Apple To Force Users To 2FA On iOS 11, macOS High Sierra

Trailrunner7 quotes a report from On the Wire: With the upcoming releases of iOS 11 and macOS High Sierra later this year, Apple is planning to force many users to adopt two-factor authentication for their accounts. The company this week sent an email to customers who have the existing two-step verification enabled for their Apple IDs, informing them that once they install the public betas of the new operating systems they will be migrated to two-factor authentication automatically. Two-step verification is an older method of account security that Apple rolled out before full two-factor authentication was available. Apple is phasing that out and will be upgrading people with eligible devices automatically. "Once updated, you'll get the same extra layer of security you enjoy with two-step verification today, but with an even better user experience. Verification codes will be displayed on your trusted devices automatically whenever you sign in, and you will no longer need to keep a printed recovery key to make sure you can reset a forgotten password," the email from Apple says.

Re:more tech support calls from my grandmother

Today I tried to help someone in verification code hell. She enters her Apple ID on new phone. The verification code is sent to the old phone. She can't read the code on the old phone because Apple wants her to verify something on the old phone but the duelling popups prevent her from accessing the item. Then the new phone re-initiates a verification code.

Re:more tech support calls from my grandmother

[msauve]

I'm with you. Just yesterday I had to help someone restore an Apple password (too many wrong tries on a single device). To quote Steve Jobs, the whole thing was "brain-dead."

Bad tries on a single iThing resulted in a DOS for every other Apple device linked to the same account. To recover, there was an option which promised to take days, or you needed an IOS 10 (?) device. That somehow produced a code, which you were told in one place to append to the old password when logging into a different device, and elsewhere told to use as the full password. Oh, and before you got that code, up came a warning that an "unauthorized device" was trying to access the account from some remote city (their geoIP sucks, and the warning was clearly wrong).

It was very, very much an exercise in frustration and too much time. Why not simply require a confirmation that things were good from some device other than the one with too many failed attempts, or worst case force a new existing password login then change from a different device? Because Think Different, and fuck you, we're Apple.