More likely you are tripping.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS Device Ransom Attacks Continue to Target Users in U.S. and Europe
- Thread starter MacRumors
- Start date
- Sort by reaction score
More likely you are tripping.
iMessage is not used to receive the codes. They are pushed to a specific device using APNS.
I'd like support for offline code generators as well.
They have both, actually.
You make it sound as if Apple is the only company with a single ID sign in. What about the ubiquitous, "Log in via Facebook" option that so many games and apps have? And what about all-things-Google (Gmail, YouTube, Chromecast, etc.), requiring a single Google account ID? Aren't those equally, if not more, concerning than Apple ID?
And don't get me started on the whole social media scene, where people feel the need to share every bit of their personal lives with the whole world, and then complain about lack of security after some hacker read on Twitter that the name of their first pet was "Cuddles" and manged to steal every penny from the person's bank account.
When people gripe about complexity, companies respond by making things easier. It's Customer Satisfaction 101. So if you feel the need to blame someone for a single ID making your personal data easier to steal, blame society as a whole, because we seem to be getting dumber and lazier with each passing generation.
You give "some" people on the internet too much credit but agreed lol
The most accurate and truest comment on the thread ( at least on in the 1st 2 pages
)
Um did you read the article. Its about ransomware. Not deleting your apps or important data.
OK so Help me understand. If I have this on and lose my device, how can I log into iCloud and find my phone to locate the device? Case and point, my son passed and his "friends" stole his devices. I was able to get into his iCloud acct and lock them AND find them since I did have access to his email and was able to reset his appleID. How would one accomplish this if 2-factor was on since logging into iCloud requires an auth code?
Also there is an option to call the phone with the code so again, you loose your device and someone hacks your account and tells the 2-factor to call u with the code. They answer the phone call (no touchID or unlock required) and get the code, login to iCloud and remove the lock on the device. I played with it some today and cant wrap my head around the inconvenience vs the potential issues it can cause. Seems your main phone# is automatically on and you can add additional so if you add additional # does that take the place of the main one?
No, 2-factor does make you enter the code to even login to iCloud.com. Hence my question above. Other question is my Windows PC with iCloud is listed as a trusted device but can't seem to get any code there so yeah what if you do only have 1 apple device, what then?
Last edited:
You give "some" people on the internet too much credit but agreed lol
The most accurate and truest comment on the thread ( at least on in the 1st 2 pages
These companies with there constant hacks and constant data breaches need to be forced to move to methods that leave them in a position that makes them not liable. I just found out my local burger chain here has been compromised. So joy now my credit card is once again in the "wild" why cause they refuse to take contactless payment. Why IDK cause it cost them a bit more to setup or cause they are trying to track my habits or like Wal-Mart trying to avoid paying credit card fees. Guess what it is going to cost you way more now that you have had a confined data breach of every customer you had. If it was scrambled one time use card number backed by touch ID I would just be like oh well i am safe.
I know i slid into a rant about not taking apple pay but it is just so glaring that apple pay was made not just to make apple money but to solve a very real issue.
The added bonus is it also secures phones or could secure your laptop or insert what every token based security you would like to use. I can not think a few but it is the ways i can't that will change the world i am sure.
So companies get with it. Scrub your data if you want me to swipe my card or embrace tech that was designed to protect your customers and your self from being sued.
Nobody said you had to use real answers, just ones you can remember. Your mom's maiden name could be Tuesday, your best friend in school Jobo, etc. put your answers in an app like 1password and your good to go.
First, MAC addresses don't leave the local network so they are unavailable on Apple's end of the TCP/IP traffic.
Secondly, iOS devices randomize MAC addresses continually as a security measure.
Lastly, MAC addresses are trivial to spoof.
I always hoped that most users understand that many, many, extremely smart people work tirelessly on how to improve upon these types of technology challenges. However, I'm proven wrong over and over again. Apple has many layers of great security in place to protect it's users (arguably the best device security on the planet). Unfortunately, it continues to be the case that users can subvert even the best tech and are their own worst enemies.
I'll return to the original topic to end my rant. This isn't about a problem with Apple's security implementation. This is a problem with users reusing account credentials on several services, not using available security features, and then complaining when it comes back to bite them in the ***.
This happened to one of my parents out of the nowhere yesterday. Account was locked, but (the original) 2-factor authentication was on so whoever attempted to get in didn't get far. Obviously we unlocked the account and changed the password. At least this explains that, I guess. Really glad 2-FA did it's job here.
In some cases, not even two step can protect you.
Youtuber Boogie2988 had his accounts hacked because someone stole his phone number thanks to Verizon.
Not at all. Every company is pushing single sign on, and a common I'd that links everything . Microsoft , Google are no better etc
I much prefer the pros but you need to consider the cons .
Society includes tech. And i blame the inherent laziness in development these days, where the attitude , close enough is good enough, release it and fix the bugs later . I've seen a major shift in the last 20 years.
The best thing to do in this case is to have another family member or trusted friends phone number included as one of your options to receive the code. You can choose which device gets the code at the login screen. I don't know why your PC is not able to receive the code - that's a separate issue.
However, if you do receive one of these ransom demands (because your account was hacked and you were not using 2FA) - I would suggest you immediately shut down the device(s) to stop them being erased and then get in touch with Apple and explain the situation. Hopefully they will be able to help you recover the account, after they make sure it's really you.
Finally, everyone should use a password manager and then use very strong and unique passwords for everything. I use 1Password on my desktop and mobile.
Some years back (during Jobs) my iTunes account got hacked because i used the same password on other sites, luckily they only bought some chinese apps and Apple restored everything.
Lesson learned
Lesson learned
Agree with what you say about users. MAC address was not the best choice for my example. Say Apple helps the users out buy checking device ID the same as they do when upgrading software. How do you think they know what a trusted device is? Agree Apple does a good job with our security compared to others. Apple places themselves above the pack by making products easy and transparent to use. Nice if they were able to do more for security, was my point. Not well articulated, however.
But the fact is 99% people just judge article contents by just glancing at article title since they are often concise and short.
[doublepost=1468079568][/doublepost]
I have upgraded my Apple ID password so that it is about 25 characters long and contains random characters.
My security question answers are also just random strings. No way they can use any sort of search methods to find the answer.
But 2FA is a bit dangerous if I want to test beta software. Having password alone is good in this case. There are bugs in early beta preventing 2FA working properly.
Nope. After logging in with the password, you'll find a "Find my iPhone" button below the list of trusted devices. If a bad guy has the password, they can simply go there and locate or lock your devices without needing a security code.
It depends on how you setup your login to icloud.com. When you first login after setting up 2FA, it will ask you for a verification code. After entering that code it will ask if you want to remember this browser as a trusted login for the iCloud.com account. If you tell it to remember the browser, then the next time you login you will not be asked for a verification code. But if you do not tell it to remember the browser, you will be asked for a verification code each time.
If you have said to trust the browser and you want to revoke that, you can sign out and uncheck this box to revoke.
No. Here's the login screen after logging in using an untrusted browser. Note the buttons at the bottom:
I think you are misunderstanding what I am saying. You said that screen is after logging in. My point is you cannot login to an untrusted browser to see that screen unless you enter the verification code that was sent to a trusted device.
I just tried to login with an untrusted browser and I get this. So without access to the trusted device to receive the code you would never be able to get to the screen you showed.
Edit: Note that you are using two-step authentication and not two-factor which is new with iOS9 and El Capitan. Two different things.
Last edited:
No, I fully understand what you are saying. My point still stands but ...
This is apparently the key. 2-step verification behaves like I described above (i.e. you can use "find my iphone" without having a verification code), the new 2-factor authentication apparently works differently. I am still on 2-step because I like being able to restore access using the recovery key in case I lose all trusted devices, whereas with 2-factor you have to go through a lengthy process with Apple support. But I'm reconsidering this now due to the safer icloud.com login ...