On the market for an iPhone? Here's a breakdown of all the currently shipping iPhones from Apple.
Apple Begins Reminding Two-Factor Authentication Users About App-Specific Passwords
Apple has begun emailing iCloud users who have enabled two-factor authentication on their Apple IDs, reminding them that application specific passwords will be required when trying to access iCloud data on third party apps starting tomorrow.
In addition to the email reminders, Apple last week published a new support document educating users on how to use app-specific passwords. While the feature was originally intended to require the feature on October 1, it's unclear why two-factor authentication users are being reminded of it a week later.
App-specific passwords are a new feature Apple introduced in mid-September, following the launch of two-factor authentication for accessing iCloud.com. The changes arrived after a hacking incident that saw the iCloud accounts of several celebrities compromised due to weak passwords.
CEO Tim Cook has promised to improve iCloud security by increasing awareness around Apple's security features like two-factor authentication as well as a sending out email notifications whenever a device is restored, an account is accessed or a password change is attempted.
In addition to the email reminders, Apple last week published a new support document educating users on how to use app-specific passwords. While the feature was originally intended to require the feature on October 1, it's unclear why two-factor authentication users are being reminded of it a week later.
App-specific passwords are a new feature Apple introduced in mid-September, following the launch of two-factor authentication for accessing iCloud.com. The changes arrived after a hacking incident that saw the iCloud accounts of several celebrities compromised due to weak passwords.
CEO Tim Cook has promised to improve iCloud security by increasing awareness around Apple's security features like two-factor authentication as well as a sending out email notifications whenever a device is restored, an account is accessed or a password change is attempted.
[ 48 comments ]
Top Rated Comments
(View all)
69 months ago
A ridiculous bandaid fix for their apparently weak password reset system. Three security questions, and anyone gets in without a verification email. So you have to bother with this annoying double authentication system. I might as well just make my security answers random codes themselves rather than dealing with this.
I remember Gmail somehow not working properly with third-party mail clients after they messed with their authentication system like this. I was too lazy to negotiate with it and switched to iCloud email as my "anonymous/internet" account.
People complain about eeeeverything!!!!! :rolleyes:
69 months ago
Had to Quickly Remind Myself...
When I read that email, I immediately though "Dammit that sounds so inconvenient" but I took a few steps back and realized how helpful that will be. I appreciate Apple's multiple levels of security:apple::cool:
When I read that email, I immediately though "Dammit that sounds so inconvenient" but I took a few steps back and realized how helpful that will be. I appreciate Apple's multiple levels of security:apple::cool:
69 months ago
Yeah, I should. On computers, everything has to work (1 - 10^(-9000))*100% of the time.
Oh kid, welcome to life, if there's something that doesn't work at 100% all the time are computers, you are going to have a bad life thinking computers should work (1 - 10^(-9000))*100% of the time.
Welcome to the real world, you can complain all you want, but technology has it flaws..
69 months ago
A ridiculous bandaid fix for their apparently weak password reset system. Three security questions, and anyone gets in without a verification email. So you have to bother with this annoying double authentication system to avoid that... or provide bogus security answers. I might as well just make my security answers random codes themselves rather than dealing with this. My first pet was Aahs8y238899_!!3.
I remember Gmail randomly rejecting authentication from third-party mail clients after they messed with their authentication system like this. I was too lazy- er, I mean optimized to try and fix it and switched to iCloud email as my "anonymous/internet" account instead.
This is basically how gmail works because 3rd party apps have no cookie mechanism & challenge follow-up. You need app specific passwords.
Apple's implementation is exactly like Google except you have more trusted device than SMS.
69 months ago
A ridiculous bandaid fix for their apparently weak password reset system.
This is an industry-wide and fairly secure solution, used by the likes of Google, Microsoft, and Yahoo.
69 months ago
It's just very unclear who would use app-specific passwords and who wouldn't, how they would be used, and how they would benefit the user.
If you want third party apps to have access to your iCloud account (eg. Outlook), you create a specific password for Outlook to use.
The app does not know your real iCloud password, and you can revoke the app specific password if you want to.
69 months ago
Yeah, I should. On computers, everything has to work (1 - 10^(-9000))*100% of the time. Leave the possibility for error to SHA-256 collisions and cosmic radiation flipping bits, not stupidly designed systems and human error.
69 months ago
I have enabled on both iCloud and in Gmail/Google Service.
Here is my take.
They're both essentially the same method.
You create app specific passwords and the system generates a random password like this:
kgoi-ytbe-fdgb-poyc
So instead of using your icloud email password for Thunderbird or regular gmail password,you use that random password.
I do this because I run Linux and use Thunderbird to access both gmail/icloud on Linux. I do this on Windows outlook for the same reason. That password would only be used for mail or calendaring. So you won't use that for iTunes purchases or log into your iCloud account.
The reason why you have this is because with 2-factor, there is a follow-up pin and you can't enter in a follow-up pin in 3rd party apps.
I just set up my HTC to connect to iCloud.
There are some differences:
Apple has a limit of 25 devices/app passwords. I can't see any for Google.
Google use a pre-set pull down for the description whereas Apple allows you to type in the description.
E.G. "IMAP password for WinTablet" or "CalDav on Linux Desktop" whereas Google has a list of OS/phones/apps.
Both can revoke.
Lastly, I like Apple's ability to use a non-phone as a trusted device. You can have multiple. I use my iPhone and iPad.
I have my iPad get the code and it works great. I also like Apple's device section where you can revoke devices. I had a few iPod and old iPhones on my list didn't know!
But you have to explicitly tell Apple which device you want trusted. It isn't going to send random codes to an iPhone you sold on Craigslist.
Google uses SMS text messages. This could possibly be intercepted. Who knows. If you have a SMS proxy account, that is one vector of attack.
One more thing...
When Apple sends the temp pin, you have to unlock your phone to see it. It is hidden in the notification view.
On my Android phone, the notification temp-pin from Gmail is a SMS text message and I don't need to be unlocked to see it. It pops up as a text message with the code right there for anyone to see. This is on a locked password protected pin.
That is definitely something Apple got right.
Here is my take.
They're both essentially the same method.
You create app specific passwords and the system generates a random password like this:
kgoi-ytbe-fdgb-poyc
So instead of using your icloud email password for Thunderbird or regular gmail password,you use that random password.
I do this because I run Linux and use Thunderbird to access both gmail/icloud on Linux. I do this on Windows outlook for the same reason. That password would only be used for mail or calendaring. So you won't use that for iTunes purchases or log into your iCloud account.
The reason why you have this is because with 2-factor, there is a follow-up pin and you can't enter in a follow-up pin in 3rd party apps.
I just set up my HTC to connect to iCloud.
There are some differences:
Apple has a limit of 25 devices/app passwords. I can't see any for Google.
Google use a pre-set pull down for the description whereas Apple allows you to type in the description.
E.G. "IMAP password for WinTablet" or "CalDav on Linux Desktop" whereas Google has a list of OS/phones/apps.
Both can revoke.
Lastly, I like Apple's ability to use a non-phone as a trusted device. You can have multiple. I use my iPhone and iPad.
I have my iPad get the code and it works great. I also like Apple's device section where you can revoke devices. I had a few iPod and old iPhones on my list didn't know!
But you have to explicitly tell Apple which device you want trusted. It isn't going to send random codes to an iPhone you sold on Craigslist.
Google uses SMS text messages. This could possibly be intercepted. Who knows. If you have a SMS proxy account, that is one vector of attack.
One more thing...
When Apple sends the temp pin, you have to unlock your phone to see it. It is hidden in the notification view.
On my Android phone, the notification temp-pin from Gmail is a SMS text message and I don't need to be unlocked to see it. It pops up as a text message with the code right there for anyone to see. This is on a locked password protected pin.
That is definitely something Apple got right.
69 months ago
A ridiculous bandaid fix for their apparently weak password reset system. Three security questions, and anyone gets in without a verification email. So you have to bother with this annoying double authentication system to avoid that... or provide bogus security answers. I might as well just make my security answers random codes themselves rather than dealing with this. My first pet was Aahs8y238899_!!3.
So in place of two-factor authentication, what would you propose to better secure your account information?
I think we have years of break ins and empirical evidence to show that passwords alone are inadequate security measure.
I remember Gmail randomly rejecting authentication from third-party mail clients after they messed with their authentication system like this. I was too lazy- er, I mean optimized to try and fix it and switched to iCloud email as my "anonymous/internet" account instead.
Too funny, considering that once you tie an iCloud account to any device, it ceases to be anonymous.
69 months ago
Trying to figure out why I don't worry about lockscreens or passwords or 2 step authentication or app-specific pswds and all that...
I think it's a pretty well-founded lack of faith in corporations or governments in matters of respecting personal privacy, that I don't take nudes or hardcore action pics & vids of myself doing career-ruining things and keep them handy on my phone.
On top of that, I don't put any factual personal information on these devices whatsoever. Everything I have digitally refers to a nickname, a made-up business name, an outdated work address, a phone number typo'd by a digit, etc.
Even if I were an 18 year old actress, if someone guessed my password, they'd be very bored and confused.
I think it's a pretty well-founded lack of faith in corporations or governments in matters of respecting personal privacy, that I don't take nudes or hardcore action pics & vids of myself doing career-ruining things and keep them handy on my phone.
On top of that, I don't put any factual personal information on these devices whatsoever. Everything I have digitally refers to a nickname, a made-up business name, an outdated work address, a phone number typo'd by a digit, etc.
Even if I were an 18 year old actress, if someone guessed my password, they'd be very bored and confused.
[ Read All Comments ]
Instagram is dropping the IGTV button from the top-right corner of the app's home screen because not enough people are interacting with it.
First launched in June 2018, IGTV is...
Epic Games' latest update to the iOS version of popular battle royale title Fortnite that enables iPad Pro owners to run the game at 120 frames per second.
iPad Pro owners wanting to make...
Apple CEO Tim Cook has taken to Twitter this weekend to share a behind-the-scenes look at the making of new Apple TV+ show "Little America."
The entire first season of the immigrant...
It was a busy week of rumors as we hit the middle of January, with reports about updates to Face ID in the iPhone 12 lineup later this year, signs of a new Mac notebook coming soon, and word that...
Apple has inked a deal for a docuseries called "Dear..." that profiles famous people using an "inventive and cinematic approach" that involves letters written by people whose lives...
Amazon is no longer selling new versions of the Apple Watch Series 4 and Series 5 models through its online store in the United States, with the listings disappearing earlier today.
There is no...
Asphalt 9: Legends, a game that was ported to the Mac using Apple's Mac Catalyst tools, is now available for download from the Mac App Store.
The app was one of the titles that Apple...
Apple is expanding its presence in Germany with plans to open a new office building in Munich, Germany, according to German news site Süddeutsche Zeitung.
Located in the "Karl" office...
