iOS Security flaw and help please

Discussion in 'iOS 9' started by scouser75, Feb 28, 2016.

  1. scouser75 macrumors 6502a

    Joined:
    Oct 7, 2008
    #1
    Guys, there seems to be a major flaw with Apple's security notifications! I currently use a .mac email address. But when ever I receive email notifications from Apple if I log into iCloud elsewhere or turn off Find My iPhone, I get the email on my .mac email.

    If someone has hacked into my iCloud account they will immediately delete the email from Apple therefore I would never know I'd been hacked.

    Is there a way to change the email address to which ONLY these emails are sent? All my other emails I would like on my iCloud email address.
     
  2. I7guy macrumors G5

    Joined:
    Nov 30, 2013
    Location:
    What Exit?/Saguaro Country
    #2
    Turn on two factors authentication, it makes it impossible to hack into your account.
     
  3. NoBoMac macrumors 6502a

    Joined:
    Jul 1, 2014
    #3
    Ditto what I7guy said: turn on two-factor authentication. In this day and age, it really is a must-do to help secure one's digital life.

    And setup your trusted devices and phone number. And add a secondary e-mail account, so that when something does change, both the primary and secondary e-mail accounts get a notification. In addition to my primary account, I've setup my various accounts to have secondary accounts/e-mails spread over three other accounts/services, with no overlap. So if one service is compromised, I still get a notice (eg. not sending .icloud e-mails to just that account, Google not using a different Google address for secondary account).

    if you have an internet provider, setup a mail account with them and have secondary notices go there. Or a Google account. Or Outlook.com. Or Yahoo!. Etc.

    So, not a flaw, imo. Apple gives you the tools to setup the level of security you want, and if one wants to go single-point of failure re: security, so be it.
     
  4. vertsix macrumors 65816

    vertsix

    Joined:
    Aug 12, 2015
    #4
    This is not a security flaw. If someone hacked your iCloud account, they'd get access to everything on your iCloud. Prevent this by using Two-factor Authentication.
     
  5. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
  6. scouser75 thread starter macrumors 6502a

    Joined:
    Oct 7, 2008
    #6
    Thanks guys for replies. I have just turned on 2 factor authentication.

    But regarding the secondary email accounts - I have set this up and use my gmail and hotmail. But Apple will not send emails to these accounts if my iCloud account was accessed from an unknown location / location you haven't previously used / device you haven't previously used previously. In these cases, they send the email to your day-to day iCloud account. That is the thing I find odd. Surely that should also be a "security related" email!

    They do send emails to the secondary account if you change security questions etc.
     
  7. steve23094 macrumors 68000

    steve23094

    Joined:
    Apr 23, 2013
    #7
    I think I see a flaw with two factor authentication.

    You are robbed and your iPhone is stolen. Because you want to catch the thief you try to login to your account and activate Find My iPhone on the first device you can get your hands on, it could even be a stranger's or police officer's device. You can't login because your security code is sent to your now stolen phone. Any other trusted devices are a long distance and time away.

    Is this correct? Because that's why I have never enabled it.
     
  8. Armen macrumors 604

    Armen

    Joined:
    Apr 30, 2013
    Location:
    127.0.0.1
    #8
    I think so. Same reason I didn't turn mine on as well.
     
  9. I7guy macrumors G5

    Joined:
    Nov 30, 2013
    Location:
    What Exit?/Saguaro Country
    #9
    I have an alternate email That can be used to recover a password. Never tried it but theoretically should work. I'd rather lose the device than my data anyway.
     
  10. vertsix macrumors 65816

    vertsix

    Joined:
    Aug 12, 2015
    #10
    Find My iPhone does not require Two-factor Authentication.
     
  11. MrAverigeUser macrumors 6502a

    MrAverigeUser

    Joined:
    May 20, 2015
    Location:
    europe
    #11
    If you have a second email for access you van use the second email adress to disable the one that got hacked.
    And after that you can go for two gactor authetification and find my mac... Or not?

    Clouds are NEVER EVER secure.

    The only cloud Imwould trust for privacy was the cloud in my own house... And nowhere else...
     
  12. steve23094 macrumors 68000

    steve23094

    Joined:
    Apr 23, 2013
    #12
    Are you sure? I can't test it because two factor authentication is not available for my ID yet. Can anyone else confirm this after testing?

    Reading through here https://support.apple.com/en-gb/HT204152 which is about two step verification you have to use a code when you:-
    • Sign in to iCloud on a new device or at iCloud.com
    On a non-iOS device Find My iPhone is behind your login at iCloud.com
     
  13. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #13
    Find my iPhone is specifically excepted from 2-step/2-factor requirements.
     
  14. steve23094 macrumors 68000

    steve23094

    Joined:
    Apr 23, 2013
    #14
    How do you access it when it's behind your login at iCloud.com?

    I was prepared to get off my backside and try to figure this out myself. When I went to test by enabling 2 step verification I can't, I'm temporarily locked out from making any major changes to my account because I recently altered my password. So I'm relying on others at the moment.
     
  15. chabig macrumors 68040

    Joined:
    Sep 6, 2002
    #15
    You go to www.icloud.com/find and provide your iCloud login credentials (username and password) and Find my iPhone works. Two factor authentication isn't required for this use. See https://support.apple.com/en-us/ht201472
     
  16. scouser75 thread starter macrumors 6502a

    Joined:
    Oct 7, 2008

Share This Page