Upset I need to enable 2 factor Authentication to use AirTags

[fischersd]

By what mechanism? I’m not arguing—I think about these things a lot and I want to know if there’s a hole. The big one is phishing, but the problem there is the secondary code can also be phished, unless I go with a proper Yubikey/TPM requirement which is a major usability headache.


I do a ton of work inside of Virtual Machines which need to be re-setup each time.

As it's cryptic, you're going to be slower typing it than if it were something more natural (muscle memory comes into play if you've had it long enough...you don't even think of it) - keystrokes can be observed anywhere that you're not alone - if they have a photographic memory, they may have your password.

That's certainly an interesting use case - needing to be setting up VM's. I take it this is for work? Or are you doing some playing around making a hackintosh with ESX? If it's for work, I'd have another Apple ID for that purpose.

If it's something you'd rather not discuss publicly, you can PM me and we can bounce it around.

 

[Wowfunhappy]

As it's cryptic, you're going to be slower typing it than if it were something more natural (muscle memory comes into play if you've had it long enough...you don't even think of it) - keystrokes can be observed anywhere that you're not alone - if they have a photographic memory, they may have your password.

I can type very quickly! Watching someone's keystrokes is extremely hard to do at fast speeds, especially while being surreptitious about it. If some trained spy out of a James Bond film wants to get into my Apple account, a five-dollar wrench would be simpler and more effective. (Not to mention a SIM swap.)

 

[jhollington]

Why can’t the user have a choice about this?

Because most users aren't nearly as security conscious as you obviously are, and Apple has to deal with the least common denominator in making things as secure as possible.

The entire reason that Touch ID came to the iPhone was because most people couldn't be bothered using iPhone passcodes at all, as it was just really inconvenient. Touch ID was designed to make it far easier for people to secure — and encrypt — their data.

Arguably, this was a step in the opposite direction compared to 2FA, but if you look at what Apple and others are doing, it's clear that it's ultimately moving toward an entirely passwordless future. 2FA is just a necessary step along the way.

Listen: my Apple ID password is a fully-random string of letters, numbers, and special characters. Generated via rolling dice. I spent a day memorizing it and it’s not used on any other service. No one is getting that password.

That's good security practice, but sadly, not everybody does that. In fact, almost nobody does out in the real world, and you know that Apple is going to get the blame when someone's account gets hacked because they chose an obvious password and didn't set up 2FA. Look at the celebrity photos scandal a few years ago — to this day most people still believe that was a failure on Apple's part, as opposed to Paris Hilton using her dog's name as her password.

By what mechanism? I’m not arguing—I think about these things a lot and I want to know if there’s a hole. The big one is phishing, but a secondary factor code doesn't protect against that as it can also be phished, unless I go exclusively with a proper Yubikey/TPM setup which is a major usability headache!

There are several issues with a simple password configuration:

1. Phishing, as you've already mentioned, is a big problem, and a secondary factor code helps to prevent against that because it's also a one-time code. Unless it's a MITM real-time phishing attack (which, to be fair, are becoming a bit more common), a hacker who steals the code can't use it for more than 30 seconds.
2. Secondly, Apple's 2FA is a bit more sophisticated than simply an OTP. It will also look for suspicious login patterns. This helps protect you from real-time phishing attacks, since even if the OTP is replayed immediately on the other end, if that's being done in China while you're sitting in L.A., it raises a big red flag, and Apple will naturally deny the secondary login attempt. Granted, Apple could do the same with normal passwords, although AFAIK they don't. Plus, since a password lasts for weeks or months, it could be used at a more convenient time when it would set off fewer alarm bells.
3. Apple's 2FA is also designed in such a way as to prevent persistent access once you've been authenticated. The hacker would eventually have to log in again, for which they'd need another OTP, and they can't add a trusted device to receive more 2FA codes without you knowing about it — and being able to remove it.
4. All of this also applies to malware and keyboard capture attacks. Unless you only ever log in to your Apple ID or iCloud from a 100% trusted browser, you're potentially giving away your password. This potentially includes work and school computers, unless you really trust your IT department to stay on top of these things. However it's not just malware — there have been cases where hackers have installed hardware key logging devices in university computer labs to capture dozens of passwords. Unless you check for suspicious devices plugged into the computer you're using every time you enter your password, you're potentially vulnerable to this.

It's also worth noting that Apple's 2FA isn't just a secondary code. It enables OAuth-style advanced public key cryptography to secure your account once you're logged in, so that the password doesn't have to actually be stored on your devices in order to stay logged in. This is why features like Unlock with Apple Watch require that you have 2FA enabled — your Apple Watch isn't simply identifying itself to your MacBook or iPhone — it's exchanging this cryptopgraphialclly generated authentication key.

But more than that, I'm very scared of being inadvertently locked out of my account! That seems like a much greater danger than an attacker somehow getting ahold of my extremely secure password!

Certainly if you practice good security practices, you may not benefit much from 2FA in terms of your own security — although there will be Apple features you will be unable to benefit from, as those require 2FA. However, I've been using 2FA for years on my Apple and Google accounts, among others, and I have never felt at risk of being locked out of anything — and I couldn't even tell you where my printed backup codes are as I'm about as good as you are at keeping pieces of paper handy 😂

However, it's also not realistic to expect Apple to lower its security standards on the assumption that everybody is going to use best security practices, since realistically more than 99% of Apple users won't. I worked as an IT security consultant and project manager for 20+ years, and trust me when I say that most people don't practice anything even close to good security habits.

I remember one my clients had to pass a policy years ago that threatened to terminate any employee who left their passwords taped on a post-it note on their computer monitors, after a whole bunch of high-security accounts were compromised by a group of hackers who paid off the janitor to simply make a list while he was emptying wastebaskets at night.

 

[Wowfunhappy]

However, it's also not realistic to expect Apple to lower its security standards on the assumption that everybody is going to use best security practices, since realistically more than 99% of Apple users won't. I worked as an IT security consultant and project manager for 20+ years, and trust me when I say that most people don't practice anything even close to good security habits.

I think that people should be trusted to assess risks for themselves. It's one thing if you work for a company and are collectively responsible for the security of your co-workers—and in that vein, I also understand why Apple requires 2FA for developer accounts with the ability to sign apps.

But if someone else is able to figure out where my Airtags are, the only person that hurts is myself. Requiring 2FA in order to use Airtags is just punishing people for their own individual choices.

I agree that Apple should enroll new accounts in 2FA by default, which includes forcing everyone through the initial setup process once, so it isn't shrugged off by users who can't be bothered to spend two minutes adding a trusted phone number. Afterwards, however, I should be able to go into my account settings, read through a bunch of scary warnings about the importance of a unique and secure password, and finally switch off 2FA. Apple could even add a one-week waiting period to be extra cautious.

 

[jhollington]

I think that people should be trusted to assess risks for themselves

Again, as somebody who has worked in this field for a very long time, I'm just going to be blunt and say that when it comes to digital security, people are idiots.

Some of that of course is a matter of being uninformed — people truly don't understand the risks involved, or they think they're immune to them (e.g. "I'm a nobody, why would anyone care?") — while others just can't be bothered with the hassle.

What's funny, however, is that because of how Apple has built its systems, not using 2FA is already more inconvenient than turning it on. My dad called me up just last month complaining that his TV app, iPhone, and Apple Watch are constantly asking him to re-enter his password every few days. I told him to turn on 2FA and walked him through it and he hasn't had a problem since.

Granted, that's at least partially on Apple, but it also has to do with the fact that without a more secure form of authentication it wants users to re-enter their passwords more often to confirm that they are who they say they are, as well as the technological limitations of using OAuth-style cryptographic keys without much stronger authentication behind them. These are problems Apple could solve with simple passwords, of course, but that takes time and engineering resources to try and plug holes in what's already inherently a less secure system for 99% of its users.

But if someone else is able to figure out where my Airtags are, the only person that hurts is myself. Requiring 2FA in order to use Airtags is just punishing people for their own individual choices.

That could also potentially hurt Apple if somebody hacks into your account, finds out where your AirTags are, and then uses that information to assault you. That makes the news, and the headlines don't read, "Person got attacked because they used an insecure password" — instead they'll all say things like "Apple's Flawed AirTags Led to a Deadly Assault."

Consider all of the heat that Apple has gotten over the AirTags and the anti-stalking features they do have. Nobody is pointing out that Apple is the first company to even think of implementing these features, instead everybody is criticizing it for not doing enough. To be clear, some of these criticisms are totally fair, but we should still give credit where credit is due, but my real point is that Apple is going to shoulder the blame for almost any bad behaviour that occurs using its devices or services, no matter how hard it tries to prevent it.

Again, all we have to do is look at the "celebgate" iCloud hack from a few years back. Ask the average person, and they'll tell you it happened because iCloud was insecure enough for hackers to get into it, and it was therefore all Apple's fault. In fact, that was one of the key incidents that prompted Apple to add 2FA in the first place.

Remember that most people's idea of IT security comes from watching movies like Swordfish.

I agree that Apple should enroll new accounts in 2FA by default, which includes forcing everyone through the initial setup process once, so it isn't shrugged off by users who can't be bothered to spend two minutes adding a trusted phone number. Afterwards, however, I should be able to go into my account settings, read through a bunch of scary warnings about the importance of a unique and secure password, and finally switch off 2FA. Apple could even add a one-week waiting period to be extra cautious.

I don't disagree with that in principle, but I also know Apple will never do that. The company doesn't carve out exceptions for edge cases — it's really too big for that — so it's going to stick to what most users need.

You can see that in all of its built-in apps, which are about as basic as they come. Of course, the App Store provides plenty of alternatives for those who want something more, so it's an imperfect comparison, but it does provide an example of how Apple thinks.

It's going to provide the services and features that meet the needs of the majority of its users, and this is even more true in the case of 2FA, which is about protecting people against tangible harm, and where it really would be designing an exception for what I imagine is less than 1% of all Apple device owners. Even if it was willing to do that, it's hard to justify the expenditure to write the code and support that.

 

[Wowfunhappy]

I don't disagree with that in principle, but I also know Apple will never do that. The company doesn't carve out exceptions for edge cases — it's really too big for that — so it's going to stick to what most users need.

You can see that in all of its built-in apps, which are about as basic as they come. Of course, the App Store provides plenty of alternatives for those who want something more, so it's an imperfect comparison, but it does provide an example of how Apple thinks.

It's going to provide the services and features that meet the needs of the majority of its users, and this is even more true in the case of 2FA, which is about protecting people against tangible harm, and where it really would be designing an exception for what I imagine is less than 1% of all Apple device owners. Even if it was willing to do that, it's hard to justify the expenditure to write the code and support that.

Well—and I'm not saying you're wrong—but this is what drives me nuts about Apple, and it's something I think they need to improve now that they're taking over so much of the modern world, and becoming an indispensable asset of modern life.

IMO, these features should follow the exact same principle as accessibility technologies like Voiceover. Voiceover will only ever be used by a minuscule percentage of Apple customers, but for them, it's an absolutely vital feature. Admittedly, for me 2FA would just be an inconvenience (combined with worries about loosing access to my account)—but what if I didn't have my own mobile phone, or I was charged for every SMS message I received, or I didn't get service at my house? People's lives are unique and complicated, and they need to be given agency. (And notably, these are also the types of working-class people who don't post on internet forums much, so we tend to not hear from them!)

This also goes for things like iOS side-loading btw, but I'm well aware that's a whole 'nother can of worms!

 

[TiggrToo]

I think that people should be trusted to assess risks for themselves

You jest, surely?

People can’t be trusted not to use “123456” as a password.

People, as a rule, are utterly clueless about security.

People, as a whole, are totally unable to perform a personal risk assessment.

 

[haruhiko]

Now people have it backwards and argue against the importance of 2FA. Fine, don’t enable it, you are just one password leak away from losing your entire digital life with your Apple account.

 

[KOTN91]

Now people have it backwards and argue against the importance of 2FA. Fine, don’t enable it, you are just one password leak away from losing your entire digital life with your Apple account.

Far more likely to be locked out forever due to having an old email on there, old number for trusted contact, lost the device etc. It’s not for me. Way more trouble than it’s worth.

 

[StumpyBloke]

Far more likely to be locked out forever due to having an old email on there, old number for trusted contact, lost the device etc. It’s not for me. Way more trouble than it’s worth.

What’s the problem? It’s to do with the fact that people don’t agree with you. You’ve got your opinion to which you are entitled to, others have their own opinions to which they are equally entitled to. And 2FA is worldwide across all tech companies, not just Apple. Sooner or later all companies are going to absolutely insist on it 100% and how you deal with this is your choice and your problem.

 

[jsf721]

I ended up returning the air tags. After going with 2 factor authentication I was told the location by foot is not compatible witn my XS.
I’ll wait for gen 2.

 

[jhollington]

I ended up returning the air tags. After going with 2 factor authentication I was told the location by foot is not compatible witn my XS.
I’ll wait for gen 2.

“Location by foot?” I assume you mean the Precision Finding feature? That will never be compatible with anything older than an iPhone 11 as it requires a U1 chip that’s only found in the iPhone 11 and iPhone 12.

That said, if you’re sticking with an iPhone XS for a while, there are third party Find My compatible tags like Chipolo’s One Spot that do almost everything the AirTags do without the Precision Finding (which you can’t use anyway unless you upgrade your iPhone).

 

[jsf721]

“Location by foot?” I assume you mean the Precision Finding feature? That will never be compatible with anything older than an iPhone 11 as it requires a U1 chip that’s only found in the iPhone 11 and iPhone 12.

That said, if you’re sticking with an iPhone XS for a while, there are third party Find My compatible tags like Chipolo’s One Spot that do almost everything the AirTags do without the Precision Finding (which you can’t use anyway unless you upgrade your iPhone).

I have the tile sport and it works fine, I just liked the precise feature on Air Tags that wont work until I upgrade. Will wait till September release of iPhone and new battery case and then move up.