Apple To Force Users To 2FA On iOS 11, macOS High Sierra

Trailrunner7 quotes a report from On the Wire: With the upcoming releases of iOS 11 and macOS High Sierra later this year, Apple is planning to force many users to adopt two-factor authentication for their accounts. The company this week sent an email to customers who have the existing two-step verification enabled for their Apple IDs, informing them that once they install the public betas of the new operating systems they will be migrated to two-factor authentication automatically. Two-step verification is an older method of account security that Apple rolled out before full two-factor authentication was available. Apple is phasing that out and will be upgrading people with eligible devices automatically. "Once updated, you'll get the same extra layer of security you enjoy with two-step verification today, but with an even better user experience. Verification codes will be displayed on your trusted devices automatically whenever you sign in, and you will no longer need to keep a printed recovery key to make sure you can reset a forgotten password," the email from Apple says.

Re: Question about Apple machines

No Apple account needed to use iOS or Mac devices or get os updates. Just need an account for the App Store. (And iCloud)

Re:more tech support calls from my grandmother

[bug_hunter]

Are your family currently using two step authentication?

The article was really unclear in it's description, but it just seems to be "Two step" is moving to "Two factor". Looks like regular authentication is still regular authentication.

Re:Question about Apple machines

[nine-times]

You aren't required to have an Apple account, but you'll probably want to. Having an Apple ID allows you to do a cloud backup of any iOS devices you might get. It allows you to access the app stores for both MacOS and iOS. It lets you use "Find my Mac" to track or remote-wipe your computer if you lose it, and "Back to my Mac", which gives you file sharing and remote screen access to your other Macs without needing a VPN, if you have multiple of them, even if they're behind a firewall. If you want to buy anything from iTunes, you'll need an Apple ID. It's even the sign-on if you want to order anything directly from Apple's website. If you want to anything that connects to Apple, you'll want an Apple ID.

That doesn't mean you need to get one. You don't need to link it to your local sign-on. You don't even need to use Apple's domain (e.g. you can have the Apple ID use a Gmail address or whatever) unless you want to get a free email account with it.

It's ultimately not that onerous. They don't try to railroad you into to the degree that Microsoft does.

Not just for iOS/High Sierra. Anything non-Apple.

[SeaFox]

I got an email a few weeks back from Apple, too. Emphasis mine.

Dear (SeaFox),

Beginning on June 15, app-specific passwords will be required to access your iCloud data using thirdparty apps such as Microsoft Outlook, Mozilla Thunderbird, or other mail, contacts, and calendar services not provided by Apple.

If you are already signed in to a thirdparty app using your primary Apple ID password, you will be signed out automatically when this change takes effect. You will need to generate an app-specific password and sign in again.

To generate an app-specific password, turn on two-factor authentication for your Apple ID and then follow the instructions below:

  Sign in to your Apple ID account page (https://appleid.apple.com)
  Go to App-Specific Passwords under Security
  Click Generate Password

For more information, read Using App-Specific Passwords. If you need additional help, visit Apple Support.

Apple Support

So now I have to set up a separate email password for my main computer (which is Windows 8.1, using Thunderbird), my email client on my Android phone, the address book app on my phone (which syncs to iCloud), the Calendar app (which also syncs to iCloud) -- maybe another one because I have a Thunderbird install on my tablet (Win 8.1), oh, and my Thunderbird install on my actual Apple laptop.

That's six fucking passwords I have to generate for what I could do with just one before, just because I don't want to sync my contacts and calendaring data through a provider that will definitely be data-mining my info.