-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Apple iMessage/Facetime #975
Comments
If they're separate from your retail account, then yes. I'm not an Apple user, but I'm pretty sure they are. Aren't iMessage/FT part of iCloud? I thought that already had TFA? |
@RichJeanes iMessage & FaceTime are separate from iCloud. |
Iirc it's all the same account, but apparently different products have different authentication mechanisms. |
Apple has two different systems for additional verification.
As of March 21st, 2016, 2FA is available for all Apple IDs. In order to enable it, ensure you are running at least OS X El Capitan or iOS 9.3, and follow the instructions available here. If you still receive an error indicating that your account isn't eligible to enable 2FA, ensure all devices connected to your account are updated to the latest macOS or iOS version and try enabling the feature on an iOS device running the latest, non-beta version of iOS 9.3 or above. Only certain parts of your account are protected by 2SV. Currently, both 2FA enabled from a supported device and 2SV enabled from the Manage Your Apple ID page protect:
iCloud Keychain has separate SMS/software 2FA that is required and is enabled even if you don't have 2FA/2SV on your Apple ID. While 2SV doesn't protect, 2FA still protects:
2FA/2SV might not protect:
Neither 2FA NOR 2SV protect:
FAQs:
|
Why? Just... Why? |
@RichJeanes most big companies provide bad security for it's customers. If it's not outside threats it's the company itself. No matter what OS your phone runs it's vulnerable. Apple, Google, Windows. Not to mention the 3d parties of the Android OS.... |
@RichJeanes I know. At least Google and Microsoft's 2FA protect everything. I don't understand why Apple can't just use one SSO server with one sign in page for everything. |
@jamcat22 They have so many different systems that it's difficult to use a single authentication method. They coded themselves into a corner. |
@mxxcon 😄 |
Just updated my previous comment with the following changes: Things 2SV also protects:
Things that 2SV didn't protect but are now protected:
Things 2SV also does not protect:
|
Maybe we should find a way to group big websites together... Just thinking... |
Apple is so disparate in their sign-on services that we could (almost?) justify creating an "Apple" category... |
@RichJeanes I get the idea but no, haha. I won't stand for that =] If anything, why not put @jamcat22's analysis into a note and then link to that for the docs? |
Actually, @RichJeanes. This would be the perfect time to use the You can create an exception and then turn that on and it will link there with more details. It was sort of a half-ass idea that isn't even being used so it might need to be worked on. |
@jdavis how does the exception link even work? I have been wondering about that for ages. |
Where does the link go? How do you set it? Is it a separate link from the doc file? |
Updated my comment again with the following changes:
Things 2SV also protects:
Things 2SV also does not protect:
|
@jdavis Can you please explain how the exception link function works? Where does the link go? Can you define where the link goes? Can you have text in the exception box at the same time? |
Updated my comment again with the following changes: Things that 2SV didn't protect but are now protected:
|
Updated my comment with the following changes:
Things 2SV also protects:
Things 2SV might not protect:
Things that 2SV didn't protect but are now protected:
Things 2SV also does not protect:
|
Updated my comment with the following changes: Things 2SV also might not protect:
If anyone has a screenshot of iTunes for Desktop requiring a verification code, please comment below. Things 2SV also does not protect: |
Updated my comment and other comments with the following changes:
Things that 2SV didn't protect but are now protected:
Things 2SV also does not protect:
|
@jamcat22 you missed a dot somewhere in that comment. |
@Carlgo11 Bring. It. On. |
Updated my comment and other comments with the following changes:
Things that 2SV didn't protect but are now protected:
Things 2SV also does not protect:
|
Updated my comment with the following changes:
Things that 2SV didn't protect but are now protected:
[Important side note: While the Apple Store Account (payment info) page is now protected by the newest version of their sign in page, the main Apple website login (also used for the Apple Store) is still not. This means people can make purchases without using 2SV, but they cannot modify billing info.]
By the way, have you guys seen the new Apple ID website? It's amazing. Still nowhere near as complex as Microsoft or Google though. |
Updated my comment with the following changes:
Things neither 2FA nor 2SV protect:
|
What about make a |
@Carlgo11 I'm thinking of either doing that, or linking directly to this issue, depending on if we can have notes pages with Markdown. I'd be open to coding it in HTML, but then it won't look quite as nice. |
Updated my comment with the following changes:
Things both 2FA and 2SV protect:
|
Updated my comment with the following changes:
Things that might not be protected by 2FA/2SV:
Things that 2FA didn't protect that are now protected, yet are still not protected by 2SV:
Things both 2FA and 2SV protect:
Things that 2FA protects, but aren't protected by 2SV:
|
Updated my comment with the following changes:
Things both 2FA and 2SV protect:
Things that 2SV now protects, in addition to already being protected by 2FA:
Things 2FA/2SV might not protect:
|
Updated my comment with the following changes: Things 2FA protected in the past, but are now no longer protected by 2FA or 2SV:
Seriously Apple‽ I honestly can't believe that in addition to 2FA/2SV being so segmented, convoluted, and poorly thought out for years now, items which used to be protected by 2FA are now being left unprotected! This is just ridiculous for a company as large and detail-oriented as Apple. |
Updated my comment with the following changes: Things both 2FA and 2SV protect:
|
Updated my comment with the following changes:
Things both 2FA and 2SV protect:
Things that 2SV now protects, in addition to already being protected by 2FA:
|
Apple Migrating iOS 11 and macOS High Sierra Users With Two-Step Verification to Two-Factor Authentication |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
http://techcrunch.com/2015/02/12/apple-adds-more-security-to-imessage-and-facetime-with-two-factor-authentication/
Btw, should these services be added separately from Apple's "retail" entry?
The text was updated successfully, but these errors were encountered: