- #Find my iphone icloud 2 step verification code
- #Find my iphone icloud 2 step verification password
- #Find my iphone icloud 2 step verification Bluetooth
- #Find my iphone icloud 2 step verification mac
However, much like Google’s solution to the problem, it’s not convenient and for it to work you must always carry this recovery key with you. When setting up 2FA, Apple provides you with a recovery key which the company could elect to use as a second factor of authentication for Find My iPhone. While printing out codes is no where near the most secure thing you can do, Google is offering a solution to the problem. Google, for example, allows you to print 10 one-time codes that you can use for their two-factor authentication on Android. Apple is a company that does not want to sacrifice security for convenience or visa versa, so tackling these challenges is especially difficult for them. I believe that Apple could add some extra security measures to help prevent against these types of attacks, and I think that Apple is already doing a great job of this in their products. security, which has been a challenge for consumer electronic companies, like Apple, for a long time. The second is the argument of convenience vs.
#Find my iphone icloud 2 step verification password
The first being that most attacks can be avoided by using a strong randomized password that you change on a three to six month basis. The main argument of Haresh’s post draws us back to two fundamental issues in security. Another problem with this approach from Apple’s standpoint is that by adding security questions and answers there is an additional layer of complexity that makes it harder for the user to achieve their goal of locating their device. While this would definitely work, most users’ answers to these questions would be easy to guess based on publicly available information on social media sites like Facebook and Twitter. Haresh then mentions another alternative, which would be to have secret security questions be a second layer of authentication for Find My iPhone. Generally, Pattern Matching could be a part of a bigger solution to the problem, but it does not cover all the edge cases in and of itself. Of course, Apple would have to look at more than just location. I agree that this could definitely work, but if you lose your iPhone in one country and then travel to another before noticing you lost it (say in your baggage at the airport), the legitimate request to wipe the phone or mark it as lost would be invalidated because of Pattern Matching. Apple could use location information of the request to detect if the iPhone and the device logged into Find My iPhone are in the same general area (or even city). In his blog post, Haresh mentions Pattern Monitoring as a means to make it more difficult for an attacker to gain access to Find My iPhone. The real debate should be whether or not Apple should add extra security features to Find My iPhone, which cannot be 2FA because that would defeat the purpose of having the feature in the first place. The debate on whether Apple should add 2FA to Find My iPhone is irrelevant. While this argument is valid, a feature like Find My iPhone relies on that convenient access to allow a user to quickly lock or wipe their device if its lost or stolen. Others may argue that this is not a valid argument because it gives a hacker too much power to anyone who knows your Apple ID and password.
#Find my iphone icloud 2 step verification code
Apple also allows you to send the 2FA code to another phone number, however, there are definitely cases where a user would not have access to another device to send it to.
#Find my iphone icloud 2 step verification Bluetooth
However, this will not work because Continuity requires your iPhone to be in Bluetooth or Wi-Fi range, which would be impractical in almost all situations.
#Find my iphone icloud 2 step verification mac
Some may argue that you would still be able to get the 2FA code on your iPad or Mac using Apple’s new Continuity feature, which allows users to send and receive SMS messages from their other devices. The reason is because if you lose your iPhone, receiving a 2FA code via SMS on that same iPhone would be completely useless. Indeed, the lack of 2FA on Find My iPhone can be exploited as a vulnerability but given the nature of the feature, Apple cannot add 2FA to the feature. “If Apple doesn’t find a way to restrict Find My Phone to device owners, it will continue to put its users data and privacy in jeopardy.”