It's to give the user time to respond if someone manages to break into their account and lock them out by enabling 2-factor authentication.

But IF someone 'had' your account, they could theoretically enable 2FA on your account and then really lock your ass out. Right? Or am I misunderstanding the feature.

And on thinking about it further, using a token app to generate a pass sequence on the device that you would be using to access the account hardly makes sense... But I remain a believer in hardware 'authenticators'.

----------

Solomani said:
They are only at-risk if you are as good looking as Kate Upton.

No. There will always be someone who grabs your selfies 'just because' so that they can 'prove something' or 'get cred'. No matter how ugly you are...

----------

nilnova said:
This is tangential to this story but I was wondering if anyone else experienced it. This evening when I logged into Apple's "Manage my AppleID" site so that I could add my iPad Mini as a trusted device for two-factor, it said that my password was insecure/too easy and made me change it. I was surprised, because my password was randomly generated in a password manager. 12 alphanumeric characters, mixed case.

It's kind of a bummer because it seemed random enough to me, and I had it memorized.

Now it's 22 characters and I probably have no hope of memorizing it.

And it only gets worse as you get older...

Tech198 · Sep 18, 2014

This is good, but why aren't all apps two factor ?

Wouldn't this decrease security to as a whole ? Particularly, Find My iPhone.

revanmj · Sep 18, 2014

Tech198 said:
This is good, but why aren't all apps two factor ?

Wouldn't this decrease security to as a whole ? Particularly, Find My iPhone.

I guess Apple did this, so people stupid enough to not add some backup device (phone number of your wife, parent, friend or something like that) wouldn't get cut off when all their authorized devices get stolen.

MoodyM · Sep 24, 2014

Seems a bit daft, you can verify a device from the same device!

Search

Search

iCloud.com Now Utilizing Two-Factor Authentication

Solomani

macrumors 601

nilnova

macrumors member

RicD

macrumors member

charlituna

macrumors G3

LethalWolfe

macrumors G3

charlituna

macrumors G3

LethalWolfe

macrumors G3

ugahairydawgs

macrumors 68030

PinkyMacGodess

Suspended

Tech198

Cancelled

revanmj

macrumors member

MoodyM

macrumors 6502a

Our Staff