If you're new to AirPods, considering buying a pair, or just want to pick up some new tips.
AirPods and AirPower: Everything We Know
Apple Begins Reminding Two-Factor Authentication Users About App-Specific Passwords
Apple has begun emailing iCloud users who have enabled two-factor authentication on their Apple IDs, reminding them that application specific passwords will be required when trying to access iCloud data on third party apps starting tomorrow.
In addition to the email reminders, Apple last week published a new support document educating users on how to use app-specific passwords. While the feature was originally intended to require the feature on October 1, it's unclear why two-factor authentication users are being reminded of it a week later.
App-specific passwords are a new feature Apple introduced in mid-September, following the launch of two-factor authentication for accessing iCloud.com. The changes arrived after a hacking incident that saw the iCloud accounts of several celebrities compromised due to weak passwords.
CEO Tim Cook has promised to improve iCloud security by increasing awareness around Apple's security features like two-factor authentication as well as a sending out email notifications whenever a device is restored, an account is accessed or a password change is attempted.
In addition to the email reminders, Apple last week published a new support document educating users on how to use app-specific passwords. While the feature was originally intended to require the feature on October 1, it's unclear why two-factor authentication users are being reminded of it a week later.
App-specific passwords are a new feature Apple introduced in mid-September, following the launch of two-factor authentication for accessing iCloud.com. The changes arrived after a hacking incident that saw the iCloud accounts of several celebrities compromised due to weak passwords.
CEO Tim Cook has promised to improve iCloud security by increasing awareness around Apple's security features like two-factor authentication as well as a sending out email notifications whenever a device is restored, an account is accessed or a password change is attempted.
[ 48 comments ]
Top Rated Comments
(View all)
57 months ago
A ridiculous bandaid fix for their apparently weak password reset system. Three security questions, and anyone gets in without a verification email. So you have to bother with this annoying double authentication system. I might as well just make my security answers random codes themselves rather than dealing with this.
I remember Gmail somehow not working properly with third-party mail clients after they messed with their authentication system like this. I was too lazy to negotiate with it and switched to iCloud email as my "anonymous/internet" account.
People complain about eeeeverything!!!!! :rolleyes:
57 months ago
Had to Quickly Remind Myself...
When I read that email, I immediately though "Dammit that sounds so inconvenient" but I took a few steps back and realized how helpful that will be. I appreciate Apple's multiple levels of security:apple::cool:
When I read that email, I immediately though "Dammit that sounds so inconvenient" but I took a few steps back and realized how helpful that will be. I appreciate Apple's multiple levels of security:apple::cool:
57 months ago
Yeah, I should. On computers, everything has to work (1 - 10^(-9000))*100% of the time.
Oh kid, welcome to life, if there's something that doesn't work at 100% all the time are computers, you are going to have a bad life thinking computers should work (1 - 10^(-9000))*100% of the time.
Welcome to the real world, you can complain all you want, but technology has it flaws..
57 months ago
A ridiculous bandaid fix for their apparently weak password reset system. Three security questions, and anyone gets in without a verification email. So you have to bother with this annoying double authentication system to avoid that... or provide bogus security answers. I might as well just make my security answers random codes themselves rather than dealing with this. My first pet was Aahs8y238899_!!3.
I remember Gmail randomly rejecting authentication from third-party mail clients after they messed with their authentication system like this. I was too lazy- er, I mean optimized to try and fix it and switched to iCloud email as my "anonymous/internet" account instead.
This is basically how gmail works because 3rd party apps have no cookie mechanism & challenge follow-up. You need app specific passwords.
Apple's implementation is exactly like Google except you have more trusted device than SMS.
57 months ago
A ridiculous bandaid fix for their apparently weak password reset system. Three security questions, and anyone gets in without a verification email. So you have to bother with this annoying double authentication system to avoid that... or provide bogus security answers. I might as well just make my security answers random codes themselves rather than dealing with this. My first pet was Aahs8y238899_!!3.
So in place of two-factor authentication, what would you propose to better secure your account information?
I think we have years of break ins and empirical evidence to show that passwords alone are inadequate security measure.
I remember Gmail randomly rejecting authentication from third-party mail clients after they messed with their authentication system like this. I was too lazy- er, I mean optimized to try and fix it and switched to iCloud email as my "anonymous/internet" account instead.
Too funny, considering that once you tie an iCloud account to any device, it ceases to be anonymous.
57 months ago
Trying to figure out why I don't worry about lockscreens or passwords or 2 step authentication or app-specific pswds and all that...
I think it's a pretty well-founded lack of faith in corporations or governments in matters of respecting personal privacy, that I don't take nudes or hardcore action pics & vids of myself doing career-ruining things and keep them handy on my phone.
On top of that, I don't put any factual personal information on these devices whatsoever. Everything I have digitally refers to a nickname, a made-up business name, an outdated work address, a phone number typo'd by a digit, etc.
Even if I were an 18 year old actress, if someone guessed my password, they'd be very bored and confused.
I think it's a pretty well-founded lack of faith in corporations or governments in matters of respecting personal privacy, that I don't take nudes or hardcore action pics & vids of myself doing career-ruining things and keep them handy on my phone.
On top of that, I don't put any factual personal information on these devices whatsoever. Everything I have digitally refers to a nickname, a made-up business name, an outdated work address, a phone number typo'd by a digit, etc.
Even if I were an 18 year old actress, if someone guessed my password, they'd be very bored and confused.
57 months ago
I have enabled on both iCloud and in Gmail/Google Service.
Here is my take.
They're both essentially the same method.
You create app specific passwords and the system generates a random password like this:
kgoi-ytbe-fdgb-poyc
So instead of using your icloud email password for Thunderbird or regular gmail password,you use that random password.
I do this because I run Linux and use Thunderbird to access both gmail/icloud on Linux. I do this on Windows outlook for the same reason. That password would only be used for mail or calendaring. So you won't use that for iTunes purchases or log into your iCloud account.
The reason why you have this is because with 2-factor, there is a follow-up pin and you can't enter in a follow-up pin in 3rd party apps.
I just set up my HTC to connect to iCloud.
There are some differences:
Apple has a limit of 25 devices/app passwords. I can't see any for Google.
Google use a pre-set pull down for the description whereas Apple allows you to type in the description.
E.G. "IMAP password for WinTablet" or "CalDav on Linux Desktop" whereas Google has a list of OS/phones/apps.
Both can revoke.
Lastly, I like Apple's ability to use a non-phone as a trusted device. You can have multiple. I use my iPhone and iPad.
I have my iPad get the code and it works great. I also like Apple's device section where you can revoke devices. I had a few iPod and old iPhones on my list didn't know!
But you have to explicitly tell Apple which device you want trusted. It isn't going to send random codes to an iPhone you sold on Craigslist.
Google uses SMS text messages. This could possibly be intercepted. Who knows. If you have a SMS proxy account, that is one vector of attack.
One more thing...
When Apple sends the temp pin, you have to unlock your phone to see it. It is hidden in the notification view.
On my Android phone, the notification temp-pin from Gmail is a SMS text message and I don't need to be unlocked to see it. It pops up as a text message with the code right there for anyone to see. This is on a locked password protected pin.
That is definitely something Apple got right.
Here is my take.
They're both essentially the same method.
You create app specific passwords and the system generates a random password like this:
kgoi-ytbe-fdgb-poyc
So instead of using your icloud email password for Thunderbird or regular gmail password,you use that random password.
I do this because I run Linux and use Thunderbird to access both gmail/icloud on Linux. I do this on Windows outlook for the same reason. That password would only be used for mail or calendaring. So you won't use that for iTunes purchases or log into your iCloud account.
The reason why you have this is because with 2-factor, there is a follow-up pin and you can't enter in a follow-up pin in 3rd party apps.
I just set up my HTC to connect to iCloud.
There are some differences:
Apple has a limit of 25 devices/app passwords. I can't see any for Google.
Google use a pre-set pull down for the description whereas Apple allows you to type in the description.
E.G. "IMAP password for WinTablet" or "CalDav on Linux Desktop" whereas Google has a list of OS/phones/apps.
Both can revoke.
Lastly, I like Apple's ability to use a non-phone as a trusted device. You can have multiple. I use my iPhone and iPad.
I have my iPad get the code and it works great. I also like Apple's device section where you can revoke devices. I had a few iPod and old iPhones on my list didn't know!
But you have to explicitly tell Apple which device you want trusted. It isn't going to send random codes to an iPhone you sold on Craigslist.
Google uses SMS text messages. This could possibly be intercepted. Who knows. If you have a SMS proxy account, that is one vector of attack.
One more thing...
When Apple sends the temp pin, you have to unlock your phone to see it. It is hidden in the notification view.
On my Android phone, the notification temp-pin from Gmail is a SMS text message and I don't need to be unlocked to see it. It pops up as a text message with the code right there for anyone to see. This is on a locked password protected pin.
That is definitely something Apple got right.
57 months ago
A ridiculous bandaid fix for their apparently weak password reset system.
This is an industry-wide and fairly secure solution, used by the likes of Google, Microsoft, and Yahoo.
57 months ago
It's just very unclear who would use app-specific passwords and who wouldn't, how they would be used, and how they would benefit the user.
If you want third party apps to have access to your iCloud account (eg. Outlook), you create a specific password for Outlook to use.
The app does not know your real iCloud password, and you can revoke the app specific password if you want to.
57 months ago
Yeah, I should. On computers, everything has to work (1 - 10^(-9000))*100% of the time. Leave the possibility for error to SHA-256 collisions and cosmic radiation flipping bits, not stupidly designed systems and human error.
[ Read All Comments ]
Twitter today launched its Twitter Prototype Program and is accepting applications from people who want to beta test new Twitter features on iOS devices. Twitter's tests will be done through a...
Shazam, the song discovery app that's now owned by Apple, received a minor bug fix update last week, which, according to AppFigures, removes all third-party SDKs.
Shazam for iOS is no longer...
As of February 27, 2019, Apple is requiring that all Developer accounts with an Account Holder role be secured with two-factor authentication in order to ensure that only the account owner is able to...
Apple today seeded the third beta of an upcoming tvOS 12.2 update to its public beta testing group, one day after providing the beta to developers and a week after releasing the second tvOS 12.2...
Apple today released a new update for Safari Technology Preview, the experimental browser Apple first introduced three years ago in March 2016. Apple designed the Safari Technology Preview to test...
Satechi has offered a few options for iMac stands over the past few years, allowing customers a chance to elevate their iMac for a more ergonomic workspace, and gain access to a limited number of...
British audio equipment maker Bowers & Wilkins is expected to release its first AirPlay 2-enabled receivers in the near future.
A pair of new Bowers & Wilkins receivers named...
Google's "Keep" app for taking notes and making lists today expanded to the Apple Watch, allowing the app's users to use the note taking and list making functionality right on their...
