When 2FA isn’t 2FA: How Apple’s iCloud authentication system fails to protect your account
Friday April 12, 2019. 08:27 PM , from Mac Daily News
“With an iCloud account and an Apple device, two-factor authentication is quite different than it is on any other device or account. As is the Apple way, 2FA on your iPhone or Mac is baked into the device you own, setting up a system that is theoretically as secure as a security key,” Michael Simon writes for Macworld. “Except when it’s not.”
“While it appears as though Apple has all of the 2FA bases covered, its proprietary system of trusted devices isn’t without its flaws,” Simon writes. “For one, it works best when you have more than one iOS device. Not only does it add an extra layer of protection by bringing a second device into the mix, it’s true 2FA, pairing something you know (your password) with something you have (your device).”
Simon writes, “But if you only have a single Apple device, you’re kind of out of luck, and that’s where the trouble starts.”
Read more in the full article here.
MacDailyNews Take: We find it humorous when we input our password to log into our Apple ID account page and Apple prompts us to enter a 2FA code on the very device we’re using. It’s so convenient! Still, overall, it’s better than a straight UN/PW system.
Jul, Mon 22 - 14:59 CEST