Five Apple logins remain unprotected by two-step authentication when using an unknown device

“More than four months after Tim Cook promised emailed login alerts and the reintroduction of two-factor authentication in the wake of the high-profile celebrity iCloud hacks, five Apple logins remain unprotected by the system,” Ben Lovejoy reports for 9to5Mac.

“Hackers of NY founder Dani Grant used videos to demonstrate each of the vulnerabilities in a blog post,” Lovejoy reports. “Grant showed that two-factor authentication isn’t needed when using an unknown Mac to login to iMessage, iTunes, FaceTime, the App Store or Apple’s website.”

Lovejoy reports, “According to Grant, only one of the five services [FaceTime] sent an email notification advising that an unknown device was used to log in.”

Read more in the full article here.

Related article:
Open letter to Tim Cook: Apple needs to do better – January 5, 2015
Tim Cook: Apple will broaden its use of two-factor authentication – September 5, 2014

9 Comments

    1. You can log into iMessage using your AppleID and any random text as a password – in fact you can log into anyones iMessage account if you know their Apple ID. Sure, you’ll get an email that ” a new device has accessed your iMessage account” but what are you going to do about it?

  1. I’m not sold on two-factor authentication for iCloud. Too inconvenient, ineffective, and unnecessarily complicated in its current implementation. Long secure passwords seems like the best option for now. Hopefully Apple will improve its extra authentication options over time.

    1. Security is by nature less convenient, even basic, easily-bypassed security like locking your front door. But that’s why 2FA is an option for iCloud, not a requirement at the moment. If you’re high-profile or keep more sensitive stuff (documents, photos) on it, use 2FA, otherwise passwords are enough.

      1. Agree with Mossman. Having a safe with a key and combination is a royal PITA if you want to get access fast, but then it protects what’s valuable to you.

        If you don’t care about your privacy then don’t use 2FA. Simple.

  2. Most, if not ALL, of whom tout they are not concerned about their personal privacy, internet security & claim, they have “NOTHING TO HIDE”, change their once flippant & ignorant stance, after discovering their precious nude photos have become public domain. Self Ignorance & blaming others are the norm today.

    Oh! BTW…. IT IS ALL APPLES’s FAULT!!! Sue Apple. It was not me!! I didn’t know!!!! Tim is the one who let it happen. Stupid is…. as STUPID DOES.

    This country needs a crash course in “TAKE RESPONSIBILITY OF YOUR OUR IGNORANT ACTIONS 101”. Most notably, individuals who have no RIGHTS and should not be here in this country in the first place. What a cesspool of LEACHES. Get the Fck out of MY COUNTRY.

  3. Frankly, using two-factor for FaceTime, iMessage, etc., is NOT what it is intended for. Do you really want to wait for a message to be sent to you before you can send a message, or make a call? Or even buy an App for my device or music. I DO get a two-factor notification and code for connecting to iCloud or other things that can compromise my account.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.