Apple begins worldwide rollout of two-step verification system

Posted:
in General Discussion edited January 2014
Apple recently introduced its two-step identification verification system to at least 13 new countries as part of a worldwide rollout, with Apple ID account holders in those nations now granted access to the heightened security feature first deployed in March.

Apple ID


Users from Argentina, Austria, Belgium, Brazil, Canada, Italy, Pakistan, Poland, Portugal, Germany, Mexico, the Netherlands and Russia are reporting the appearance of Apple's new two-step verification feature, which was previously limited to the US, UK, Australia, Ireland, and New Zealand.

It is unclear if additional countries have seen activations, as Apple's FAQ page has yet to be updated to reflect the new availability.

With two-step verification enabled, any time any time a user signs in to the My Apple ID webpage to make changes, or purchases content from iTunes on a new device, they are prompted to enter their password and a 4-digit verification code. The code is sent to a trusted device, such as an iPhone or iPad, through the Find My Phone app. Owners of other handsets receive codes via SMS text message.

A recovery key is provided in the event that the phone tied to the account is lost or stolen.

While not a completely foolproof security solution, the additional step provides an added safeguard against malicious users or attempts to break into a user's Apple ID.
«1

Comments

  • Reply 1 of 24


    Turned it on when it first became available, no problems, very much in the background since I have only been using my regular devices.

  • Reply 2 of 24
    stan1028stan1028 Posts: 12member
    It is available in Singapore.
  • Reply 3 of 24
    slurpyslurpy Posts: 5,382member
    Just signed up from Canada.. Need to wait 3 days to activate since I had to change my password.
  • Reply 4 of 24
    v5vv5v Posts: 1,357member

    Quote:

    Originally Posted by Slurpy View Post



    Just signed up from Canada.. Need to wait 3 days to activate since I had to change my password.


     


    I just tried from Vancouver and can find no reference to it. I must not be looking in the right place.

  • Reply 5 of 24
    solipsismxsolipsismx Posts: 19,566member
    v5v wrote: »
    I just tried from Vancouver and can find no reference to it. I must not be looking in the right place.

    Did you sign on to manage your account? If so, did you go to passwords and security? If so, did you then answer the 2 security questions to proceed?

  • Reply 6 of 24
    v5vv5v Posts: 1,357member

    Quote:

    Originally Posted by SolipsismX View Post





    Did you sign on to manage your account? If so, did you go to passwords and security? If so, did you then answer the 2 security questions to proceed?



     


    Is that the extra stage -- the security questions? If so, Canada had this weeks (months?) ago because I set those up so long ago I couldn't remember the answers anymore!

  • Reply 7 of 24
    solipsismxsolipsismx Posts: 19,566member
    v5v wrote: »
    Is that the extra stage -- the security questions? If so, Canada had this weeks (months?) ago because I set those up so long ago I couldn't remember the answers anymore!

    It's not the extra stage in regards to the two-step verification, but you need to answer them before you can setup the two-step verification.
  • Reply 8 of 24
    sockrolidsockrolid Posts: 2,789member


    Originally Posted by v5v View Post


     


    Is that the extra stage -- the security questions? If so, Canada had this weeks (months?) ago because I set those up so long ago I couldn't remember the answers anymore!



     


    I recommend making up false answers to the security questions.  That way, even if a would-be attacker knows some of your personal details, they'll still need to guess.  E.g. birthdate: 8/8/88, honeymoon in Darfur Sudan, first car: Black 1998 McLaren F1, etc. 

  • Reply 9 of 24
    solipsismxsolipsismx Posts: 19,566member
    sockrolid wrote: »
    I recommend making up false answers to the security questions.  That way, even if a would-be attacker knows some of your personal details, they'll still need to guess.  E.g. birthdate: 8/8/88, honeymoon in Darfur Sudan, first car: Black 1998 McLaren F1, etc. 

    I assumed he did, which is why he couldn't remember the answers.

    I use random words for mine (e.g.: sandwich, sediment, yellow*). I do keep them stored in 1Password as a note or cropped screenshot image when I set them up. If you get access to that I'm screwed. My password for 1Password is about 100 characters long but it's still vulnerable to key logging which is why I recommend that no one run as an Admin on Mac OS or Windows if you install apps willy-nilly.




    * These are not ones I actually use but ones I made up for this post.
  • Reply 10 of 24
    All roads lead to CAPTCHA. That's when 2 steps turn into about 8. Or 20.
  • Reply 11 of 24
    solipsismxsolipsismx Posts: 19,566member
    All roads lead to CAPTCHA. That's when 2 steps turn into about 8. Or 20.

    I can never seem to do most CAPTCHAs on the first try. I absolutely hate the technology and have stopped signing up for a site once I came to its CAPTCHA.
  • Reply 12 of 24
    v5vv5v Posts: 1,357member

    Quote:

    Originally Posted by SolipsismX View Post



    It's not the extra stage in regards to the two-step verification, but you need to answer them before you can setup the two-step verification.


     


     


    The link you provided lists the following instructions:


     


    Quote:


    From Apple's web site:


     


    How do I set up two-step verification?


    Set up two-step verification at My Apple ID (appleid.apple.com):



    1. Select "Manage your Apple ID" and sign in.


    2. Select "Password and Security."


    3. Under Two-Step Verification, select Get Started and follow the onscreen instructions.




     


    When I sign in and select "Password and security" there is no reference to Two-Step Verification at all. I then tried answering the verification questions, but all that gave me was the option to change my verification questions and answers. Again, nothing about Two-Step.


     


    Oh well. I'll try again in a few weeks. If I remember.

  • Reply 13 of 24
    solipsismxsolipsismx Posts: 19,566member
    v5v wrote: »

    The link you provided lists the following instructions:


    When I sign in and select "Password and security" there is no reference to Two-Step Verification at all. I then tried answering the verification questions, but all that gave me was the option to change my verification questions and answers. Again, nothing about Two-Step.

    Oh well. I'll try again in a few weeks. If I remember.

    When you say "tried" are you saying you correctly did answer them? Again, if you don't correctly answer them you may not see the option for setting up the Two-Step Verification.

    "Do or do not. There is no try." ~Ghandi
  • Reply 14 of 24
    v5vv5v Posts: 1,357member

    Quote:

    Originally Posted by SolipsismX View Post



    When you say "tried" are you saying you correctly did answer them? Again, if you don't correctly answer them you may not see the option for setting up the Two-Step Verification.


     


    Yeah, I eventually figured out which mock answers I'd specified! I meant that I answered the questions to proceed to the next page, one step past what the instructions explicitly specified, in case it was implied. There was no mention of Two-Step anywhere in the process.


     


     


    Quote:

    Originally Posted by SolipsismX View Post



    "Do or do not. There is no try." ~Ghandi


     


    Ghandi? I thought that was Yoda?

  • Reply 15 of 24
    solipsismxsolipsismx Posts: 19,566member
    v5v wrote: »
    Yeah, I eventually figured out which mock answers I'd specified! I meant that I answered the questions to proceed to the next page, one step past what the instructions explicitly specified, in case it was implied. There was no mention of Two-Step anywhere in the process.

    That was how it appeared for me. Perhaps the rollout is even staggered within a nation; which is a good thing for Apple to do, but they really should send an email when it's available.
    Ghandi? I thought that was Yoda?

    Both fictional characters with super powers¡ Who can keep them all straight?
  • Reply 16 of 24
    totemstotems Posts: 17member
    This reminds me of Blizzards Battle.net authenticator.
  • Reply 17 of 24

    Quote:

    Originally Posted by Totems View Post



    This reminds me of Blizzards Battle.net authenticator.


    That's because both are two-step verification systems. It's something you know (Your password) and something you have access to - your iOS device (there is also another choice, something you are - that's biometrics, but they've proven elusively hard to make commercially viable at a reasonable cost). If you have a door at your work place that has a keycard and a pin code, that's two-step verification too. 


     


    I've been using Battle.net Auth for years. Blizzard encourages it so highly that if you have an authenticator attached to your account (either a little keyfob they give away for shipping cost or the iPhone/Android App) they attach a companion pet to your account - a tiny two-headed firebreathing dog called a Core Hound Pup. 

  • Reply 18 of 24
    nelsonxnelsonx Posts: 278member

    Quote:

    Originally Posted by SolipsismX View Post





    I assumed he did, which is why he couldn't remember the answers.



    I use random words for mine (e.g.: sandwich, sediment, yellow*). I do keep them stored in 1Password as a note or cropped screenshot image when I set them up. If you get access to that I'm screwed. My password for 1Password is about 100 characters long but it's still vulnerable to key logging which is why I recommend that no one run as an Admin on Mac OS or Windows if you install apps willy-nilly.









    * These are not ones I actually use but ones I made up for this post.


    I also use 1Password and random answers for questions like: rf4aTKbZxJSDmE2Uc.mku"GRD. I heard that LastPass has two factor authentication for master password so I'm thinking to migrate to LastPass but I don't know if they have a standalone app for desktop.

  • Reply 19 of 24
    solipsismxsolipsismx Posts: 19,566member
    nelsonx wrote: »
    I also use 1Password and random answers for questions like: rf4aTKbZxJSDmE2Uc.mku"GRD. I heard that LastPass has two factor authentication for master password so I'm thinking to migrate to LastPass but I don't know if they have a standalone app for desktop.

    I'm not a fan of LastPass. Besides the web-based interface I am not a fan that all my data is saved on their servers. I don't think that LastPass would compromise my data willingly, and like to assume that even their users can't see the contents of their database, but it does make it one giant target for hackers. With 1Password they'd have to use a much more pointed attack since each account stores the database independently.
  • Reply 20 of 24
    philboogiephilboogie Posts: 7,675member
    solipsismx wrote: »
    I'm not a fan of LastPass. Besides the web-based interface I am not a fan that all my data is saved on their servers. I don't think that LastPass would compromise my data willingly, and like to assume that even their users can't see the contents of their database, but it does make it one giant target for hackers. With 1Password they'd have to use a much more pointed attack since each account stores the database independently.

    They store all clients data in one single DB? That's the most ridiculous thing I've read since, well, ok, I read a lot of stupid things. But this config takes the cake ¡
Sign In or Register to comment.