Please visit the new Mac-Forums Facebook page:
https://www.facebook.com/macforums1




Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 56
  1. #16
    Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After 2 Weeks
    ferrarr's Avatar
    Member Since
    May 21, 2012
    Location
    Pawtucket, RI, US
    Posts
    6,274
    Your Mac's Specs
    L2014 Mac mini macOS 14, iPhone 8+ iOS 12, 12.9" iPad Pro 1 iOS 12, Pencil 1
    Rep Power
    13
    Quote Originally Posted by Sawday View Post
    ...but surely the 2FA alerts should go to a device OTHER than the one you are trying to access? Otherwise what is the point? I someone steals my mac they get unfettered access to my apple account. 2FA does nothing to help...but it should!
    That makes no sense.

    Any device that is an “approved” device, which you enabled, will receive the notification. If you only had one device enabled (desktop Mac), then you would not be able to access your Apple ID, while you were away from home. It’s your responsibility to make sure your Mac is properly secured, and that they don’t have access to your login information. So disable “automatic login”, and make sure you need to login after screen saver activates. Many more security measures available to secure your Mac.

    2FA, is also to notify you when someone else is trying to access your “Apple/iCloud ID” account info.
    -- Bob --
    Please backup. Everything has a life cycle, unexpected and warning free. Nothing will last as long as you want it to.

  2. #17
    Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After 2 Weeks
    IWT's Avatar
    Member Since
    Jan 23, 2009
    Location
    Born in Scotland, Worked in Scotland then England, Now live in Wales
    Posts
    5,564
    Your Mac's Specs
    Late 2015 5K 27-inch Retina iMac, 4GHz i7, 32GB RAM, 1TB Flash Drive, macOS High Sierra 10.13.6
    Rep Power
    18
    I have read carefully the discussion so far and find sympathy with both sides of the argument as far as Apple 2FA is concerned.

    However, I think that there may be, in a few cases, a slight misunderstanding. Rather than providing a link which some may/may not venture to read, here is an abbreviated explanation of how Apple's 2FA works. Any underlining or bold is mine.

    How it works

    With two-factor authentication, your account can only be accessed on devices you trust, like your iPhone, iPad, or Mac. When you want to sign in to a new device for the first time, you'll need to provide two pieces of information—your password and the six-digit verification code that's automatically displayed on your trusted devices***. By entering the code, you're verifying that you trust the new device.

    ###For example, if you have an iPhone and are signing into your account for the first time on a newly purchased Mac, you'll be prompted to enter your password and the verification code that's automatically displayed on your iPhone.###
    Because your password alone is no longer enough to access your account, two-factor authentication dramatically improves the security of your Apple ID and all the personal information you store with Apple.

    Once signed in, you won’t be asked for a verification code on that device again unless you sign out completely, erase the device, or need to change your password for security reasons. When you sign in on the web, you can choose to trust your browser, so you won’t be asked for a verification code the next time you sign in from that computer.

    Trusted devices
    A trusted device is an iPhone, iPad, or iPod touch with iOS 9 and later, or a Mac with OS X El Capitan and later that you've already signed in to using two-factor authentication. It’s a device we know is yours and that can be used to verify your identity by displaying a verification code from Apple when you sign in on a different device or browser.

    Trusted phone numbers
    A trusted phone number is a number that can be used to receive verification codes by text message or automated phone call. You must verify at least one trusted phone number to enroll in two-factor authentication.
    You should also consider verifying an additional phone number you can access, such as a home phone, or a number used by a family member or close friend. You can use this number if you temporarily can't access your primary number or your own devices.

    My understanding - could be wrong!

    If I purchase a new iMac, when I sign in to my Apple ID, the 2FA Verification Code will ONLY be sent to my iPhone (not my iPad; nor the other devices linked to my Apple ID which include my wife's iPhone and iPad; nor to another iMac or MacBook if I had these).

    The confusion is in Apple's explanation - see *** above. It uses the plural - trusted "devices". But then implies that only your iPhone will get the code - see ### above.

    In a case series of one (me), I seem only to get a 2FA Verification Code on my iPhone when I purchase a new Device. What I used to get was a message sent to all trusted devices asking me to "trust" the new Device.

    Ian
    Ian

  3. #18
    Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After 2 Weeks
    MacInWin's Avatar
    Member Since
    Jan 01, 2009
    Location
    Winchester, VA
    Posts
    5,997
    Your Mac's Specs
    MBP 15" Mid 2015, iPhone XS, an iMac, plus ATVs, AWatch, MacMini
    Rep Power
    25
    Quote Originally Posted by Sawday View Post
    ...but surely the 2FA alerts should go to a device OTHER than the one you are trying to access? Otherwise what is the point? I someone steals my mac they get unfettered access to my apple account. 2FA does nothing to help...but it should!
    The alerts go to all devices associated with the AppleID. Given that Apple has pretty good security available on iPhones, whether by fingerprint or facial recognition, the design of the system is that if someone from some OTHER device tries to log into your AppleID account the alert will be sent to your iPhone, which you can see because YOU can unlock it while nobody else can. As for just opening the phone, I've never had to provide an AppleID to do that, just my fingerprint or face. So no 2FA goes to the device to let me log into it, only when I use it, or some other device, to access a function that DOES require AppleID.

    To address the exact scenario of someone stealing your Mac, when they try to log in they won't be able to because of your login password. (You do have a password, right?) So they cannot get to your Apple ID or the associated account because they cannot get into your Mac. When you lock down your Mac through your AppleID (assuming you do that) they won't be able to see the code because all they can see is the login screen. Now, if you are so unlucky that they steal your Mac before it locks down for inactivity AND you have your AppleID stored on the Mac, AND you don't notice in time before they try to change your AppleID password, and they do that before the timer for locking down the screen occurs, the first indicator of an issue for you will be the message on your other devices associated with the AppleID that "your" attempt to change the password requires 2FA, which is an alert that something is amiss. But those circumstances can easily be avoided by having a fairly short setting for how long before the password is required. I have mine set for 5 minutes when I'm at home, move it to even shorter when I travel with it. Basically, if I turn my back and a thief grabs the MBP from in front of me, the miscreant has less than a minute to get into it before it locks.

    Now, you might wonder about what if someone steals your iPhone? Well, if you have taken the routine security steps to have a passcode, fingerprint, facial recognition set up then that thief cannot get into your iPhone. If you now use a different device to lock down that iPhone, or use Find My Phone, they might see the code on the lock screen (I'm not sure about that) but even so, they can't use it because they can't open the iPhone itself.

    So, the point you raise is not really an issue, mostly because the 2FA is not protecting the device itself, but the AppleID account. The device is protected by your login and security settings on the device. The combination of the two provides pretty good security, if you use it.

    Lately, when the text comes in with the 2FA code, it's been automatically filling in the code, if I am using it, because I unlocked it with the proper security, so having 2FA is even easier to use.
    Jake

  4. #19
    Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After 2 Weeks
    MacInWin's Avatar
    Member Since
    Jan 01, 2009
    Location
    Winchester, VA
    Posts
    5,997
    Your Mac's Specs
    MBP 15" Mid 2015, iPhone XS, an iMac, plus ATVs, AWatch, MacMini
    Rep Power
    25
    Ian, you said
    In a case series of one (me), I seem only to get a 2FA Verification Code on my iPhone when I purchase a new Device. What I used to get was a message sent to all trusted devices asking me to "trust" the new Device.
    What I have observed is that when I first access any AppleID protected service from a "new" device, I get that "trust" message on all of the other devices already "trusted" for that AppleID, and the code to unlock shows up on all devices running Messages. So, I get it on my iPad, iPhone and on my MBP because I run Messages there as well. If I had not activated Messages on the MBP and logged into my AppleID for that service, I would not get the code on the MBP. It's hand on the MBP for when I want to do something with the AppleID and am working on the MBP because the code pops up in the Messages window and is really easy to use there.
    Jake

  5. #20
    Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After 2 Weeks
    Sawday's Avatar
    Member Since
    Nov 19, 2006
    Location
    York, UK
    Posts
    1,566
    Your Mac's Specs
    iMac: 27”, 3.4 GHz, 16Gb RAM. iPad2, iPad mini4, iPhone5s
    Rep Power
    13
    OK. I do have a mac login. So what exactly is 2FA achieving on my mac other than to pee me off?
    Experience teaches you to recognise a mistake when you make it again.

  6. #21
    Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After 2 Weeks
    pm-r's Avatar
    Member Since
    Oct 16, 2010
    Location
    Brentwood Bay, BC, Canada
    Posts
    11,596
    Rep Power
    18
    Quote Originally Posted by Sawday View Post
    OK. I do have a mac login. So what exactly is 2FA achieving on my mac other than to pee me off?


    As much as 2FA is a PITA to many of us, variations of it are no doubt here to stay and will probably continue to be as long as we use the Internet, so if you want to know more or why, just have a read at any of the sites using a google search on 'what is "2FA"' such as this:
    what is "2FA" - Google Search

    It might take some of sting out when you understand their reasons.

    If you don't do much on-line Internet stuff, you probably won't even be bothered with any 2FA or any of its vaiations.



    - Patrick
    ======

  7. #22
    Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After 2 Weeks
    MacInWin's Avatar
    Member Since
    Jan 01, 2009
    Location
    Winchester, VA
    Posts
    5,997
    Your Mac's Specs
    MBP 15" Mid 2015, iPhone XS, an iMac, plus ATVs, AWatch, MacMini
    Rep Power
    25
    Quote Originally Posted by Sawday View Post
    OK. I do have a mac login. So what exactly is 2FA achieving on my mac other than to pee me off?
    Protecting your AppleID account from anyone logging in. That means they can't get to anything stored in iCloud, or buy anything with your AppleID. Or hijack your account for any other nefarious purpose. It's a bit like having a locked safe inside your house. You have a house lock, with a key (your login to the Mac) and then you put important documents in the locked safe (The Appleid 2FA). So even if someone gets in your house (or steals your Mac), they cannot get in your safe (your AppleID account). Remember, when you created the AppleID you gave a credit card to them for your purchases, so that security for that alone is pretty key.

    A couple of years ago there was someone who phished some celebrities for their AppleID, found nude pictures of some of them in their photo library in the Cloud and published them. 2FA makes that almost impossible to do now. You could even publish your AppleID and password anywhere and as long as 2FA is there, nobody can get in but you, because only you get the code on your devices.
    Jake

  8. #23
    Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After 2 Weeks
    chscag's Avatar
    Member Since
    Jan 23, 2008
    Location
    Keller, Texas
    Posts
    58,052
    Your Mac's Specs
    2017 27" iMac, 10.5" iPad Pro, iPhone 7+, iPhone 8, Numerous iPods, Mojave
    Rep Power
    53
    Good discussion guys.

    My thanks to Ian and Jake for the clear explanations on how 2FA works and why it should be used.


  9. #24
    Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After 2 Weeks
    iggibar's Avatar
    Member Since
    Apr 20, 2009
    Location
    Cleveland
    Posts
    4,190
    Your Mac's Specs
    yeahhhh...might need to look at my signature
    Rep Power
    15
    My alerts were not going to my computers. They were bypassing them all and going to my apple watch as a notice, which would then tell me I needed to send a verification code via text, but my phone number was changed, so I couldn't change the trusted phone number. Not having this access blocked me from removing my Apple watch from my devices list, blocked me from getting into my account's settings, as well as blocking me from pretty much doing anything to resolve this issue online. Only way I resolved it was sending a report to email about the situation and having them reset everything after doing a lot of over the phone verifications.


    With that said, I've decided to actually give 2FA another try today. I did this because I no longer have any iPhones or Apple watches reregistered to my account. I reset the account cache and set it up. Now my account and settings can only be accessed from my personal Apple computers.
    3.0GHz 10core Mac Pro 6.13.46GHz 6core Mac Pro 5.12.66GHz 4core Mac Pro 4.12.2GHz 6core i7 15" MacBook Pro w/TB 15.12.3GHz 4core i7 15" Retina MacBook Pro 11.32.4GHz C2D 15" MacBook Pro 5.12.4GHz C2D 13" MacBook Pro 7.1

  10. #25
    Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After 2 Weeks
    MacInWin's Avatar
    Member Since
    Jan 01, 2009
    Location
    Winchester, VA
    Posts
    5,997
    Your Mac's Specs
    MBP 15" Mid 2015, iPhone XS, an iMac, plus ATVs, AWatch, MacMini
    Rep Power
    25
    Iggi, it only comes to the computer if you have Messages running on them and have given the account information from there to Apple. Basically, logging into AppleID on the computer. And changing the telephone number is certainly a hugely confounding factor for you. Glad you were able to get it all sorted out in the end. I find 2FA works pretty well, but I haven't change anything critical recently. I did reinstall OSX/macOS on a 2011 MBP recently, starting out with an Internet recovery back to the original OS and working forward to HS. I got notices that a "new" device wanted to use my AppleID, which I had to authorize and send a code to allow. I don't know if Messages would work if you gave them the email address at iCloud but your phone number was changed. I think the connection is more to the number, but I could be wrong about that. I guess the lesson is, don't change the number unless you ABSOLUTELY have to.
    Jake

  11. #26
    Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After 2 Weeks
    Rod's Avatar
    Member Since
    Jun 12, 2011
    Location
    Melbourne, Australia and Ubud, Bali, Indonesia
    Posts
    4,949
    Your Mac's Specs
    MacBook Pro Retina 13" macOSX 10.13.3 beta
    Rep Power
    14
    Quote Originally Posted by chscag View Post
    It can only be disabled within a certain amount of time according to Apple. (within two weeks) After that, you're stuck with it. Read the original thread title above and Link.

    And, it appears that new users creating an Apple ID have it implemented automatically. Also, if you wish to sync your iMessages between all the devices you own, 2FA must be turned on.
    Thats odd, two weeks after what, turning it on? I'm sure I have turned it off in the past. Before I got my current iPhone 7 prior to setting it up I know I switched it off, anticipating it might cause a problem. Once I had erased the old phone logged into Apple on the new one I turned it back on then had a little trouble establishing it as a "Trusted" device but got it working eventually.
    I used to be conceited but now I'm perfect.

  12. #27
    Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After 2 Weeks
    Rod's Avatar
    Member Since
    Jun 12, 2011
    Location
    Melbourne, Australia and Ubud, Bali, Indonesia
    Posts
    4,949
    Your Mac's Specs
    MacBook Pro Retina 13" macOSX 10.13.3 beta
    Rep Power
    14
    I have read a lot of comments asking what is the point of receiving a verification (2FA) code on the same device you are trying to login on. Doesn't it defeat the point?
    The answer is no because to get to that point you first have to be able to login to your account on the device (! password) then you need to know your Apple ID and password (2 passwords) and you will only get the 6 digit code on a trusted device.
    So someone trying to login on a different eg. laptop would need your phone (and your phone passkey).
    If you were trying to perform the same process on a phone then the 2FA code would be on your laptop.
    If, and this seems to be the one that peeves people, you are logging into your Apple Account on a trusted device eg your laptop you get the code on that device because it is sent to all trusted devices.
    The code will be behind (and this threw me the first couple of times) the window you enter it in. I found that if I drag that window to one side the code is just behind it. Silly me had been going to my phone to get it.
    I used to be conceited but now I'm perfect.

  13. #28
    Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After 2 Weeks
    pm-r's Avatar
    Member Since
    Oct 16, 2010
    Location
    Brentwood Bay, BC, Canada
    Posts
    11,596
    Rep Power
    18
    If you were trying to perform the same process on a phone then the 2FA code would be on your laptop.

    That might be a bit of a bummer if the laptop was left at home or elsewhere... and no way to access it.


    - Patrick
    ======

  14. #29
    Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After 2 Weeks
    MacInWin's Avatar
    Member Since
    Jan 01, 2009
    Location
    Winchester, VA
    Posts
    5,997
    Your Mac's Specs
    MBP 15" Mid 2015, iPhone XS, an iMac, plus ATVs, AWatch, MacMini
    Rep Power
    25
    But, Patrick, if the iPhone was also a trusted device, the code would come to the iPhone as well. So you would have access. What the confusion is about is why sending the code to the machine doing the asking for it does not make 2FA useless. But the idea is that you have to have physical access, plus security access (passwords, facial ID, fingerprints) to the device(s) that are trusted AND the AppleID information (login, password) just to get the code sent. So, one more time, if you have an iPhone (trusted) and a MacBook Pro (trusted) and you try to access your AppleID or related components, the code will be sent to both, and only those two, no matter where the original request came from. And that is exactly why 2FA is useful. If someone steals your passwords, say through phishing, and tries to access your AppleID from some "foreign" computer they won't get the code, but you will, and that will signal to you that your passwords are compromised. Also, whenever a "new" device tries to attach to the AppleID, that device has to be set as "trusted" by entering the code sent to the already trusted devices, so that foreign device will not gain access, even if you do the stupid thing and allow it to be trusted, the new device will still have to have a code entered to make that final trust link, and those codes only go to currently trusted devices. I'm sure that is clear as mud, but it is how it works.

    Actually, it all works pretty well, if a bit confusing at first.
    Jake

  15. #30
    Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After 2 Weeks
    pm-r's Avatar
    Member Since
    Oct 16, 2010
    Location
    Brentwood Bay, BC, Canada
    Posts
    11,596
    Rep Power
    18
    But, Patrick, if the iPhone was also a trusted device, the code would come to the iPhone as well.

    OK, and here's hoping it does. And thanks for the clearification and explanations Jake.


    - Patrick
    ======

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Two Factor Authentication
    By Barrygou in forum macOS - Apps and Games
    Replies: 12
    Last Post: 01-16-2019, 08:23 PM
  2. Replies: 22
    Last Post: 09-27-2018, 11:16 PM
  3. Does two factor authentication works for all apple accounts?
    By janjankolev in forum Security Awareness
    Replies: 11
    Last Post: 01-07-2018, 09:13 AM
  4. Replies: 1
    Last Post: 05-16-2017, 09:11 AM
  5. Defeating Apple two-factor authentication with a Mac
    By jonmrich in forum macOS - Operating System
    Replies: 4
    Last Post: 07-14-2015, 07:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •