- Sep 16, 2008
- Reaction score
I agree that there is no such thing as "ultimate security" if one needs to access the net, but it's a term that is used quite often when articles discuss 2FA.Nothing is ever "ultimate security." And I don't think I've ever seen anyone claim 2FA is "ultimate security." Just better than not having 2FA. The SIM code fraud is a problem of the phone companies not having even mediocre security in place to prevent it. It's kind of unfair to blame Apple for the failings of a telecomm company who cannot be bothered to use even rudimentary security before transferring a phone number to some strange SIM card just because someone called them. At least Apple sends the codes to all of the registered devices so if I lose my iPhone (or someone tries to SIM card fraud me) I can use my wife's iPhone or my MBP or my iPad to lock it down.
As for not letting you turn 2FA off after two weeks, it's their policy. If you don't like it, don't use iCloud. An iPhone will work without iCloud, although the handiness will be reduced. But you will have SMS, the default apps, communications, etc., so the phone functionality will be there. It would be like having just an iPhone and no other Apple product, and you won't be able to add any apps to it other than the default. For some people, that's all it needs to have. If you want more, you have to play by Apple's rules to use Apple's services. And that means 2FA that cannot be turned off after two weeks.
This article, with a comment like "It’s very important to provide the ultimate security to your account in the wake of ever-rampaging online hacking or cyber crime, is an example.
Set Up Two-Step Verification for Google/Gmail on iPhone or iPad
People read that and think 2FA is the cat's meow.
And I'm not blaming Apple specifically, SIM fraud just makes 2FA in general less secure than it is claimed to be.
What I think is an Apple specific issue is that as a user I can't turn 2FA off again - don't really understand the rationale for that.
Interestingly enough, in all the news article I have seen so far over the last couple of years about the SIM swap fraud and subsequent financial loss, the user only noticed the issue when they were unable to access their cell phone service, at that time they tried to call their cell phone provider to find out what's wrong and depending on the time of day and access to their provider, the damage was already done.
I called my cell phone provider to see if I could somehow block my number from being transferred out and was told that this is illegal (in Canada).
Here is a sample of the news articles I'm referring to:
Social engineering is the new method of choice for hackers. Here'''s how it works. | CBC News