Security question

Discussion in 'Apple Music, Apple Pay, iCloud, Apple Services' started by gman901, Sep 3, 2014.

  1. gman901 macrumors 6502a

    Joined:
    Sep 1, 2007
    Location:
    Houston, TX
    #1
    So I keep hearing from all the Tech media and major news programs to enable 2 Factor Authentication with Apple to protect your account and data online, yet as far as I know, all you need is your login and password on any browser to access icloud online. So where does 2 Factor help secure data on Apple's servers? I am an Apple supporter but I'm pretty concerned anyone can log online to anyone's account if they have the PW.
     
  2. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #2
    It really doesn't. All the two factor does is make it more difficult for someone to reset your password and get access to your account that way. But if they have your password, two factor does northing to keep them out.
     
  3. FoxFifth macrumors 6502

    Joined:
    Oct 18, 2012
    #3
    From http://support.apple.com/kb/ht5570
     
  4. gman901 thread starter macrumors 6502a

    Joined:
    Sep 1, 2007
    Location:
    Houston, TX
    #4
    So it just prevents someone from changing my PW and making unauthorized purchases on my account. Does anyone know if Apple will finally apply 2 factor authentication any time someone accesses an account that is not a trusted device? I know MS and Google do this. I can't just use my PW on a device that's not trusted - they both send text messages to my phone and make me place the code into the browser pop up.
     
  5. Menel macrumors 603

    Menel

    Joined:
    Aug 4, 2011
    Location:
    ATL
    #5
    If you lose/have your iPhone stolen.
    Log into Find My Phone to locate/wipe it.
    Only to be prompted to use your iPhone as your two-factor auth.
    ...fail

    If you lose/break your iPhone.
    Get a replacement.
    Attempt to restore.
    Restore asks for your lost/broken iPhone to give two-factor auth.
    ...fail

    Your best bet, is to prevent your password from being stolen/reset in the first place by:
    1. having two factor enabled so it can only be reset by what you know + what you have.
    2. Apple fixed the brute force vulnerability on Find My Phone website.
     

Share This Page