How to enable Apple's secure two-step verification for your iCloud & iTunes accounts

13

Comments

  • Reply 41 of 68
    Originally Posted by Benjamin Frost View Post

    There was a time in England when people didn't need to lock their front doors.



    There was also a time when any Briton could carry his lawfully owned sword. Perhaps that had something to do with it.

  • Reply 42 of 68
    There was a time in England when people didn't need to lock their front doors.


    There was also a time when any Briton could carry his lawfully owned sword. Perhaps that had something to do with it.

    Haha! I meant in the twentieth century.
  • Reply 43 of 68
    Quote:

    Originally Posted by dysamoria View Post



    Irregardless isn't a word. Why does autocorrect even help people type it? It's even in the iOS dictionary.

     

    It's definitely a word:

    http://en.wikipedia.org/wiki/Irregardless

  • Reply 44 of 68
    aaronjaaronj Posts: 1,595member
    Quote:

    Originally Posted by macslut View Post

     

     

    It's definitely a word:

    http://en.wikipedia.org/wiki/Irregardless


     

    "Most dictionaries list it as "nonstandard" or "incorrect" usage, and recommend that "regardless" should be used instead.[2][3][4]"

  • Reply 45 of 68
    Quote:

    Originally Posted by AaronJ View Post

     

     

    "Most dictionaries list it as "nonstandard" or "incorrect" usage, and recommend that "regardless" should be used instead.[2][3][4]"


     

    That doesn't make it "not a word". 

  • Reply 46 of 68
    Originally Posted by macslut View Post

    That doesn't make it "not a word". 



    Okay. Drehaeidhgka. That’s a word because I say it is. It has no meaning because I say it doesn’t, but it’s still a word, defined by having no definition.

     

    Good enough?

  • Reply 47 of 68
    Quote:
    Originally Posted by onClick View Post



    Two-steps verification is a nightmare. Keep away from it like the plague. Apple forums are full of complains, doubts, troubles, lost information, untrusted devices, and whatever sad stories you can imagine. I myself disabled two-step verification because I couldn't buy ANYTHING from App Store.

     

    <deleted>

  • Reply 48 of 68
    Quote:

    Originally Posted by john12345 View Post

     

     

    I was able to buy, but it took several attempts(there's something wrong with the verify your identity screen).   In any case,  I didn't realize I had to use the 2fa for the app store.   That sort of defeats the purpose of using touch id.   It's too much of a hassle and it's not worth the extra security for me.  I think i'm going to disable it myself.  

     

    Why is Apple applying 2fa from "trusted" devices.   None of the other services(gmail, dropbox, banks, etc) work that way.   Once your device has been authenticated and trusted, you only need to use your password(or touch id).   This just seems like an obvious way.   Yes, someone can steal your device, but that's not Apple's problem.  Again, NO OTHER 2fa does that, so nobody is going to criticize Apple if they do the same thing.


     

    Btw, touch id is already 2fa(password + fingerprint).

  • Reply 49 of 68
    solipsismxsolipsismx Posts: 19,566member
    john12345 wrote: »
    Btw, touch id is already 2fa(password + fingerprint).

    Kind of, but it's mostly a single authentication device unless you restart the device or your fingerprint doesn't work 5 times in a row. That's not what I think of when I think of two-step authentication.
  • Reply 50 of 68
    Quote:

    Originally Posted by SolipsismX View Post





    Kind of, but it's mostly a single authentication device unless you restart the device or your fingerprint doesn't work 5 times in a row. That's not what I think of when I think of two-step authentication.

     

    Well, it has to force you to use both password and touch id if 2fa is enabled.   Anyway, right now it's worse because the security code is sent to the same iPhone that is trying to buy the app.   What's the point of that?  In any case, once a device is authenticated, it should be able to just bypass 2fa in the future.

  • Reply 51 of 68
    Quote:
    Originally Posted by john12345 View Post

     

     

    Well, it has to force you to use both password and touch id if 2fa is enabled.   Anyway, right now it's worse because the security code is sent to the same iPhone that is trying to buy the app.   What's the point of that?  In any case, once a device is authenticated, it should be able to just bypass 2fa in the future.


    <deleted>

  • Reply 52 of 68
    Quote:

    Originally Posted by john12345 View Post

     

     

    Well, it has to force you to use both password and touch id if 2fa is enabled.   Anyway, right now it's worse because the security code is sent to the same iPhone that is trying to buy the app.   What's the point of that?  In any case, once a device is authenticated, it should be able to just bypass 2fa in the future.


     

    Well, I just made a fool of my self.  It looks like you ONLY do need use 2fa once per device, then it doesn't ask you again.   My bad.  

  • Reply 53 of 68
    froodfrood Posts: 771member
    Quote:

    Originally Posted by AaronJ View Post

     

     

    "Most dictionaries list it as "nonstandard" or "incorrect" usage, and recommend that "regardless" should be used instead.[2][3][4]"


     

    And even that is somewhat wrong.  It is a word, and when most people use it they *intend* to have the meaning of 'regardless' or 'irrespective'

    and so they should indeed use those instead.

     

    If they are actually using the word correctly, however, they can't substitude 'regardless' for 'irregardless'   The two words have the exact opposite meaning.  The double negative gives irregardless the same meaning as 'regard' so that should be used instead.

  • Reply 54 of 68
    aaronjaaronj Posts: 1,595member
    Quote:

    Originally Posted by Frood View Post

     

     

    And even that is somewhat wrong.  It is a word, and when most people use it they *intend* to have the meaning of 'regardless' or 'irrespective'

    and so they should indeed use those instead.

     

    If they are actually using the word correctly, however, they can't substitude 'regardless' for 'irregardless'   The two words have the exact opposite meaning.  The double negative gives irregardless the same meaning as 'regard' so that should be used instead.


     

    Great.  Now I've got a headache. :)

  • Reply 55 of 68
    Quote:

    Originally Posted by mdriftmeyer View Post



    Useless security, irregardless of platform, when it requires a smartphone [sms enabled] phone to activate.

    Shall they mail you a form letter with postage paid for a response then?

  • Reply 56 of 68
    joshajosha Posts: 901member
    Quote:

    Originally Posted by 2old4fun View Post



    Exactly what does Apple owe Android users?



    The modest ($50?) extra for the down payment on an iPhone.

    Then they can join us all paying the same usage charge, regardless of how cheap or expensive our phones are.

  • Reply 57 of 68
    onhka wrote: »
    Easiest thing to do is enter ALL of the security questions on ALL the sites with the SAME answer. Something that you would know; something simple, like the first person you kissed, shagged or dumped.

    In those three 'first timers', that was indeed the same girl.

    Useless security, irregardless of platform, when it requires a smartphone [sms enabled] phone to activate.

    It would help if you explained why you think that is.
  • Reply 58 of 68
    knowitallknowitall Posts: 1,648member

    Apple introduced a security weakness by pushing people to use (a fixed set of) security questions as a fallback.

    This can be fixed by two factor authorisation but this adds another layer of confusion (and works unnecessarily via SMS) and should be fixed by disabling the security questions instead. 

  • Reply 59 of 68

    I feel like this is an extremely easy solution. Do exactly what Google has done for years. Use the industry standard 2-step verification with something like Google Authenticator temporary auto generated passwords and don't allow security questions. If you forget your password or lose your phone with Google you have to complete the reset process through an alternate email address. Done deal.

    (Also have it actually secure the photo back ups and not just select parts of iCloud)

  • Reply 60 of 68
    maestro64maestro64 Posts: 5,035member
    Quote:

    Originally Posted by John.B View Post



    The problem with "security questions" is that someone who knows even a little bit about you probably knows your pet's name or birthdate or favorite sports team from your Facebook profile. Not to mention, you probably answered the same questions with the same answers for other accounts. It really doesn't matter how many bits of entropy your password has if someone can reset it by looking up your Mom's maiden name or Dad's middle name on Ancestry.com...

    This is why, you come up with some random word or phrase to use with all the questions. Now the answer has nothing to do with the question being asked and someone can not use social engineering or other investigative type of information gathering to hack into your accounts.

Sign In or Register to comment.