TWO-FACTOR AUTHENTICATION question - every day somebody tries logging in as me?

[j-a-x]

When I'm surfing on my laptop, the mailbird app is checking mail in the background. I don't have to actively be using icloud services for 3rd party app to make those requests. just 2 cents.

I authenticated the Spark mail app but it used an individual app password and I'm pretty sure it doesn't generate login request notifications every time. I need to approve every time it connects. It only generated one request and once I authenticated it it stopped generating login requests. If it did generate requests every time, it wouldn't be able to connect because I always deny the random login requests I don't recognize.

 

[jetsam]

At this point, it seems highly probable that at least one of your computers has a Trojan with a keylogger running. That is the only explanation as to how a long random password could be stolen on a regular basis.

I believe you said that you have a work PC that your company IT staff supposedly keep secure. Despite that, I would consider that the likeliest place to be running a Trojan. Are you allowed to download programs onto your work PC? If so, then the first thing I would suggest is downloading and running the free version of malwarebytes (www.malwarebytes.com).

That isn't to say that it is necessarily the Windows PC that has the issue. I just think that is the weakest link.

 

[j-a-x]

At this point, it seems highly probable that at least one of your computers has a Trojan with a keylogger running. That is the only explanation as to how a long random password could be stolen on a regular basis.

I believe you said that you have a work PC that your company IT staff supposedly keep secure. Despite that, I would consider that the likeliest place to be running a Trojan. Are you allowed to download programs onto your work PC? If so, then the first thing I would suggest is downloading and running the free version of malwarebytes (www.malwarebytes.com).

That isn't to say that it is necessarily the Windows PC that has the issue. I just think that is the weakest link.

I ran virus scanners on both this week and neither came up with anything. I don't have a lot of 3rd party software on my work PC but it is more suspect than my Mac, I agree with that. Not sure what to do next but I will change my iCloud password again today.

 

[jetsam]

I ran virus scanners on both this week and neither came up with anything. I don't have a lot of 3rd party software on my work PC but it is more suspect than my Mac, I agree with that. Not sure what to do next but I will change my iCloud password again today.

Not to be overly insistent, but I'd still run malwarebytes on the Windows PC - preferably in safe mode.

 

[j-a-x]

Not to be overly insistent, but I'd still run malwarebytes on the Windows PC - preferably in safe mode.

I ran windows defender on the PC. Is that as good as malwarebytes?

 

[jetsam]

Windows Defender is thoroughly mediocre. I consider it a waste of time.

 

[j-a-x]

Windows Defender is thoroughly mediocre. I consider it a waste of time.

Just ran malware bytes and it came up with nothing.

 

[jetsam]

Then it's probably not your PC. That makes the Mac the next target, and I don't know enough about Macs to help.

 

[steve62388]

Windows Defender is thoroughly mediocre. I consider it a waste of time.

You might need to update your world outlook.

https://arstechnica.co.uk/information-technology/2017/01/antivirus-is-bad/

 

[perezr10]

Most corporate issued laptops have pretty robust surveillance. It could be some kind of automated investigation by the IT department to ascertain if outside websites are malicious. If you have your password set to autofill that would explain how they always know your password no matter how difficult or new it is.

 

[thomasareed]

I've come in late on this topic, but from the sounds of it, AppFigures was to blame. This isn't an indication that someone has your password or that you have a keylogger installed on anything.

For future reference, though, you should NEVER give anyone access to your Apple ID! I know nothing at all about AppFigures - they may very well be perfectly legitimate. However, giving them access to your Apple ID gives them access to everything... your e-mail, your iCloud documents, the purchasing power of whatever credit card you have associated with the account, your developer certificates (which could be sold to a malware creator), etc.

Even if you only gave them access through a more limited account associated with your developer account, that still gives them more access to your data than an unknown third-party should have.
[doublepost=1485792014][/doublepost]

You might need to update your world outlook.

https://arstechnica.co.uk/information-technology/2017/01/antivirus-is-bad/

That's bad advice. Here's what a respected security expert has to say on the matter:

https://www.grahamcluley.com/no-disabling-anti-virus-software-not-make-security-sense/

 

[steve62388]

That's bad advice. Here's what a respected security expert has to say on the matter:

https://www.grahamcluley.com/no-disabling-anti-virus-software-not-make-security-sense/

In terms of Macs I have seen untold more problems posted on this forum caused by anti-virus software than viruses themselves. It's almost (totally?) impossible to find a post here where somebody had contracted a virus as opposed to thought they had a virus and it turned out to be something else. The cure is worse than the ailment.

 

[cswifx]

In terms of Macs I have seen untold more problems posted on this forum caused by anti-virus software than viruses themselves. It's almost (totally?) impossible to find a post here where somebody had actually contracted a virus as opposed to thought they had a virus and it turned out to be something else. The cure is worse than the ailment.

I've had a number of my mates getting adware on their Mac without them even knowing, and the worst part is that all of them had different kinds of adware. One even had a self replicating script to protect its execution. It's safe to assume that you still need some kind of protection, whether in your browser or in your operating system, whatever you're using.

 

[j-a-x]

I've come in late on this topic, but from the sounds of it, AppFigures was to blame. This isn't an indication that someone has your password or that you have a keylogger installed on anything.

For future reference, though, you should NEVER give anyone access to your Apple ID! I know nothing at all about AppFigures - they may very well be perfectly legitimate. However, giving them access to your Apple ID gives them access to everything... your e-mail, your iCloud documents, the purchasing power of whatever credit card you have associated with the account, your developer certificates (which could be sold to a malware creator), etc.

Even if you only gave them access through a more limited account associated with your developer account, that still gives them more access to your data than an unknown third-party should have.
[doublepost=1485792014][/doublepost]

That's bad advice. Here's what a respected security expert has to say on the matter:

https://www.grahamcluley.com/no-disabling-anti-virus-software-not-make-security-sense/

I got two more unauthorized login attempts this morning (LA and Kansas City). I have since changed my password.

I think that App Figures authorizes my account in a way that it shouldn't generate login attempts since I need to authorize each login only once. Maybe there's somewhat of a security risk associated with using that type of service but I think they are a legit company. Maybe the best approach would be to crate a new Apple ID, give it access to my apple Developer account as a team member, and then give that login to App Figures. They should have access to all of my app sales information but not my email/icloud etc.
[doublepost=1485793219][/doublepost]

In terms of Macs I have seen untold more problems posted on this forum caused by anti-virus software than viruses themselves. It's almost (totally?) impossible to find a post here where somebody had contracted a virus as opposed to thought they had a virus and it turned out to be something else. The cure is worse than the ailment.

Yeah I'm a software developer, I am very cautious about what I install on my Mac and what i use it for, and I'm pretty sure there are no viruses or malware on it. I've done a virus scan just to be sure which came out negative. I really don't think this is the issue. Now my parents, I might worry about them having sketchy 3rd party software installed on their macs, but that's another story.

 

[steve62388]

I've had a number of my mates getting adware on their Mac without them even knowing, and the worst part is that all of them had different kinds of adware. One even had a self replicating script to protect its execution. It's safe to assume that you still need some kind of protection, whether in your browser or in your operating system, whatever you're using.

I'm very much for effective ad-blockers from reputable companies if just to stop the nasty beasties from tracking your every move. I'm also a proponent of Malwarebytes run on demand software. But I class packages from the big suppliers that install all sorts of hooks into the OS and are always 'on' as a different problem. These are the ones that cause issues with other software and systems.
[doublepost=1485793986][/doublepost]

Now my parents, I might worry about them having sketchy 3rd party software installed on their macs, but that's another story.

+1 for Gatekeeper.

 

[cswifx]

I think that App Figures authorizes my account in a way that it shouldn't generate login attempts since I need to authorize each login only once. Maybe there's somewhat of a security risk associated with using that type of service but I think they are a legit company.

If the correct way of authorization is given, a one-time token type authentication should be used and the website shouldn't be storing your credentials. If they do store your credentials though, that would trigger the 2FA every time they tried to login. It's highly unlikely that any legitimate service using Apple's proper login protocols would cause 2FA triggers.

 

[lolkthxbai]

I got two more unauthorized login attempts this morning (LA and Kansas City). I have since changed my password.

I think that App Figures authorizes my account in a way that it shouldn't generate login attempts since I need to authorize each login only once. Maybe there's somewhat of a security risk associated with using that type of service but I think they are a legit company. Maybe the best approach would be to crate a new Apple ID, give it access to my apple Developer account as a team member, and then give that login to App Figures. They should have access to all of my app sales information but not my email/icloud etc.
[doublepost=1485793219][/doublepost]

Yeah I'm a software developer, I am very cautious about what I install on my Mac and what i use it for, and I'm pretty sure there are no viruses or malware on it. I've done a virus scan just to be sure which came out negative. I really don't think this is the issue. Now my parents, I might worry about them having sketchy 3rd party software installed on their macs, but that's another story.

You should log into appleid.apple.com and generate an app-specific password for App Figures. It's much more secure than giving them your actual Apple ID password

 

[thomasareed]

I got two more unauthorized login attempts this morning (LA and Kansas City). I have since changed my password.

If it's continuing to happen after closing down your AppFigures account, then that's not the culprit. Most likely, at this point, the issue is being caused by someone trying to reset your password, which will trigger a 2FA or 2SV code request without the person in question needing to know your password. See:

https://support.apple.com/en-us/HT201487

On the plus side, there's really no danger unless the person manages to guess the code, which is quite unlikely since the code changes every time. (It's even less likely if you have two-factor authorization enabled, which uses 6-digit codes, instead of two-step verification, which uses 4-digit codes.)

On the downside, there's really no way to stop the notifications until the person trying to reset gets tired of trying and gives up.

 

[j-a-x]

I changed my password and haven't had an attempt since. I just can't fathom how somebody managed to steal/break my old password as it was very long and secure with case changes, numbers, symbols etc. Bizzare, but problem solved.

 

[Hermes Monster]

I changed my password and haven't had an attempt since. I just can't fathom how somebody managed to steal/break my old password as it was very long and secure with case changes, numbers, symbols etc. Bizzare, but problem solved.

I've been having the same issue since turning on 2FA yesterday and I think it's actually my wife causing the alerts. We share my apple id for iTunes (naughty, I know) but she's also on my family plan.

My alerts always say it's someone in London (which is about 200 miles away from me) trying to access my id - adding detail of which device they're trying to sign in on would help immensely! having changed my password and still receiving the alerts does make me think it's my wife though, as she's generally annoyed that she can't download apps after I've made changes!

 

[simonmet]

That's bad advice. Here's what a respected security expert has to say on the matter:

https://www.grahamcluley.com/no-disabling-anti-virus-software-not-make-security-sense/

If you have Windows 10 it's good advice. If you have Windows 7 or earlier it's probably not. With Windows 8 or 8.1 exercise caution but it's moderately good advice.

There are security researches on both sides but it's an indisputable fact that most of the popular antivirus products have had many serious security flaws and behave themselves like spammy adware much of the time. Seriously, just Google "antivirus security flaws" or the widely publicised catastrophic Symantec flaws from last year.

The balance of opinion has seemingly shifted against antivirus vendors in recent years as OS developers themselves have been taking security increasingly seriously in their products. A move demanded by users who are increasingly informed and concerned about online threats. So who do you trust more? The OS maker or a third-party company?

Security researchers here support the original post but there are plenty of others:

http://www.tomsguide.com/us/antivirus-flaws-bsidessf,news-22331.html
http://www.pcworld.com/article/2459...dled-with-security-flaws-researcher-says.html
http://www.zdnet.com/article/symantec-antivirus-product-bugs-as-bad-as-they-get/

Having extensively used Windows 7, 8, 8.1, 10 and 10.1 I can say with some confidence that Microsoft has been serious about cleaning up Windows' (formerly terrible) reputation regarding viruses and malware. I stopped using antivirus with Windows 8 and I wouldn't dream of exposing my system to a third-party virus scanner in Windows 10.

I saw an article on Ars I believe that compared all the products and default Windows Defender (in W10 I believe) performed as well as many commercial packages and even better than a few, without exposing the PC to additional threats. Sorry I can't find the link right now.