You can't remove 2 factor authentication after setting it now?!

[russell_314]

I agree with the statement that 2FA is most important for the people who want to disable it. They're either lazy or illiterate of modern phishing scams so without 2FA they would be easy targets.

When someone's Apple account gets hacked the first thing people want to do is blame Apple. The fact that their password was "password", they had 2FA disabled, and clicked on the phishing email with the subject "Review your Apple ID purchase of $299 now" won't be mentioned.

 

[macsrcool1234]

2fa is great and i don't have a problem with not being able to turn it off - it's more apple has one of the worst implementations of 2fa that i've ever seen.

 

[C DM]

I agree with the statement that 2FA is most important for the people who want to disable it. They're either lazy or illiterate of modern phishing scams so without 2FA they would be easy targets.

When someone's Apple account gets hacked the first thing people want to do is blame Apple. The fact that their password was "password", they had 2FA disabled, and clicked on the phishing email with the subject "Review your Apple ID purchase of $299 now" won't be mentioned.

Generalizations will be generalizations.

 

[russell_314]

Generalizations will be generalizations.

Squirrels will be squirrels too

 

[bbrks]

Why is it so difficult to understand that I wont it to be my choice to turn 2FA on or off?

 

[Jim Higgins]

Why is it so difficult to understand that I wont it to be my choice to turn 2FA on or off?

It should be OUR choice, NOT Apple's and Tim "Me Too" Cook's.

 

[russell_314]

It should be OUR choice, NOT Apple's and Tim "Me Too" Cook's.

Umm no. If it's your website you can choose. It's Apple's website so they choose the level of security needed to access it. Apple doesn't want bad publicity from you complaining about your account being hacked and Apple did nothing to prevent it.
[doublepost=1553498492][/doublepost]

Why is it so difficult to understand that I wont it to be my choice to turn 2FA on or off?

You don't even know the difference between wont and want but you want to turn off 2FA. Sorry but the first time you click on some phishing email you're going to lose your account

 

[MisterSavage]

Umm no. If it's your website you can choose. It's Apple's website so they choose the level of security needed to access it. Apple doesn't want bad publicity from you complaining about your account being hacked and Apple did nothing to prevent it.
[doublepost=1553498492][/doublepost]
You don't even know the difference between wont and want but you want to turn off 2FA. Sorry but the first time you click on some phishing email you're going to lose your account

I'm constantly sending my relatives emails about good security practices. I get a spam email from my Aunt this weekend. I asked her if she re-uses password on other websites. Yes. I asked her if she got around to turning on two factor. No.

 

[russell_314]

I'm constantly sending my relatives emails about good security practices. I get a spam email from my Aunt this weekend. I asked her if she re-uses password on other websites. Yes. I asked her if she got around to turning on two factor. No.

I hate how scammers like this target the elderly and people who don't know much because they're easy targets

 

[C DM]

I hate how scammers like this target the elderly and people who don't know much because they're easy targets

There's certainly all of that, but it doesn't mean that things just get locked down for everyone without any options. Even passcode/Touch ID/Face ID have options as to whether or not to use them. And 2FA also has an option in the initial 2 weeks it seems--why even have that by that kind of logic?

 

[bbrks]

Umm no. If it's your website you can choose. It's Apple's website so they choose the level of security needed to access it. Apple doesn't want bad publicity from you complaining about your account being hacked and Apple did nothing to prevent it.
[doublepost=1553498492][/doublepost]
You don't even know the difference between wont and want but you want to turn off 2FA. Sorry but the first time you click on some phishing email you're going to lose your account

O yes, believe me I do. I started jailbreaking my iPhones with 3G and I know exactly what I am doing. If you don't, than 2FA is for you. To click on link in phishing email, hahaha, very funny

 

[russell_314]

There's certainly all of that, but it doesn't mean that things just get locked down for everyone without any options. Even passcode/Touch ID/Face ID have options as to whether or not to use them. And 2FA also has an option in the initial 2 weeks it seems--why even have that by that kind of logic?

"Even passcode/Touch ID/Face ID have options as to whether or not to use them" You're comparing data stored Apple's servers that can be accessed anywhere vs data on your physical device that requires possession of the device to access. They're not the same. If that was the case why not make an option just to log on just with your user name. How cool would it be just to sign on to my gmail by just putting in my user name LOL. I know you feel it's inconvenient to click that 2FA prompt but it's a huge increase in security. Apple isn't known to sacrifice security for the sake of extra convenience. This is one big difference between Apple and Google (Android).

 

[C DM]

"Even passcode/Touch ID/Face ID have options as to whether or not to use them" You're comparing data stored Apple's servers that can be accessed anywhere vs data on your physical device that requires possession of the device to access. They're not the same. If that was the case why not make an option just to log on just with your user name. How cool would it be just to sign on to my gmail by just putting in my user name LOL. I know you feel it's inconvenient to click that 2FA prompt but it's a huge increase in security. Apple isn't known to sacrifice security for the sake of extra convenience. This is one big difference between Apple and Google (Android).

There are differences, it doesn't mean that some option is randomly changeable for 2 weeks and then can't be changed after that, on top of simply not even really being a requirement in a lot of cases to begin with. So, far too many inconsistencies about it all for it all simply relying on the equivalent of "won't somebody think of the children" (in this case the "children" being the "elderly" and other "easy targets" alluded to earlier).

 

[Mr. Heckles]

I don’t get this at all. Why is this a big deal? How often are people needing the 2nd step that it makes it so inconvenient?

 

[Shirasaki]

Theoretically, 2FA increases the account security by a good margin. However, in practice, how many people actually think about how 2FA works on all cases relevant to them? How about using multiple accounts? How about having only one device and no landline number? How about traveling abroad and Mac at home suddenly becomes the only device that can receive the code? I am not saying security team should consider every single possible scenario when designing the system. But “plan B” has to be there and reasonably accessible.

Btw, There are people with 2FA enabled end up losing their account access permanently because there is no place to fall back to when 2FA fails. I am definitely not expert, but I think account security is not the same thing as data security, which in many cases inaccessible is a plus. I am Not sure how good 2FA will hold up and protect instead of lock out user account in the future.

 

[MisterSavage]

Btw, There are people with 2FA enabled end up losing their account access permanently because there is no place to fall back to when 2FA fails. I am definitely not expert, but I think account security is not the same thing as data security, which in many cases inaccessible is a plus. I am Not sure how good 2FA will hold up and protect instead of lock out user account in the future.

Those people did not set up two factor correctly. You should have multiple methods to get back into your account if you lose your cell phone. Some places let you generate backup codes, some places (such as Apple) let you enter multiple trusted backup numbers of friends, family, etc.

 

[Mr. Heckles]

Btw, There are people with 2FA enabled end up losing their account access permanently because there is no place to fall back to when 2FA fails. I am definitely not expert, but I think account security is not the same thing as data security, which in many cases inaccessible is a plus. I am Not sure how good 2FA will hold up and protect instead of lock out user account in the future.

Untrue, there are almost always a back up. Some accounts offered back up codes. Apples version, you can put cell numbers as back up. Even then, if you don’t have that for a back up, Apple will help you recover your account. It will take a while because they need to make sure it’s you.

 

[bbrks]

Yeah, like in my case...I was out of my account for almost 4 months and 3 attempts of Apple support to recover my account. And all that because of a stupid mistake on Apple servers. So, no thank you 2FA.

 

[Surrylic]

I'm curious; why is your dad signing in so often that the 2FA code requests would become a nuisance?

Once my devices are signed in they stay signed in. The only time I find myself having to enter 2FA codes is when I sign into iCloud from a browser after not doing so for a while.

Old comment, I know, but this affects me all the time so I wanted to give you an example. I'm not allowed to bring my cell phone into work, and my work computer regularly clears something (or fakes its information to hide its identity from outsiders?) and I have to re-authenticate. The one and only way this is possible is during the first 60 minutes of my work day when my wife is still home before she leaves for work, AND the iPad we rarely touch is charged enough to turn on and show the authentication code. It leaves me unable to access my email or files frequently and drives me insane, but I can't turn it off so I'm just screwed until I get a new job I guess.

 

[MisterSavage]

Old comment, I know, but this affects me all the time so I wanted to give you an example. I'm not allowed to bring my cell phone into work, and my work computer regularly clears something (or fakes its information to hide its identity from outsiders?) and I have to re-authenticate. The one and only way this is possible is during the first 60 minutes of my work day when my wife is still home before she leaves for work, AND the iPad we rarely touch is charged enough to turn on and show the authentication code. It leaves me unable to access my email or files frequently and drives me insane, but I can't turn it off so I'm just screwed until I get a new job I guess.

Do you have a work landline phone? You could add that as a trusted backup phone number to receive two factor authentication codes.

 

[Shirasaki]

Do you have a work landline phone? You could add that as a trusted backup phone number to receive two factor authentication codes.

If the landline available for him is whitelisting numbers he can call and receive, he is left without many alternative options. If he had good old security questions however, or password only, this would not be such a hassle. Just saying.

 

[MisterSavage]

If the landline available for him is whitelisting numbers he can call and receive, he is left without many alternative options. If he had good old security questions however, or password only, this would not be such a hassle. Just saying.

Security questions that never change are a terribly insecure way to protect an account. What he needs for his scenario is something like the Google Authenticator app that can generate two factor tokens without a connection.

 

[Shirasaki]

Security questions that never change are a terribly insecure way to protect an account. What he needs for his scenario is something like the Google Authenticator app that can generate two factor tokens without a connection.

If Apple has such option built in iOS or macOS that’d be pretty nice.

 

[zorinlynx]

If Apple has such option built in iOS or macOS that’d be pretty nice.

It does. You can generate 2FA codes offline under Settings -> Apple ID -> Password & Security.

 

[Tech198]

Because they’d rather do them a solid and teach them that two factor authentication should be the norm.

That's fair enough, but forcing users is to keep it is not the game should be played..

Security questions that never change are a terribly insecure way to protect an account. What he needs for his scenario is something like the Google Authenticator app that can generate two factor tokens without a connection.

Your looking at this from the wrong direction. The same security questions are not the issue and never have been... Just as long as the answer to those questions, is complex, that's all that is required to be just as secure.

That is enough, 2FA becomes less of a reason the more complex answers you have... because while you can keep saying "You still need something you have" (your phone), my argument is, "even if I don't have my phone, you'll never get in anyway." as you have complex answers.

To me, that always comes first... However, if you don't want complexity, then i'd agree 2FA is good.