- Joined
- Apr 16, 2016
- Messages
- 1,096
- Reaction score
- 51
- Points
- 48
- Location
- CT
- Your Mac's Specs
- MacBook Air Mid-2012 / iMac Retina 5K Late-2014
... or is this the dumbest implementation of 2FA (two-factor authentication) ever?
The whole concept of what Apple is advertising is solid - when you log in to your iCloud account through a browser, or on a new device (like when you're initially setting up access to your account), Apple will require not only your iCloud password but also a six digit passcode. When you go through the 2FA setup on your iCloud account, they ask you for a phone number to text that passcode to (so, now, you would need to have your phone handy as well).
First off, this is completely STUPID because so many of us are using text forwarding to our Mac's and other devices. If someone breaks into my iCloud account -ON- my Mac, and Apple were to text the secondary password to my phone... Guess what? It would show up in Messages as either an iMessage that's right on the Mac OR it would show up as a forwarded text message in Messages - giving the hacker the second password they need. The exact same is true if they gain access to ANY of my active devices.
What's even MORE STUPID is that they don't text you the code AT ALL!!! It shows up ON THE DEVICE YOU'RE USING so that you can key it right in! WTH is the value in this?
Am I completely missing something? Not to mention that it effectively rendered my iCloud account UNUSABLE for syncing data among my devices until I cleared it out and re-set everything.
The whole concept of what Apple is advertising is solid - when you log in to your iCloud account through a browser, or on a new device (like when you're initially setting up access to your account), Apple will require not only your iCloud password but also a six digit passcode. When you go through the 2FA setup on your iCloud account, they ask you for a phone number to text that passcode to (so, now, you would need to have your phone handy as well).
First off, this is completely STUPID because so many of us are using text forwarding to our Mac's and other devices. If someone breaks into my iCloud account -ON- my Mac, and Apple were to text the secondary password to my phone... Guess what? It would show up in Messages as either an iMessage that's right on the Mac OR it would show up as a forwarded text message in Messages - giving the hacker the second password they need. The exact same is true if they gain access to ANY of my active devices.
What's even MORE STUPID is that they don't text you the code AT ALL!!! It shows up ON THE DEVICE YOU'RE USING so that you can key it right in! WTH is the value in this?
Am I completely missing something? Not to mention that it effectively rendered my iCloud account UNUSABLE for syncing data among my devices until I cleared it out and re-set everything.