Replies: 37 comments
-
If they're separate from your retail account, then yes. I'm not an Apple user, but I'm pretty sure they are. Aren't iMessage/FT part of iCloud? I thought that already had TFA? |
Beta Was this translation helpful? Give feedback.
-
@RichJeanes iMessage & FaceTime are separate from iCloud. |
Beta Was this translation helpful? Give feedback.
-
Iirc it's all the same account, but apparently different products have different authentication mechanisms. |
Beta Was this translation helpful? Give feedback.
-
Apple has two different systems for additional verification.
As of March 21st, 2016, 2FA is available for all Apple IDs. In order to enable it, ensure you are running at least OS X El Capitan or iOS 9.3, and follow the instructions available here. If you still receive an error indicating that your account isn't eligible to enable 2FA, ensure all devices connected to your account are updated to the latest macOS or iOS version and try enabling the feature on an iOS device running the latest, non-beta version of iOS 9.3 or above. Only certain parts of your account are protected by 2SV. Currently, both 2FA enabled from a supported device and 2SV enabled from the Manage Your Apple ID page protect:
iCloud Keychain has separate SMS/software 2FA that is required and is enabled even if you don't have 2FA/2SV on your Apple ID. While 2SV doesn't protect, 2FA still protects:
2FA/2SV might not protect:
Neither 2FA NOR 2SV protect:
FAQs:
|
Beta Was this translation helpful? Give feedback.
-
Why? Just... Why? |
Beta Was this translation helpful? Give feedback.
-
@RichJeanes most big companies provide bad security for it's customers. If it's not outside threats it's the company itself. No matter what OS your phone runs it's vulnerable. Apple, Google, Windows. Not to mention the 3d parties of the Android OS.... |
Beta Was this translation helpful? Give feedback.
-
@RichJeanes I know. At least Google and Microsoft's 2FA protect everything. I don't understand why Apple can't just use one SSO server with one sign in page for everything. |
Beta Was this translation helpful? Give feedback.
-
@jamcat22 They have so many different systems that it's difficult to use a single authentication method. They coded themselves into a corner. |
Beta Was this translation helpful? Give feedback.
-
@mxxcon 😄 |
Beta Was this translation helpful? Give feedback.
-
Just updated my previous comment with the following changes: Things 2SV also protects:
Things that 2SV didn't protect but are now protected:
Things 2SV also does not protect:
|
Beta Was this translation helpful? Give feedback.
-
Maybe we should find a way to group big websites together... Just thinking... |
Beta Was this translation helpful? Give feedback.
-
Apple is so disparate in their sign-on services that we could (almost?) justify creating an "Apple" category... |
Beta Was this translation helpful? Give feedback.
-
@RichJeanes I get the idea but no, haha. I won't stand for that =] If anything, why not put @jamcat22's analysis into a note and then link to that for the docs? |
Beta Was this translation helpful? Give feedback.
-
Actually, @RichJeanes. This would be the perfect time to use the You can create an exception and then turn that on and it will link there with more details. It was sort of a half-ass idea that isn't even being used so it might need to be worked on. |
Beta Was this translation helpful? Give feedback.
-
@jdavis how does the exception link even work? I have been wondering about that for ages. |
Beta Was this translation helpful? Give feedback.
-
Updated my comment and other comments with the following changes:
Things that 2SV didn't protect but are now protected:
Things 2SV also does not protect:
|
Beta Was this translation helpful? Give feedback.
-
@jamcat22 you missed a dot somewhere in that comment. |
Beta Was this translation helpful? Give feedback.
-
@Carlgo11 Bring. It. On. |
Beta Was this translation helpful? Give feedback.
-
Updated my comment and other comments with the following changes:
Things that 2SV didn't protect but are now protected:
Things 2SV also does not protect:
|
Beta Was this translation helpful? Give feedback.
-
Updated my comment with the following changes:
Things that 2SV didn't protect but are now protected:
[Important side note: While the Apple Store Account (payment info) page is now protected by the newest version of their sign in page, the main Apple website login (also used for the Apple Store) is still not. This means people can make purchases without using 2SV, but they cannot modify billing info.]
By the way, have you guys seen the new Apple ID website? It's amazing. Still nowhere near as complex as Microsoft or Google though. |
Beta Was this translation helpful? Give feedback.
-
Updated my comment with the following changes:
Things neither 2FA nor 2SV protect:
|
Beta Was this translation helpful? Give feedback.
-
What about make a |
Beta Was this translation helpful? Give feedback.
-
@Carlgo11 I'm thinking of either doing that, or linking directly to this issue, depending on if we can have notes pages with Markdown. I'd be open to coding it in HTML, but then it won't look quite as nice. |
Beta Was this translation helpful? Give feedback.
-
Updated my comment with the following changes:
Things both 2FA and 2SV protect:
|
Beta Was this translation helpful? Give feedback.
-
Updated my comment with the following changes:
Things that might not be protected by 2FA/2SV:
Things that 2FA didn't protect that are now protected, yet are still not protected by 2SV:
Things both 2FA and 2SV protect:
Things that 2FA protects, but aren't protected by 2SV:
|
Beta Was this translation helpful? Give feedback.
-
Updated my comment with the following changes:
Things both 2FA and 2SV protect:
Things that 2SV now protects, in addition to already being protected by 2FA:
Things 2FA/2SV might not protect:
|
Beta Was this translation helpful? Give feedback.
-
Updated my comment with the following changes: Things 2FA protected in the past, but are now no longer protected by 2FA or 2SV:
Seriously Apple‽ I honestly can't believe that in addition to 2FA/2SV being so segmented, convoluted, and poorly thought out for years now, items which used to be protected by 2FA are now being left unprotected! This is just ridiculous for a company as large and detail-oriented as Apple. |
Beta Was this translation helpful? Give feedback.
-
Updated my comment with the following changes: Things both 2FA and 2SV protect:
|
Beta Was this translation helpful? Give feedback.
-
Updated my comment with the following changes:
Things both 2FA and 2SV protect:
Things that 2SV now protects, in addition to already being protected by 2FA:
|
Beta Was this translation helpful? Give feedback.
-
Apple Migrating iOS 11 and macOS High Sierra Users With Two-Step Verification to Two-Factor Authentication |
Beta Was this translation helpful? Give feedback.
-
http://techcrunch.com/2015/02/12/apple-adds-more-security-to-imessage-and-facetime-with-two-factor-authentication/
Btw, should these services be added separately from Apple's "retail" entry?
Beta Was this translation helpful? Give feedback.
All reactions