Two factor authentication question

Discussion in 'iOS 8' started by amro, Oct 15, 2014.

Tags:
  1. amro macrumors 6502

    Joined:
    Jul 7, 2008
  2. sk1wbw Suspended

    sk1wbw

    Joined:
    May 28, 2011
    Location:
    Williamsburg, Virginia
    #2
    I just get it via sms. Doesn't take more than 5 seconds or so to get.
     
  3. madsci954 macrumors 68030

    Joined:
    Oct 14, 2011
    Location:
    Ohio
    #3
    If you use a number, you get a text message. If you use a device, it's shows as a pop up on screen. If the device is locked with a code, then you have to unlock to view.
     
  4. ElectronGuru macrumors 65816

    Joined:
    Sep 5, 2013
    Location:
    Oregon, USA
    #4
    When you go to use it, you have the choice. Sign up for both and you'll have more options when it's needed.
     
  5. macduke Suspended

    macduke

    Joined:
    Jun 27, 2007
    Location:
    Central U.S.
    #5
    Yeah I did phone and multiple devices just in case. The more you have the less likely you'll lose the ability to reset it—unless you store the handwritten master code in a safety deposit box or something.
     
  6. amro thread starter macrumors 6502

    Joined:
    Jul 7, 2008
    #6
    Ok, thanks for the feedback.

    Dropbox give you a choice of either or. It looks like there is no advantage of one over the other.
     
  7. ominx macrumors 6502

    Joined:
    Jun 23, 2010
    #7
    Personally, I feel sending the code via SMS isn't all that secure. Unless you turn off "Show Previews" in Messages Options, the code will be displayed on your lock screen even with the phone locked. So if you loose your phone, 2 factor authentication becomes completely useless.
     
  8. amro thread starter macrumors 6502

    Joined:
    Jul 7, 2008
    #8
    Very good point. Did not think about losing the phone.
     
  9. Bailey macrumors newbie

    Bailey

    Joined:
    Feb 13, 2004
    Location:
    London, UK
    #9
    SMS relies on cellular reception too, which is sometimes an issue.
     
  10. Ev0d3vil macrumors 6502

    Joined:
    Sep 22, 2014
  11. Dan70 macrumors regular

    Joined:
    Aug 4, 2014
    Location:
    England
    #11
    I'd always suggest getting a text. It can be slow to come through sometimes if your signal isn't great but some other systems require Google Authenticator which is an absolute pain to get the six digit code from within the app then enter in with enough time to spare.

    Get SMS, Two Step is great with it. Incredibly secure.
     
  12. NoBoMac macrumors 6502a

    Joined:
    Jul 1, 2014
    #12
    As others have mentioned, I've got multiple options setup for Apple 2FA and the recovery key saved and encrypted in various cloud services and password managers.

    For other services, using Authy for one-time use key generation: Google, Facebook, Dropbox, and which ever other services come along and supports time tokens. App for iOS devices and Chrome extension/app to desktop access.
     
  13. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #13
    Try an alternative code generator. OTP Auth can show the codes in the notification center in iOS 8 via a widget. In the latest release it can even insert the codes directly within Safari via an action extension.

    Personally, I much prefer offline code generators because I don't always have good cellular connectivity while traveling, or there are expensive roaming fees for SMS. Unfortunately Apple's 2-factor authentication for iCloud does not support offline codes.
     
  14. ElectronGuru macrumors 65816

    Joined:
    Sep 5, 2013
    Location:
    Oregon, USA
    #14

    Update to this. With continuity in ios8, someone could steal your MB or ipad, have the code sent SMS, which shows up on their new screen:

    Beware two-factor authentication using Yosemite's SMS forwarding
    http://www.readability.com/m?url=ht...o-factor-authentication-using-sms-forwarding/

    Better to rely 100% on device identify I'd say
     
  15. NoBoMac macrumors 6502a

    Joined:
    Jul 1, 2014
    #15
    Ummm, doesn't the Mac and iPad have to be on the same wi-fi as the iPhone? So, not really an issue if the thief is still sitting in your home or at the same coffee shop.

    And in the case of Apple's 2FA, if you choose to send the code to a trusted device, instead of a phone number, and the device has a passcode, you have to unlock the device first to see the code.
     
  16. LV426 macrumors 6502a

    Joined:
    Jan 22, 2013
    #16
    Not really. You would have to lose the device you want to authenticate AND the phone that receives the SMS authentication code. If you're going to do that, you might as well leave your house keys under the door mat while you're at it!

    You are given the choice of which device you want to send the message to, at the time when you are being authenticated. If you'd lost your phone, you obviously wouldn't choose to send your authentication code to that device.

    Personally, I generally choose iMessage delivery. If you happen to be in an area of poor reception, you might not get an SMS code for some time. But if your iDevice has WiFi available, you'll get the code delivered almost instantaneously.
     

Share This Page