Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple To Force Users To 2FA On iOS 11, macOS High Sierra (onthewire.io)

Posted by BeauHD on from the takes-two-to-tango dept.

Trailrunner7 quotes a report from On the Wire: With the upcoming releases of iOS 11 and macOS High Sierra later this year, Apple is planning to force many users to adopt two-factor authentication for their accounts. The company this week sent an email to customers who have the existing two-step verification enabled for their Apple IDs, informing them that once they install the public betas of the new operating systems they will be migrated to two-factor authentication automatically. Two-step verification is an older method of account security that Apple rolled out before full two-factor authentication was available. Apple is phasing that out and will be upgrading people with eligible devices automatically. "Once updated, you'll get the same extra layer of security you enjoy with two-step verification today, but with an even better user experience. Verification codes will be displayed on your trusted devices automatically whenever you sign in, and you will no longer need to keep a printed recovery key to make sure you can reset a forgotten password," the email from Apple says.

7 of 119 comments (clear)

  1. more tech support calls from my grandmother by turkeydance · · Score: 4, Insightful

    and the rest of my relatives asking me to fix it.

    1. Re:more tech support calls from my grandmother by Anonymous Coward · · Score: 5, Interesting

      Today I tried to help someone in verification code hell. She enters her Apple ID on new phone. The verification code is sent to the old phone. She can't read the code on the old phone because Apple wants her to verify something on the old phone but the duelling popups prevent her from accessing the item. Then the new phone re-initiates a verification code.

    2. Re:more tech support calls from my grandmother by msauve · · Score: 4, Interesting

      I'm with you. Just yesterday I had to help someone restore an Apple password (too many wrong tries on a single device). To quote Steve Jobs, the whole thing was "brain-dead."

      Bad tries on a single iThing resulted in a DOS for every other Apple device linked to the same account. To recover, there was an option which promised to take days, or you needed an IOS 10 (?) device. That somehow produced a code, which you were told in one place to append to the old password when logging into a different device, and elsewhere told to use as the full password. Oh, and before you got that code, up came a warning that an "unauthorized device" was trying to access the account from some remote city (their geoIP sucks, and the warning was clearly wrong).

      It was very, very much an exercise in frustration and too much time. Why not simply require a confirmation that things were good from some device other than the one with too many failed attempts, or worst case force a new existing password login then change from a different device? Because Think Different, and fuck you, we're Apple.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    3. Re:more tech support calls from my grandmother by bug_hunter · · Score: 3, Informative

      Are your family currently using two step authentication?

      The article was really unclear in it's description, but it just seems to be "Two step" is moving to "Two factor". Looks like regular authentication is still regular authentication.

      --
      It's turtles all the way down.
  2. Re:Question about Apple machines by nine-times · · Score: 5, Informative

    You aren't required to have an Apple account, but you'll probably want to. Having an Apple ID allows you to do a cloud backup of any iOS devices you might get. It allows you to access the app stores for both MacOS and iOS. It lets you use "Find my Mac" to track or remote-wipe your computer if you lose it, and "Back to my Mac", which gives you file sharing and remote screen access to your other Macs without needing a VPN, if you have multiple of them, even if they're behind a firewall. If you want to buy anything from iTunes, you'll need an Apple ID. It's even the sign-on if you want to order anything directly from Apple's website. If you want to anything that connects to Apple, you'll want an Apple ID.

    That doesn't mean you need to get one. You don't need to link it to your local sign-on. You don't even need to use Apple's domain (e.g. you can have the Apple ID use a Gmail address or whatever) unless you want to get a free email account with it.

    It's ultimately not that onerous. They don't try to railroad you into to the degree that Microsoft does.

  3. Re: Question about Apple machines by jerk · · Score: 4, Insightful

    You're an AC that works at Teleperformance or some other call center, and you think you know what you're talking about. No Apple ID is required to create an account on a Mac or to download updates.

    Update (iOS and MacOS) are available here, no App Store required.

    As he stated, you do need an Apple ID for the App Store and iCloud features.

  4. Not just for iOS/High Sierra. Anything non-Apple. by SeaFox · · Score: 3, Informative

    I got an email a few weeks back from Apple, too. Emphasis mine.

    Dear (SeaFox),

    Beginning on June 15, app-specific passwords will be required to access your iCloud data using thirdparty apps such as Microsoft Outlook, Mozilla Thunderbird, or other mail, contacts, and calendar services not provided by Apple.

    If you are already signed in to a thirdparty app using your primary Apple ID password, you will be signed out automatically when this change takes effect. You will need to generate an app-specific password and sign in again.

    To generate an app-specific password, turn on two-factor authentication for your Apple ID and then follow the instructions below:

      Sign in to your Apple ID account page (https://appleid.apple.com)
      Go to App-Specific Passwords under Security
      Click Generate Password

    For more information, read Using App-Specific Passwords. If you need additional help, visit Apple Support.

    Apple Support

    So now I have to set up a separate email password for my main computer (which is Windows 8.1, using Thunderbird), my email client on my Android phone, the address book app on my phone (which syncs to iCloud), the Calendar app (which also syncs to iCloud) -- maybe another one because I have a Thunderbird install on my tablet (Win 8.1), oh, and my Thunderbird install on my actual Apple laptop.

    That's six fucking passwords I have to generate for what I could do with just one before, just because I don't want to sync my contacts and calendaring data through a provider that will definitely be data-mining my info.