Apple begins worldwide rollout of two-step verification system
Apple recently introduced its two-step identification verification system to at least 13 new countries as part of a worldwide rollout, with Apple ID account holders in those nations now granted access to the heightened security feature first deployed in March.
Users from Argentina, Austria, Belgium, Brazil, Canada, Italy, Pakistan, Poland, Portugal, Germany, Mexico, the Netherlands and Russia are reporting the appearance of Apple's new two-step verification feature, which was previously limited to the US, UK, Australia, Ireland, and New Zealand.
It is unclear if additional countries have seen activations, as Apple's FAQ page has yet to be updated to reflect the new availability.
With two-step verification enabled, any time any time a user signs in to the My Apple ID webpage to make changes, or purchases content from iTunes on a new device, they are prompted to enter their password and a 4-digit verification code. The code is sent to a trusted device, such as an iPhone or iPad, through the Find My Phone app. Owners of other handsets receive codes via SMS text message.
A recovery key is provided in the event that the phone tied to the account is lost or stolen.
While not a completely foolproof security solution, the additional step provides an added safeguard against malicious users or attempts to break into a user's Apple ID.
Users from Argentina, Austria, Belgium, Brazil, Canada, Italy, Pakistan, Poland, Portugal, Germany, Mexico, the Netherlands and Russia are reporting the appearance of Apple's new two-step verification feature, which was previously limited to the US, UK, Australia, Ireland, and New Zealand.
It is unclear if additional countries have seen activations, as Apple's FAQ page has yet to be updated to reflect the new availability.
With two-step verification enabled, any time any time a user signs in to the My Apple ID webpage to make changes, or purchases content from iTunes on a new device, they are prompted to enter their password and a 4-digit verification code. The code is sent to a trusted device, such as an iPhone or iPad, through the Find My Phone app. Owners of other handsets receive codes via SMS text message.
A recovery key is provided in the event that the phone tied to the account is lost or stolen.
While not a completely foolproof security solution, the additional step provides an added safeguard against malicious users or attempts to break into a user's Apple ID.
Comments
Turned it on when it first became available, no problems, very much in the background since I have only been using my regular devices.
Quote:
Originally Posted by Slurpy
Just signed up from Canada.. Need to wait 3 days to activate since I had to change my password.
I just tried from Vancouver and can find no reference to it. I must not be looking in the right place.
Did you sign on to manage your account? If so, did you go to passwords and security? If so, did you then answer the 2 security questions to proceed?
Quote:
Originally Posted by SolipsismX
Did you sign on to manage your account? If so, did you go to passwords and security? If so, did you then answer the 2 security questions to proceed?
http://support.apple.com/kb/HT5570
Is that the extra stage -- the security questions? If so, Canada had this weeks (months?) ago because I set those up so long ago I couldn't remember the answers anymore!
It's not the extra stage in regards to the two-step verification, but you need to answer them before you can setup the two-step verification.
Originally Posted by v5v
Is that the extra stage -- the security questions? If so, Canada had this weeks (months?) ago because I set those up so long ago I couldn't remember the answers anymore!
I recommend making up false answers to the security questions. That way, even if a would-be attacker knows some of your personal details, they'll still need to guess. E.g. birthdate: 8/8/88, honeymoon in Darfur Sudan, first car: Black 1998 McLaren F1, etc.
I assumed he did, which is why he couldn't remember the answers.
I use random words for mine (e.g.: sandwich, sediment, yellow*). I do keep them stored in 1Password as a note or cropped screenshot image when I set them up. If you get access to that I'm screwed. My password for 1Password is about 100 characters long but it's still vulnerable to key logging which is why I recommend that no one run as an Admin on Mac OS or Windows if you install apps willy-nilly.
* These are not ones I actually use but ones I made up for this post.
I can never seem to do most CAPTCHAs on the first try. I absolutely hate the technology and have stopped signing up for a site once I came to its CAPTCHA.
Quote:
Originally Posted by SolipsismX
It's not the extra stage in regards to the two-step verification, but you need to answer them before you can setup the two-step verification.
The link you provided lists the following instructions:
Quote:
From Apple's web site:
How do I set up two-step verification?
Set up two-step verification at My Apple ID (appleid.apple.com):
Select "Manage your Apple ID" and sign in.
Select "Password and Security."
Under Two-Step Verification, select Get Started and follow the onscreen instructions.
When I sign in and select "Password and security" there is no reference to Two-Step Verification at all. I then tried answering the verification questions, but all that gave me was the option to change my verification questions and answers. Again, nothing about Two-Step.
Oh well. I'll try again in a few weeks. If I remember.
When you say "tried" are you saying you correctly did answer them? Again, if you don't correctly answer them you may not see the option for setting up the Two-Step Verification.
"Do or do not. There is no try." ~Ghandi
Quote:
Originally Posted by SolipsismX
When you say "tried" are you saying you correctly did answer them? Again, if you don't correctly answer them you may not see the option for setting up the Two-Step Verification.
Yeah, I eventually figured out which mock answers I'd specified! I meant that I answered the questions to proceed to the next page, one step past what the instructions explicitly specified, in case it was implied. There was no mention of Two-Step anywhere in the process.
Quote:
Originally Posted by SolipsismX
"Do or do not. There is no try." ~Ghandi
Ghandi? I thought that was Yoda?
That was how it appeared for me. Perhaps the rollout is even staggered within a nation; which is a good thing for Apple to do, but they really should send an email when it's available.
Both fictional characters with super powers¡ Who can keep them all straight?
Quote:
Originally Posted by Totems
This reminds me of Blizzards Battle.net authenticator.
That's because both are two-step verification systems. It's something you know (Your password) and something you have access to - your iOS device (there is also another choice, something you are - that's biometrics, but they've proven elusively hard to make commercially viable at a reasonable cost). If you have a door at your work place that has a keycard and a pin code, that's two-step verification too.
I've been using Battle.net Auth for years. Blizzard encourages it so highly that if you have an authenticator attached to your account (either a little keyfob they give away for shipping cost or the iPhone/Android App) they attach a companion pet to your account - a tiny two-headed firebreathing dog called a Core Hound Pup.
Quote:
Originally Posted by SolipsismX
I assumed he did, which is why he couldn't remember the answers.
I use random words for mine (e.g.: sandwich, sediment, yellow*). I do keep them stored in 1Password as a note or cropped screenshot image when I set them up. If you get access to that I'm screwed. My password for 1Password is about 100 characters long but it's still vulnerable to key logging which is why I recommend that no one run as an Admin on Mac OS or Windows if you install apps willy-nilly.
* These are not ones I actually use but ones I made up for this post.
I also use 1Password and random answers for questions like: rf4aTKbZxJSDmE2Uc.mku"GRD. I heard that LastPass has two factor authentication for master password so I'm thinking to migrate to LastPass but I don't know if they have a standalone app for desktop.
I'm not a fan of LastPass. Besides the web-based interface I am not a fan that all my data is saved on their servers. I don't think that LastPass would compromise my data willingly, and like to assume that even their users can't see the contents of their database, but it does make it one giant target for hackers. With 1Password they'd have to use a much more pointed attack since each account stores the database independently.
They store all clients data in one single DB? That's the most ridiculous thing I've read since, well, ok, I read a lot of stupid things. But this config takes the cake ¡