• This forum is for posting news stories or links from rumor sites. When you start a thread, please include a link to the site you're referencing.

    THIS IS NOT A FORUM TO ASK "WHAT IF?" TYPE QUESTIONS.

    THIS IS NOT A FORUM FOR ASKING QUESTIONS ABOUT HOW TO USE YOUR MAC OR SOFTWARE.

    This is a NEWS and RUMORS forum as the name implies. If your thread is neither of those things, then please find the appropriate forum to ask your question.

    If you don't have a link to a news story, do not post the thread here.

    If you don't follow these rules, then your post may be deleted.

Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After 2 Weeks

Joined
Oct 16, 2010
Messages
17,494
Reaction score
1,541
Points
113
Location
Brentwood Bay, BC, Canada
Your Mac's Specs
2011 27" iMac, 1TB(partitioned) SSD, 20GB, OS X 10.11.6 El Capitan
OK. I do have a mac login. So what exactly is 2FA achieving on my mac other than to pee me off?



As much as 2FA is a PITA to many of us, variations of it are no doubt here to stay and will probably continue to be as long as we use the Internet, so if you want to know more or why, just have a read at any of the sites using a google search on 'what is "2FA"' such as this:
what is "2FA" - Google Search

It might take some of sting out when you understand their reasons. :Smirk:

If you don't do much on-line Internet stuff, you probably won't even be bothered with any 2FA or any of its vaiations.



- Patrick
======
 
Joined
Jan 1, 2009
Messages
15,452
Reaction score
3,808
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
OK. I do have a mac login. So what exactly is 2FA achieving on my mac other than to pee me off?
Protecting your AppleID account from anyone logging in. That means they can't get to anything stored in iCloud, or buy anything with your AppleID. Or hijack your account for any other nefarious purpose. It's a bit like having a locked safe inside your house. You have a house lock, with a key (your login to the Mac) and then you put important documents in the locked safe (The Appleid 2FA). So even if someone gets in your house (or steals your Mac), they cannot get in your safe (your AppleID account). Remember, when you created the AppleID you gave a credit card to them for your purchases, so that security for that alone is pretty key.

A couple of years ago there was someone who phished some celebrities for their AppleID, found nude pictures of some of them in their photo library in the Cloud and published them. 2FA makes that almost impossible to do now. You could even publish your AppleID and password anywhere and as long as 2FA is there, nobody can get in but you, because only you get the code on your devices.
 
OP
chscag

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Good discussion guys.

My thanks to Ian and Jake for the clear explanations on how 2FA works and why it should be used.

:smile
 
Joined
Apr 20, 2009
Messages
4,301
Reaction score
124
Points
63
Location
The lonely planet
Your Mac's Specs
Too many...
My alerts were not going to my computers. They were bypassing them all and going to my apple watch as a notice, which would then tell me I needed to send a verification code via text, but my phone number was changed, so I couldn't change the trusted phone number. Not having this access blocked me from removing my Apple watch from my devices list, blocked me from getting into my account's settings, as well as blocking me from pretty much doing anything to resolve this issue online. Only way I resolved it was sending a report to email about the situation and having them reset everything after doing a lot of over the phone verifications.


With that said, I've decided to actually give 2FA another try today. I did this because I no longer have any iPhones or Apple watches reregistered to my account. I reset the account cache and set it up. Now my account and settings can only be accessed from my personal Apple computers.
 
Joined
Jan 1, 2009
Messages
15,452
Reaction score
3,808
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
Iggi, it only comes to the computer if you have Messages running on them and have given the account information from there to Apple. Basically, logging into AppleID on the computer. And changing the telephone number is certainly a hugely confounding factor for you. Glad you were able to get it all sorted out in the end. I find 2FA works pretty well, but I haven't change anything critical recently. I did reinstall OSX/macOS on a 2011 MBP recently, starting out with an Internet recovery back to the original OS and working forward to HS. I got notices that a "new" device wanted to use my AppleID, which I had to authorize and send a code to allow. I don't know if Messages would work if you gave them the email address at iCloud but your phone number was changed. I think the connection is more to the number, but I could be wrong about that. I guess the lesson is, don't change the number unless you ABSOLUTELY have to.
 

Rod


Joined
Jun 12, 2011
Messages
9,627
Reaction score
1,832
Points
113
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2021 M1 MacBook Pro 14" macOS 14.4.1, Mid 2010MacBook 13" iPhone 13 Pro max, iPad 6, Apple Watch SE.
It can only be disabled within a certain amount of time according to Apple. (within two weeks) After that, you're stuck with it. Read the original thread title above and Link.

And, it appears that new users creating an Apple ID have it implemented automatically. Also, if you wish to sync your iMessages between all the devices you own, 2FA must be turned on.

Thats odd, two weeks after what, turning it on? I'm sure I have turned it off in the past. Before I got my current iPhone 7 prior to setting it up I know I switched it off, anticipating it might cause a problem. Once I had erased the old phone logged into Apple on the new one I turned it back on then had a little trouble establishing it as a "Trusted" device but got it working eventually.
 

Rod


Joined
Jun 12, 2011
Messages
9,627
Reaction score
1,832
Points
113
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2021 M1 MacBook Pro 14" macOS 14.4.1, Mid 2010MacBook 13" iPhone 13 Pro max, iPad 6, Apple Watch SE.
I have read a lot of comments asking what is the point of receiving a verification (2FA) code on the same device you are trying to login on. Doesn't it defeat the point?
The answer is no because to get to that point you first have to be able to login to your account on the device (! password) then you need to know your Apple ID and password (2 passwords) and you will only get the 6 digit code on a trusted device.
So someone trying to login on a different eg. laptop would need your phone (and your phone passkey).
If you were trying to perform the same process on a phone then the 2FA code would be on your laptop.
If, and this seems to be the one that peeves people, you are logging into your Apple Account on a trusted device eg your laptop you get the code on that device because it is sent to all trusted devices.
The code will be behind (and this threw me the first couple of times) the window you enter it in. I found that if I drag that window to one side the code is just behind it. Silly me had been going to my phone to get it.
 
Joined
Oct 16, 2010
Messages
17,494
Reaction score
1,541
Points
113
Location
Brentwood Bay, BC, Canada
Your Mac's Specs
2011 27" iMac, 1TB(partitioned) SSD, 20GB, OS X 10.11.6 El Capitan
If you were trying to perform the same process on a phone then the 2FA code would be on your laptop.


That might be a bit of a bummer if the laptop was left at home or elsewhere... and no way to access it. :\


- Patrick
======
 
Joined
Jan 1, 2009
Messages
15,452
Reaction score
3,808
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
But, Patrick, if the iPhone was also a trusted device, the code would come to the iPhone as well. So you would have access. What the confusion is about is why sending the code to the machine doing the asking for it does not make 2FA useless. But the idea is that you have to have physical access, plus security access (passwords, facial ID, fingerprints) to the device(s) that are trusted AND the AppleID information (login, password) just to get the code sent. So, one more time, if you have an iPhone (trusted) and a MacBook Pro (trusted) and you try to access your AppleID or related components, the code will be sent to both, and only those two, no matter where the original request came from. And that is exactly why 2FA is useful. If someone steals your passwords, say through phishing, and tries to access your AppleID from some "foreign" computer they won't get the code, but you will, and that will signal to you that your passwords are compromised. Also, whenever a "new" device tries to attach to the AppleID, that device has to be set as "trusted" by entering the code sent to the already trusted devices, so that foreign device will not gain access, even if you do the stupid thing and allow it to be trusted, the new device will still have to have a code entered to make that final trust link, and those codes only go to currently trusted devices. I'm sure that is clear as mud, but it is how it works.

Actually, it all works pretty well, if a bit confusing at first.
 
Joined
Oct 16, 2010
Messages
17,494
Reaction score
1,541
Points
113
Location
Brentwood Bay, BC, Canada
Your Mac's Specs
2011 27" iMac, 1TB(partitioned) SSD, 20GB, OS X 10.11.6 El Capitan
But, Patrick, if the iPhone was also a trusted device, the code would come to the iPhone as well.


OK, and here's hoping it does. And thanks for the clearification and explanations Jake.


- Patrick
======
 
Joined
Jan 1, 2009
Messages
15,452
Reaction score
3,808
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
You don't have to hope, Patrick. That's how it works. I have four trusted devices (MBP,  Watch, iPad and iPhone) and when I try to invoke AppleID, all of them get the code. It's kind of funny to listen to the four of them all beeping with the notification that the code has arrived!
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
You don't have to hope, Patrick. That's how it works. I have four trusted devices (MBP,  Watch, iPad and iPhone) and when I try to invoke AppleID, all of them get the code. It's kind of funny to listen to the four of them all beeping with the notification that the code has arrived!

Jake, I 100% agree with your explanation of 2Fa. I quite like it and the security it provides.
 

Rod


Joined
Jun 12, 2011
Messages
9,627
Reaction score
1,832
Points
113
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2021 M1 MacBook Pro 14" macOS 14.4.1, Mid 2010MacBook 13" iPhone 13 Pro max, iPad 6, Apple Watch SE.
You don't have to hope, Patrick. That's how it works. I have four trusted devices (MBP,  Watch, iPad and iPhone) and when I try to invoke AppleID, all of them get the code. It's kind of funny to listen to the four of them all beeping with the notification that the code has arrived!

I don’t believe you can make an Apple Watch a trusted device. There is no Find My Watch although I wish there was. I guess your watch mirrors your phone notifications.


Sent from my iPhone
 

Rod


Joined
Jun 12, 2011
Messages
9,627
Reaction score
1,832
Points
113
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2021 M1 MacBook Pro 14" macOS 14.4.1, Mid 2010MacBook 13" iPhone 13 Pro max, iPad 6, Apple Watch SE.
Ah, I’ll have to correct myself there, I just found this: Allthough theres no option to ping your Apple Watch like you can with your iPhone. ... Specifically you can go to the Watch App on your iPhone, choose your Apple Watch, then press the little “i” button and then find my Apple Watch. This will take you directly into the find iPhone app and search for your Apple Watch.Mar 16, 2018


Sent from my iPhone
 
Joined
Apr 20, 2009
Messages
4,301
Reaction score
124
Points
63
Location
The lonely planet
Your Mac's Specs
Too many...
Iggi, it only comes to the computer if you have Messages running on them and have given the account information from there to Apple. Basically, logging into AppleID on the computer. And changing the telephone number is certainly a hugely confounding factor for you. Glad you were able to get it all sorted out in the end. I find 2FA works pretty well, but I haven't change anything critical recently. I did reinstall OSX/macOS on a 2011 MBP recently, starting out with an Internet recovery back to the original OS and working forward to HS. I got notices that a "new" device wanted to use my AppleID, which I had to authorize and send a code to allow. I don't know if Messages would work if you gave them the email address at iCloud but your phone number was changed. I think the connection is more to the number, but I could be wrong about that. I guess the lesson is, don't change the number unless you ABSOLUTELY have to.

From my understanding of 2FA, it works best for people who do not change their products for a long time, or those who have only a couple of devices. I have many of everything, and usually go through 2 phones a year. Last year was a fluke because I also changed carriers and decided to get a new number. And it was worse because Apple's messaging system hijacks your phone number when switching between Android and Apple phones, and the only way to fix it is to dissociate your number from the Apple account. I had many things go wrong that put me in a lock. That was the mistake, and to be honest, it's a mistake that is so easily made and forgotten because sometimes people just forget how integrated some safety features are when they constantly run in the background and you never deal with them. Apple places too much trust on someone's phone number. 2FA is well suited for some, but not everyone. That's why I truly believe 2FA should be completely optional, and not something that is crammed down your throat. For some that say use 2FA so you can get rid of the notification, it is the same thing as saying pay extra for AppleCare because your keyboard is going to mess up. No, you shouldn't have to pay extra for a faulty product. That's not a fix to the problem. That's what you call a bandaid.

That's my thought anyway.
 
Joined
Jan 1, 2009
Messages
15,452
Reaction score
3,808
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
I don’t believe you can make an Apple Watch a trusted device. There is no Find My Watch although I wish there was. I guess your watch mirrors your phone notifications.


Sent from my iPhone
Rod, I think you are correct that it mirrors your iPhone to which it is paired. Nevertheless, it joins the chorus of tones when the code arrives!
 
Joined
Jan 1, 2009
Messages
15,452
Reaction score
3,808
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
From my understanding of 2FA, it works best for people who do not change their products for a long time, or those who have only a couple of devices. I have many of everything, and usually go through 2 phones a year. Last year was a fluke because I also changed carriers and decided to get a new number. And it was worse because Apple's messaging system hijacks your phone number when switching between Android and Apple phones, and the only way to fix it is to dissociate your number from the Apple account. I had many things go wrong that put me in a lock. That was the mistake, and to be honest, it's a mistake that is so easily made and forgotten because sometimes people just forget how integrated some safety features are when they constantly run in the background and you never deal with them. Apple places too much trust on someone's phone number. 2FA is well suited for some, but not everyone. That's why I truly believe 2FA should be completely optional, and not something that is crammed down your throat. For some that say use 2FA so you can get rid of the notification, it is the same thing as saying pay extra for AppleCare because your keyboard is going to mess up. No, you shouldn't have to pay extra for a faulty product. That's not a fix to the problem. That's what you call a bandaid.

That's my thought anyway.
Iggi, I don't know your definition of "many of everything" but I have two MBPs, an iMac, two iPads, 4 AppleTV, an  Watch and two iPhones. My wife has an iPad, MBP, Mini and another Apple TV in her office. Is that "many of everything?" If so, 2FA works well for us in that environment.

Apple doesn't "hijack" your phone number, it simply associates the number with your Apple ID when you get an iPhone. That association is necessary for Messenger to work properly and is easily undone when/if you change iPhones. If that is "hijacking" then Verizon/ATT/T-Mobile/Whatever "hijacks" your number when you move to them for service.

I get a new iPhone every year and go through the process of disassociating my phone before I swap it out. Apple has good articles on how to do that: Sell or give away your iPhone - Apple Support I would think that if you get two phones a year you would remember what you have to do to make that work well. Most of the users of phones hold on to them much longer, so they are the ones more likely to forget.

"Too much trust" is just the trust you need to have, not more or less. To get messages, they have to have your number, that's how the SMS/Messaging system is set up. Not an Apple design, just how the system works. And unlike AppleCare, which is an additional cost for the coverage, 2FA is absolutely free, so it's not at all the same. And 2FA is not faulty just because it doesn't work the way you want it to. It works as designed. You can opt out, but if you opt in, you only have two weeks to change your mind. At least you have two weeks--I've seen some things where in is in, out is out and you can never change once the decision is made.

I understand you don't like 2FA, and that's your option. But Apple has been burned by lawsuits before (when the system was allegedly "breached" by the phishing event I mentioned earlier) and is going to continue to remind you to use 2FA when you invoke any AppleID function. I'm sure a lawyer suggested that as some legal protection, but it's also good advice. 2FA is not "crammed down your throat" any more than your car crams down your throat the suggestion to fasten your seat belt when you turn it on. It's a safety/security feature you SHOULD use, so it is suggested to you each time. Don't want it? Then don't use it. But like your car reminding you every time, Apple will also remind you every time.
 
Joined
Apr 20, 2009
Messages
4,301
Reaction score
124
Points
63
Location
The lonely planet
Your Mac's Specs
Too many...
Iggi, I don't know your definition of "many of everything" but I have two MBPs, an iMac, two iPads, 4 AppleTV, an  Watch and two iPhones. My wife has an iPad, MBP, Mini and another Apple TV in her office. Is that "many of everything?" If so, 2FA works well for us in that environment.

Apple doesn't "hijack" your phone number, it simply associates the number with your Apple ID when you get an iPhone. That association is necessary for Messenger to work properly and is easily undone when/if you change iPhones. If that is "hijacking" then Verizon/ATT/T-Mobile/Whatever "hijacks" your number when you move to them for service.

I get a new iPhone every year and go through the process of disassociating my phone before I swap it out. Apple has good articles on how to do that: Sell or give away your iPhone - Apple Support I would think that if you get two phones a year you would remember what you have to do to make that work well. Most of the users of phones hold on to them much longer, so they are the ones more likely to forget.

"Too much trust" is just the trust you need to have, not more or less. To get messages, they have to have your number, that's how the SMS/Messaging system is set up. Not an Apple design, just how the system works. And unlike AppleCare, which is an additional cost for the coverage, 2FA is absolutely free, so it's not at all the same. And 2FA is not faulty just because it doesn't work the way you want it to. It works as designed. You can opt out, but if you opt in, you only have two weeks to change your mind. At least you have two weeks--I've seen some things where in is in, out is out and you can never change once the decision is made.

I understand you don't like 2FA, and that's your option. But Apple has been burned by lawsuits before (when the system was allegedly "breached" by the phishing event I mentioned earlier) and is going to continue to remind you to use 2FA when you invoke any AppleID function. I'm sure a lawyer suggested that as some legal protection, but it's also good advice. 2FA is not "crammed down your throat" any more than your car crams down your throat the suggestion to fasten your seat belt when you turn it on. It's a safety/security feature you SHOULD use, so it is suggested to you each time. Don't want it? Then don't use it. But like your car reminding you every time, Apple will also remind you every time.


So, you're trying to argue something in hopes of changing my thoughts on it or something? I don't think in absolute terms. No black or white. I don't need bias reasoning for everything Apple. It is what it is.

As for the hijacking issue, there's plenty of articles on it where Apple hijacks your texts, and prevents them from being delivered even if you no longer have that number associated with an Apple account. I shouldn't even need to describe it. It's been an issue since iMessage first came out, and still happens. I only brought it because it occurred to me during that time I was having problems with 2FA. Didn't think it was going to be an issue mentioning it... and honestly, your beliefs do nothing to people who have problems with it.
 
Joined
Jan 1, 2009
Messages
15,452
Reaction score
3,808
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
Nope, I frankly don't care what you believe. I stated facts, just to keep the record straight. We disagree. That's how the world works. Go in peace.
 
Joined
Jan 1, 2009
Messages
15,452
Reaction score
3,808
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
Just for the record, I looked up the issue with Messages not being sent that you said,
As for the hijacking issue, there's plenty of articles on it where Apple hijacks your texts, and prevents them from being delivered even if you no longer have that number associated with an Apple account. I shouldn't even need to describe it. It's been an issue since iMessage first came out, and still happens.
Here are the facts: In May, 2014, Apple was sued over the issue that if a user switched from an Apple device to a non-Apple device, messages coming to them from Apple phones with iMessage were not being delivered. In November, 2014, Apple addressed the problem by providing both clear directions and a tool to de-register the number and the court dismissed the case in Apple's favor. These are the two current Apple articles on the subject:
Deregister and Turn Off iMessage - Apple Support
If you can’t receive text messages from an iPhone - Apple Support

So, it's not a current issue, if you follow the instructions to de-register your phone. If it "still happens" it's because the user didn't de-register the phone. It's a bit like changing addresses and not telling anybody about the change. One cannot then complain that the Post Office isn't delivering mail that was sent to the old address to the new address. The mover didn't tell them things changed.

Now I'm not saying, and I never have, that Apple is perfect, or does everything right. Their errors are there, and some are spectacular. GPUs, screen issues, keyboards, bent iPads, the most recent security update to Mojave, etc. But just because someone doesn't like something doesn't make it "wrong."

2FA as implemented by Apple is not bad. I run into 2FA everywhere--my bank, credit union, doctor, financial advisor, mutual fund, even my phone company. And all of them work about the same as Apple's. I get a code on my registered phone that has to be entered into the system to prove I'm me. And they did more to "jam it down my throat" than Apple. Basically they all gave me zero options. If I wanted to use them, I had to sign up for 2FA. No choice at all. Frankly, I see more and more 2FA coming as hacks continue and companies adopt more security. Maybe even Apple will remove the option to exit from it, or to opt out of it. All it will take is one lawsuit from someone who tries to claim, "They never told me..."

So, if we are going to criticize Apple for something, let's keep it factual. That's all I'm saying.
 
Last edited:

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top