Is there a flaw with two step verification?
hello all,
apologies if if this is posted in the wrong community. I couldn't see a community associated with security.
So, am I going mad?
i have setup 2 step verification/authentication with my apple id. I have nominated 2 mobile phones and my iPad. If I am using my ipad, and I for instance sign into icloud.com, I am asked to choose a device to send a verification code to. If I choose my iPad, then the code is popped up on screen in front of the icloud login. I then continue to login by entering the verification code.
mmmh. Does this not feel strange? I feel this is a little flawed..
lets say someone manages to get my iPad and successfully unlocks it. They could open safari, navigate to icloud.com, Safari automatically enters the credentials - my email and appleid password, and then asks me to choose my iPad for the verification code. Oh Deary me.
Yes, I understand they need to go through all these steps, successfully unlock the ipad, etc., etc.. But my point being, the registered device I am using to access the apple service (e.g. My iPad), should not be listed as a valid device to receive the verification code even if it's listed as a registered device. What should happen is only the 2 mobile phones I have registered are eligible to receive the verification code (When I am using my iPad), and are the only 2 available options.
IF I were to use my iPhone for instance to access apple services, then this iPhone is omitted from the available registered devices to receive the verification code and then my iPad and the other mobile phone are listed.
hope this makes sense.. Grateful for a discussion. Am I correct in saying this shouldn't be possible?
thanks
paul. Aka Aminuts
Closing thread as posted on iPhone discussion.
https://discussions.apple.com/message/26750074#26750074
Similar Messages
-
Last year, my backpack containing my laptop and phone were stolen. My Recovery Key was saved as a screenshot on the laptop and on the phone and I have no other copy. I remotely wiped both devices. I had no insurance for such circumstances and replaced them at my own expense but I cannot access my AppleID account because Two-Step Verification is active and my old telephone number was replaced and I no longer have access to it. I can live with losing the devices as a result of my own stupidity, but Apple claims they are unable to restore my access to my old account in spite of the special circumstances. Apple can confirm my identity via my bank details and my email address but they do not seem to care. I've lost access to my music, software, calendars etc. I have a new AppleID - I had no other option but to set one up - but it irks me that Apple is unwilling to transfer purchases made on my old AppleID to my new one. I am considering taking legal action to regain my purchases and wonder if anybody else has found themselves in a similar situation.
If apple tracked deviced they sold they would be violating a great number of privicy laws and would face class action and criminal lawsuits in most of the western countries
-
Ios8 upgrade with two step verification
I have and iPhone 5 and two step verification in place. When I first upgraded to iOS 8 the upgrade process asked for my verification number. I first chose iPhone, but I did not get a code. I then went back and selected SMS to the phone number that I was upgrading. Then the upgrade went though without me entering anything. I'm assuming that iOS 8 just read my SMS message and went through with the upgrade. I'm about to do the same with my daughter's (she has her own Apple ID and two step verification) iPhone 4s and I assume that it will work the same way?
I could not find any detailed information on Apple's web site pertaining to this.Hi Les,
If you've been asked to wait, I would try going back through the process to start two-step verification as described here:
Apple ID: Frequently asked questions about two-step verification for Apple ID
http://support.apple.com/kb/HT5570
Set up two-step verification at My Apple ID (appleid.apple.com):
Select "Manage your Apple ID" and sign in.
Select "Password and Security."
Under Two-Step Verification, select Get Started and follow the onscreen instructions.
That article also explains why you had to wait, in case you were at all curious:
Why was I asked to wait before setting up two-step verification?
As a basic security measure, Apple does not allow two-step verification setup to proceed if any significant changes have recently been made to your account information. Significant changes can include a password reset or new security questions. This waiting period helps Apple ensure that you are the only person accessing or modifying your account. While you are in this waiting period, you can continue using your account as usual with all Apple services and stores.
Apple will send an email to all the addresses you have on file notifying you of the waiting period and encouraging you to contact Apple Support if you think that someone else has unauthorized access to your account. You will be able to return to set up two-step verification after the date listed on your Apple ID account page and in the email that you receive.
Note: When your waiting period is over, you will have 30 days to complete two-step verification setup. If you attempt to complete setup after 30 days have passed or if you have made significant changes to your account during that time, another waiting period may be triggered.
Take care, Les!
- Ari -
Gmail won't work in Mail with two step verification.
I have been hacked several times with google's email service by people in China and I decided to try their two step verification to add some security. But when I try to add the account on my mac mail list it says that it is offline and the app specific password doesn't work. I have changed the app specific password three times and all of them don't work. Please help!
Eliminate Mail by testing in Postbox and MailMate. Both have demos.
http://www.postbox-inc.com/
http://freron.com
If you cannot set an app specific password for these apps then the problem is with your account. It's difficult to actually get Gmail support so your best option might be to delete this account. Set up a new account with two step authentication immediately.
You also have other options for getting a free email account. Set up an Apple iCloud email or get an Outlook.com (previously Hotmail.com, Live.com, MSM.com).
Whatever you do you need to do the two step authentication. -
Mail app and google account with two step verification fail
Hi,
I try to add my gmail account to Mail app, but it says that login or password is incorrect. I'm using google 2 step verification, that means that I should generate an app-special password each time I use a new application with this google account. I've generated the password for gmail app and logged in successfully, but it doesn't work for Mail app (each application has it's own password).
iOS 5.1.1 (9B206).
Gmail app v. 1.2.7182
Thank you in advance.Аnonym wrote:
I've read every discussion about that problem, though I found no solution there. So I started another one.
I'm sorry. You misunderstood what I was saying - or perhaps I should say that I said it wrong. I meant that I was unfamiliar with this problem - that's all that I meant.
The link for 4.0 is simply for iPads that are running iOS 4.0 or higher. That is what the link refers to. This is copied from the website
Note: These setup instructions are for Apple devices running software version 4.0.
View instructions for older software.
It does not state it specifically, but it means 4.0 or higher. Google hasn't updated anything further for higher than iOS 5 that's all.
But if you checked it out already or don't want to check it out because you think it doesn't apply - that's your prerogative.
EDIT - your problem was solved as soon as I posted. Glad you got it all worked out! -
[solved] Google online account with two-step verification
After upgrade, I can no longer log in to my gtalk account on empathy. The Online Account dialogue box gives the error "Expired credentials. Please log in again". But repeated log in comes back to the same message. Anyone experiencing similar problem?
Last edited by mathfeel (2012-11-15 19:42:38)I realize this is marked as solved, but as none of the fixes worked for me, I figured I would put what I did to solve the problem.
https://bugzilla.gnome.org/show_bug.cgi?id=688364#c2
In this thread, comment 10 gives instructions for using an application specific password instear of the regular google password that seahorse is storing. I did this, logged in, and everything started working, with no errors. Hopefully this will help someone else looking for an answer.
Ivan [reporter] 2012-11-15 16:39:40 UTC
However I found a way to fix, thanks @Ionut showing a path
In my GOA_ entry I edited 'password' field
So I removed my generic google password and inserted google application
password, I got in my 2-factor authentication page. So it's working fine now,
but it should be fixed I think ti work out of box
Ivan [reporter] 2012-11-20 03:20:38 UTC
(In reply to comment #20)
> Use Seahorse to look at your keyring and try to locate the entry associated
> with your Google account. (Hint: You can put "GOA" in the search bar to filter
> the view to show only things stored by GOA.)
>
> You will see that it has a dictionary. Locate the key called "password".
> Replace the value associated with that key with your application specific
> password.
Yes. Check the show password, you'll see a long GOA_ string. At the end you'll
see your google password. If you enable 2-factor auth and reproduces a bug, you
should make an application password in google account and replace your google
password in seahorse with it. Logoff and login again after solves the
"expiration" problem -
I need to setup Two-Step Verification but iraq not in location
hello ...
i have some trouble with two step verification ... when i go to https://appleid.apple.com/ and enter to my account and go to "password and security" and enter my security answer
after i answer my security questions i seen "Two-Step Verification" but when i click on get started .. i stopped in choose a number for trust device because i can't found "iraq" in country choose ... how i can setup verification with out send sms to my number .. i want to setup two step verification and linked my account to my device .. but i tell you before .. iraq not in choose country then i can't compete my issues ... so .. can i have some help with another way .. or right way .. please ?
my respect all of youHello Hmoda aliraqi,
Two-step verification is not currently available in Iraq.
Which countries is two-step verification available in?
Two-step verification is available in the countries below. When additional countries are added, two-step verification automatically appears in the Password and Security section of your account when you sign in to My Apple ID.
Argentina
Australia
Austria
Belgium
Bolivia
Brazil
Canada
Chile
China
Colombia
Costa Rica
Denmark
Dominican Republic
Ecuador
El Salvador
Finland
France
Germany
Greece
Guatemala
Honduras
Hong Kong
India
Indonesia
Ireland
Israel
Italy
Japan
Korea
Luxembourg
Macao
Malaysia
Mexico
Netherlands
New Zealand
Nicaragua
Norway
Panama
Paraguay
Peru
Philippines
Poland
Puerto Rico
Portugal
Russia
Singapore
South Africa
Spain
Suriname
Sweden
Switzerland
Taiwan
Thailand
Turkey
United Arab Emirates
United Kingdom
United States
Venezuela
Vietnam
Frequently asked questions about two-step verification for Apple ID
http://support.apple.com/kb/HT5570
Cheers,
Allen -
HT5593 How do i get sms support for two step verification in Canada with Telus ?
i have followed the procedure for setting up two step authentication and the part where it's suppose to send me an sms code is where it fails. the code just never comes. anyone else having this issue ? fyi, im in Canada and using telus.
i know when they first announced two step verification in Canada sms support was not there but now it's listed specifically for Canada and Telus on Apple support page. so what's the issue ?
i know Apple has had tons of issues with sms codes outside the US but i figured by now they would get it right so i'm hoping there's just something i'm missing.i've even tried putting my sim card into a non-iphone, still no luck.
Then how on earth is the iPhone the issue????
Oh wait, it isn't.
Unbelievable... -
Two step verification in Canada SMS does not work with Telus
Just saw the announcement that Two step verification for your Apple account is now available to Canada.
http://www.macnn.com/articles/13/05/10/option.will.appear.automatically.in.accou nt.details/
Tried to sign up, unfortunately after many attempts and testing with a few different phones it appears that Apples SMS server is not connected with Telus mobility as the messages never come through to any of my phones on the Telus network.
So maybe the announcement is a little premature.False start.
The option to sign up for two step verification has now been removed again.
I guess they have to get the SMS feature working first.
Here is a request. Apple can you implement the industry standard time based authentication protocol:
http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm
http://tools.ietf.org/html/rfc6238
Same one is being used by:
Google
Dropbox
Lastpass
Microsoft
Amazon AWS
Then you can use one of the many apps available for smartphones and support users who want something secure but that does not require SMS or an apple hardware device to login to their apple id. -
Hi, for two-step verification there is no Kuwait & Pakistan country for SMS. How we can proceed if we belong one of these countries?
We have no idea. We are not Apple. I'd expect a long wait in Pakistan, though, since Apple does not do business or provide support there at all.
-
while messing with my two step verification on my gmail account I inadvertently did sometime to my gmail account on my Mac mail. I can't send or receive mail. Any thoughts
When it asks for the password, typically this is a random number sent to you via text message from Google. I get a new code everytime I want to add a new device or log into from a new computer. It can get very annoyingif you access your account from various computers or devices. Once its working its not bad though. You may want to go back in and turn the 2 step authentication off.
-
Use two-step verification with AppleTV?
I have an AppleTV 3rd Generation (rev 2, A1469 running 6.1.1). Since adding two-step verification to my Apple ID, I have been unable to sign into iTunes Store to access my purchased movies and television shows--or even to update the AppleTV software. How do I use the two-step verification with AppleTV?
!
-
i have forgotten my apple ID security questions the is no link to send to my rescue email nor is the a section for the two-step verification method. What do I do??
Alternatives for Help Resetting Security Questions and/or Rescue Mail
1. If you have a rescue email address or a Security Questions issue, then see:
If you forgot the answers to your Apple ID security questions - Apple Support.
Manage your Apple ID primary, rescue, alternate, and notification email addresses - Apple Support
2. Fill out and submit this form. Select the topic, Account Security. You must
have a Rescue Email to use this option.
3. This is the only option if you do not already have a valid Rescue Email.
These are telephone numbers for contacting Apple Support in your country.
Apple ID- Contacting Apple for help with Apple ID account security. Select
the appropriate country and call. Ask to speak to the Account Security Team.
4. Account security issues almost always require you to speak directly to an
Apple representative to securely establish your identity as the account holder.
You can set it up so that Apple calls you, either immediately or at a time
convenient to you.
1. Go to www.apple.com/support.
2. Choose Contact Support and click Contact Us.
3. Choose Other Apple ID Topics and choose the appropriate topic for
your issue.
4. Follow the onscreen instructions.
Note: If you have already forgotten your security questions, then you cannot
set up a rescue email address in order to reset them. You must set up
the rescue email address beforehand.
Your Apple ID: Manage My Apple ID.
Apple ID- All about Apple ID security questions. -
When I go to the password and security, there is no Select "Start" under the words "two-step verification" and follow the instructions on the screen
Hey Podducbnov,
Thanks for the question. It sounds like you are trying to setup Two-Step Verification. After logging into http://appleid.apple.com, click "Password & Security". At this time you will probably be prompted to answer your security questions, go ahead and do so. Afterwards, the top section has a "Get started…" link to setup Two-Step Verification:
Apple ID: Frequently asked questions about two-step verification for Apple ID
http://support.apple.com/kb/HT5570
Thanks,
Matt M. -
How does two step verification work with an iPad?
Two step verification seems to require an iPhone for the code - can it be set up for an iPad?
Apple ID Two-Step verification FAQ
http://support.apple.com/kb/HT5570
Maybe you are looking for
-
I have athorizedmy iPod so that I could transfer my music purchases bytomycomputer but when I attempt to do thisiget a messege stating that my iPod is not authorized to do this. What step am i missing in the athurization process? Some of my purchesse
-
I set up a table in a new file and find that it's repeating itself. Although I should have at most 2 pages, I have 18. How can I get rid of the 16 repeat pages and keep from making this mistake again? TIA
-
Problem with starting j2ee stack
We have Netweaver 2004s ABAP+J2EE (Add-in). ABAP stack starts ok, but j2ee stack not :(. dev_jcontrol: [Thr 6040] JControlExecuteBootstrap: execute bootstrap process [bootstrap] [Thr 6040] INFO: Invalid property value [javaVMPath=C:\j2sdk1.4.2_09] [T
-
I am new in Oracle B2B.At the time of configuration of B2B component at jdeveloper,in the document defination section "No deployed document found" messge is showing .Can any one help me how to deploy the document in oracle b2b server so that the depl
-
I have my home movies on DVD burned from Windows and am trying to import them into iMovie. The DVD will play on my Mac but I can't seem to import the movie. Can anyone help?