Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS Security flaw and help please

S

scouser75

macrumors 68030
Original poster
Oct 7, 2008
2,961
620
Guys, there seems to be a major flaw with Apple's security notifications! I currently use a .mac email address. But when ever I receive email notifications from Apple if I log into iCloud elsewhere or turn off Find My iPhone, I get the email on my .mac email.

If someone has hacked into my iCloud account they will immediately delete the email from Apple therefore I would never know I'd been hacked.

Is there a way to change the email address to which ONLY these emails are sent? All my other emails I would like on my iCloud email address.
 
scouser75 said:
Guys, there seems to be a major flaw with Apple's security notifications! I currently use a .mac email address. But when ever I receive email notifications from Apple if I log into iCloud elsewhere or turn off Find My iPhone, I get the email on my .mac email.

If someone has hacked into my iCloud account they will immediately delete the email from Apple therefore I would never know I'd been hacked.

Is there a way to change the email address to which ONLY these emails are sent? All my other emails I would like on my iCloud email address.
Click to expand...
Turn on two factors authentication, it makes it impossible to hack into your account.
 
  • Like
Reactions: Strategery, ohio.emt and NoBoMac
Ditto what I7guy said: turn on two-factor authentication. In this day and age, it really is a must-do to help secure one's digital life.

And setup your trusted devices and phone number. And add a secondary e-mail account, so that when something does change, both the primary and secondary e-mail accounts get a notification. In addition to my primary account, I've setup my various accounts to have secondary accounts/e-mails spread over three other accounts/services, with no overlap. So if one service is compromised, I still get a notice (eg. not sending .icloud e-mails to just that account, Google not using a different Google address for secondary account).

if you have an internet provider, setup a mail account with them and have secondary notices go there. Or a Google account. Or Outlook.com. Or Yahoo!. Etc.

So, not a flaw, imo. Apple gives you the tools to setup the level of security you want, and if one wants to go single-point of failure re: security, so be it.
 
  • Like
Reactions: ohio.emt, mgroot and I7guy
scouser75 said:
Guys, there seems to be a major flaw with Apple's security notifications! I currently use a .mac email address. But when ever I receive email notifications from Apple if I log into iCloud elsewhere or turn off Find My iPhone, I get the email on my .mac email.

If someone has hacked into my iCloud account they will immediately delete the email from Apple therefore I would never know I'd been hacked.

Is there a way to change the email address to which ONLY these emails are sent? All my other emails I would like on my iCloud email address.
Click to expand...

This is not a security flaw. If someone hacked your iCloud account, they'd get access to everything on your iCloud. Prevent this by using Two-factor Authentication.
 
  • Like
Reactions: Strategery and I7guy
Thanks guys for replies. I have just turned on 2 factor authentication.

But regarding the secondary email accounts - I have set this up and use my gmail and hotmail. But Apple will not send emails to these accounts if my iCloud account was accessed from an unknown location / location you haven't previously used / device you haven't previously used previously. In these cases, they send the email to your day-to day iCloud account. That is the thing I find odd. Surely that should also be a "security related" email!

They do send emails to the secondary account if you change security questions etc.
 
I think I see a flaw with two factor authentication.

You are robbed and your iPhone is stolen. Because you want to catch the thief you try to login to your account and activate Find My iPhone on the first device you can get your hands on, it could even be a stranger's or police officer's device. You can't login because your security code is sent to your now stolen phone. Any other trusted devices are a long distance and time away.

Is this correct? Because that's why I have never enabled it.
 
steve23094 said:
I think I see a flaw with two factor authentication.

You are robbed and your iPhone is stolen. Because you want to catch the thief you try to login to your account and activate Find My iPhone on the first device you can get your hands on, it could even be a stranger's or police officer's device. You can't login because your security code is sent to your now stolen phone. Any other trusted devices are a long distance and time away.

Is this correct? Because that's why I have never enabled it.
Click to expand...

I think so. Same reason I didn't turn mine on as well.
 
steve23094 said:
I think I see a flaw with two factor authentication.

You are robbed and your iPhone is stolen. Because you want to catch the thief you try to login to your account and activate Find My iPhone on the first device you can get your hands on, it could even be a stranger's or police officer's device. You can't login because your security code is sent to your now stolen phone. Any other trusted devices are a long distance and time away.

Is this correct? Because that's why I have never enabled it.
Click to expand...

Find My iPhone does not require Two-factor Authentication.
 
  • Like
Reactions: Strategery and chabig
If you have a second email for access you van use the second email adress to disable the one that got hacked.
And after that you can go for two gactor authetification and find my mac... Or not?

Clouds are NEVER EVER secure.

The only cloud Imwould trust for privacy was the cloud in my own house... And nowhere else...
 
vertsix said:
Find My iPhone does not require Two-factor Authentication.
Click to expand...

Are you sure? I can't test it because two factor authentication is not available for my ID yet. Can anyone else confirm this after testing?

Reading through here https://support.apple.com/en-gb/HT204152 which is about two step verification you have to use a code when you:-
  • Sign in to iCloud on a new device or at iCloud.com
On a non-iOS device Find My iPhone is behind your login at iCloud.com
 
steve23094 said:
Are you sure? I can't test it because two factor authentication is not available for my ID yet. Can anyone else confirm this after testing?

Reading through here https://support.apple.com/en-gb/HT204152 which is about two step verification you have to use a code when you:-
  • Sign in to iCloud on a new device or at iCloud.com
On a non-iOS device Find My iPhone is behind your login at iCloud.com
Click to expand...
Find my iPhone is specifically excepted from 2-step/2-factor requirements.
 
  • Like
Reactions: Strategery, ohio.emt, vertsix and 1 other person
chrfr said:
Find my iPhone is specifically excepted from 2-step/2-factor requirements.
Click to expand...

How do you access it when it's behind your login at iCloud.com?

I was prepared to get off my backside and try to figure this out myself. When I went to test by enabling 2 step verification I can't, I'm temporarily locked out from making any major changes to my account because I recently altered my password. So I'm relying on others at the moment.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back