Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Security question

G

gman901

macrumors 6502a
Original poster
Sep 1, 2007
607
14
Houston, TX
So I keep hearing from all the Tech media and major news programs to enable 2 Factor Authentication with Apple to protect your account and data online, yet as far as I know, all you need is your login and password on any browser to access icloud online. So where does 2 Factor help secure data on Apple's servers? I am an Apple supporter but I'm pretty concerned anyone can log online to anyone's account if they have the PW.
 
gman901 said:
So I keep hearing from all the Tech media and major news programs to enable 2 Factor Authentication with Apple to protect your account and data online, yet as far as I know, all you need is your login and password on any browser to access icloud online. So where does 2 Factor help secure data on Apple's servers? I am an Apple supporter but I'm pretty concerned anyone can log online to anyone's account if they have the PW.
Click to expand...

It really doesn't. All the two factor does is make it more difficult for someone to reset your password and get access to your account that way. But if they have your password, two factor does northing to keep them out.
 
From http://support.apple.com/kb/ht5570
What is two-step verification for Apple ID?

Two-step verification is an additional security feature for your Apple ID that's designed to prevent anyone from accessing or using your account, even if they know your password.

It requires you to verify your identity using one of your devices before you can take any of these actions:

Sign in to My Apple ID to manage your account
Make an iTunes, App Store, or iBooks Store purchase from a new device
Get Apple ID related support from Apple
Click to expand...
 
So it just prevents someone from changing my PW and making unauthorized purchases on my account. Does anyone know if Apple will finally apply 2 factor authentication any time someone accesses an account that is not a trusted device? I know MS and Google do this. I can't just use my PW on a device that's not trusted - they both send text messages to my phone and make me place the code into the browser pop up.
 
gman901 said:
So it just prevents someone from changing my PW and making unauthorized purchases on my account. Does anyone know if Apple will finally apply 2 factor authentication any time someone accesses an account that is not a trusted device? I know MS and Google do this. I can't just use my PW on a device that's not trusted - they both send text messages to my phone and make me place the code into the browser pop up.
Click to expand...

If you lose/have your iPhone stolen.
Log into Find My Phone to locate/wipe it.
Only to be prompted to use your iPhone as your two-factor auth.
...fail

If you lose/break your iPhone.
Get a replacement.
Attempt to restore.
Restore asks for your lost/broken iPhone to give two-factor auth.
...fail

Your best bet, is to prevent your password from being stolen/reset in the first place by:
1. having two factor enabled so it can only be reset by what you know + what you have.
2. Apple fixed the brute force vulnerability on Find My Phone website.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back