Okay. Drehaeidhgka. That’s a word because I say it is. It has no meaning because I say it doesn’t, but it’s still a word, defined by having no definition.
Two-steps verification is a nightmare. Keep away from it like the plague. Apple forums are full of complains, doubts, troubles, lost information, untrusted devices, and whatever sad stories you can imagine. I myself disabled two-step verification because I couldn't buy ANYTHING from App Store.
I was able to buy, but it took several attempts(there's something wrong with the verify your identity screen). In any case, I didn't realize I had to use the 2fa for the app store. That sort of defeats the purpose of using touch id. It's too much of a hassle and it's not worth the extra security for me. I think i'm going to disable it myself.
Why is Apple applying 2fa from "trusted" devices. None of the other services(gmail, dropbox, banks, etc) work that way. Once your device has been authenticated and trusted, you only need to use your password(or touch id). This just seems like an obvious way. Yes, someone can steal your device, but that's not Apple's problem. Again, NO OTHER 2fa does that, so nobody is going to criticize Apple if they do the same thing.
Btw, touch id is already 2fa(password + fingerprint).
Btw, touch id is already 2fa(password + fingerprint).
Kind of, but it's mostly a single authentication device unless you restart the device or your fingerprint doesn't work 5 times in a row. That's not what I think of when I think of two-step authentication.
Kind of, but it's mostly a single authentication device unless you restart the device or your fingerprint doesn't work 5 times in a row. That's not what I think of when I think of two-step authentication.
Well, it has to force you to use both password and touch id if 2fa is enabled. Anyway, right now it's worse because the security code is sent to the same iPhone that is trying to buy the app. What's the point of that? In any case, once a device is authenticated, it should be able to just bypass 2fa in the future.
Well, it has to force you to use both password and touch id if 2fa is enabled. Anyway, right now it's worse because the security code is sent to the same iPhone that is trying to buy the app. What's the point of that? In any case, once a device is authenticated, it should be able to just bypass 2fa in the future.
Well, it has to force you to use both password and touch id if 2fa is enabled. Anyway, right now it's worse because the security code is sent to the same iPhone that is trying to buy the app. What's the point of that? In any case, once a device is authenticated, it should be able to just bypass 2fa in the future.
Well, I just made a fool of my self. It looks like you ONLY do need use 2fa once per device, then it doesn't ask you again. My bad.
"Most dictionaries list it as "nonstandard" or "incorrect" usage, and recommend that "regardless" should be used instead.[2][3][4]"
And even that is somewhat wrong. It is a word, and when most people use it they *intend* to have the meaning of 'regardless' or 'irrespective'
and so they should indeed use those instead.
If they are actually using the word correctly, however, they can't substitude 'regardless' for 'irregardless' The two words have the exact opposite meaning. The double negative gives irregardless the same meaning as 'regard' so that should be used instead.
And even that is somewhat wrong. It is a word, and when most people use it they *intend* to have the meaning of 'regardless' or 'irrespective'
and so they should indeed use those instead.
If they are actually using the word correctly, however, they can't substitude 'regardless' for 'irregardless' The two words have the exact opposite meaning. The double negative gives irregardless the same meaning as 'regard' so that should be used instead.
Easiest thing to do is enter ALL of the security questions on ALL the sites with the SAME answer. Something that you would know; something simple, like the first person you kissed, shagged or dumped.
In those three 'first timers', that was indeed the same girl.
Apple introduced a security weakness by pushing people to use (a fixed set of) security questions as a fallback.
This can be fixed by two factor authorisation but this adds another layer of confusion (and works unnecessarily via SMS) and should be fixed by disabling the security questions instead.
I feel like this is an extremely easy solution. Do exactly what Google has done for years. Use the industry standard 2-step verification with something like Google Authenticator temporary auto generated passwords and don't allow security questions. If you forget your password or lose your phone with Google you have to complete the reset process through an alternate email address. Done deal.
(Also have it actually secure the photo back ups and not just select parts of iCloud)
The problem with "security questions" is that someone who knows even a little bit about you probably knows your pet's name or birthdate or favorite sports team from your Facebook profile. Not to mention, you probably answered the same questions with the same answers for other accounts. It really doesn't matter how many bits of entropy your password has if someone can reset it by looking up your Mom's maiden name or Dad's middle name on Ancestry.com...
This is why, you come up with some random word or phrase to use with all the questions. Now the answer has nothing to do with the question being asked and someone can not use social engineering or other investigative type of information gathering to hack into your accounts.
Comments
There was also a time when any Briton could carry his lawfully owned sword. Perhaps that had something to do with it.
Haha! I meant in the twentieth century.
Irregardless isn't a word. Why does autocorrect even help people type it? It's even in the iOS dictionary.
It's definitely a word:
http://en.wikipedia.org/wiki/Irregardless
It's definitely a word:
http://en.wikipedia.org/wiki/Irregardless
"Most dictionaries list it as "nonstandard" or "incorrect" usage, and recommend that "regardless" should be used instead.[2][3][4]"
"Most dictionaries list it as "nonstandard" or "incorrect" usage, and recommend that "regardless" should be used instead.[2][3][4]"
That doesn't make it "not a word".
Okay. Drehaeidhgka. That’s a word because I say it is. It has no meaning because I say it doesn’t, but it’s still a word, defined by having no definition.
Good enough?
Two-steps verification is a nightmare. Keep away from it like the plague. Apple forums are full of complains, doubts, troubles, lost information, untrusted devices, and whatever sad stories you can imagine. I myself disabled two-step verification because I couldn't buy ANYTHING from App Store.
<deleted>
I was able to buy, but it took several attempts(there's something wrong with the verify your identity screen). In any case, I didn't realize I had to use the 2fa for the app store. That sort of defeats the purpose of using touch id. It's too much of a hassle and it's not worth the extra security for me. I think i'm going to disable it myself.
Why is Apple applying 2fa from "trusted" devices. None of the other services(gmail, dropbox, banks, etc) work that way. Once your device has been authenticated and trusted, you only need to use your password(or touch id). This just seems like an obvious way. Yes, someone can steal your device, but that's not Apple's problem. Again, NO OTHER 2fa does that, so nobody is going to criticize Apple if they do the same thing.
Btw, touch id is already 2fa(password + fingerprint).
Kind of, but it's mostly a single authentication device unless you restart the device or your fingerprint doesn't work 5 times in a row. That's not what I think of when I think of two-step authentication.
Kind of, but it's mostly a single authentication device unless you restart the device or your fingerprint doesn't work 5 times in a row. That's not what I think of when I think of two-step authentication.
Well, it has to force you to use both password and touch id if 2fa is enabled. Anyway, right now it's worse because the security code is sent to the same iPhone that is trying to buy the app. What's the point of that? In any case, once a device is authenticated, it should be able to just bypass 2fa in the future.
Well, it has to force you to use both password and touch id if 2fa is enabled. Anyway, right now it's worse because the security code is sent to the same iPhone that is trying to buy the app. What's the point of that? In any case, once a device is authenticated, it should be able to just bypass 2fa in the future.
<deleted>
Well, it has to force you to use both password and touch id if 2fa is enabled. Anyway, right now it's worse because the security code is sent to the same iPhone that is trying to buy the app. What's the point of that? In any case, once a device is authenticated, it should be able to just bypass 2fa in the future.
Well, I just made a fool of my self. It looks like you ONLY do need use 2fa once per device, then it doesn't ask you again. My bad.
"Most dictionaries list it as "nonstandard" or "incorrect" usage, and recommend that "regardless" should be used instead.[2][3][4]"
And even that is somewhat wrong. It is a word, and when most people use it they *intend* to have the meaning of 'regardless' or 'irrespective'
and so they should indeed use those instead.
If they are actually using the word correctly, however, they can't substitude 'regardless' for 'irregardless' The two words have the exact opposite meaning. The double negative gives irregardless the same meaning as 'regard' so that should be used instead.
And even that is somewhat wrong. It is a word, and when most people use it they *intend* to have the meaning of 'regardless' or 'irrespective'
and so they should indeed use those instead.
If they are actually using the word correctly, however, they can't substitude 'regardless' for 'irregardless' The two words have the exact opposite meaning. The double negative gives irregardless the same meaning as 'regard' so that should be used instead.
Great. Now I've got a headache.
Useless security, irregardless of platform, when it requires a smartphone [sms enabled] phone to activate.
Shall they mail you a form letter with postage paid for a response then?
Exactly what does Apple owe Android users?
The modest ($50?) extra for the down payment on an iPhone.
Then they can join us all paying the same usage charge, regardless of how cheap or expensive our phones are.
In those three 'first timers', that was indeed the same girl.
It would help if you explained why you think that is.
Apple introduced a security weakness by pushing people to use (a fixed set of) security questions as a fallback.
This can be fixed by two factor authorisation but this adds another layer of confusion (and works unnecessarily via SMS) and should be fixed by disabling the security questions instead.
I feel like this is an extremely easy solution. Do exactly what Google has done for years. Use the industry standard 2-step verification with something like Google Authenticator temporary auto generated passwords and don't allow security questions. If you forget your password or lose your phone with Google you have to complete the reset process through an alternate email address. Done deal.
(Also have it actually secure the photo back ups and not just select parts of iCloud)
The problem with "security questions" is that someone who knows even a little bit about you probably knows your pet's name or birthdate or favorite sports team from your Facebook profile. Not to mention, you probably answered the same questions with the same answers for other accounts. It really doesn't matter how many bits of entropy your password has if someone can reset it by looking up your Mom's maiden name or Dad's middle name on Ancestry.com...
This is why, you come up with some random word or phrase to use with all the questions. Now the answer has nothing to do with the question being asked and someone can not use social engineering or other investigative type of information gathering to hack into your accounts.