the iMentor

Hints & rants

This weB-LOG is about the musing of a technical consultant. It is the iMentor's thoughts on technology and the human condition.

GO TO ARCHIVE
August 25, 2024 No Comments

Lock the Door

Episode #815

September 14, 2024

For 11 years I have resisted enabling Apple 2 Factor Authentication (2FA).

 

 

Apple 2 Factor Authentication requires always having to be in possession of an internet connected trusted device just to access your Apple ID and iCloud account. This is an unreasonable and inconvenient requirement.

It is not easy to avoid switching to 2FA. When you do a Operating System update the default for security is 2FA. You must uncheck the 2FA selection and click through options to opt out. Periodically, Apple will send a notification suggesting that you switch to 2FA. To dismiss the notification badge you must proceed a window or two, then cancel the switching process.

At first 2FA was reversible. Once you upgraded to 2FA security you could disable 2FA at any time if you no longer wanted it. Now, Apple gives users a 2 week window to reverse 2FA. Simply click a link in the 2FA confirmation email to return to your previous security settings. If you wait beyond the 2 week window, however, 2FA becomes permanent and there is no way to disable it.

Apple used to provide emergency codes to use if you lost access to your trusted devices. Many other 2FA services provide this kind of code. Apple no longer provides such codes. 2FA depends solely on up-to-date trusted devices to receive the unlock codes. Furthermore, trusted devices must be Apple products such as an iPhone, iPad, iPod touch, or Mac, that you own. They must be signed into the internet with your Apple ID. These trusted devices cannot be Android or Windows.

If you are using iCloud for Windows and do not have a trusted Apple device, you cannot sign in to your Apple ID with 2FA.

If I were at my friend’s house without a trusted device and wanted to sign into my iCloud account using a browser on his Windows computer I could not. My iCloud data, email, financial tools, etc. would be unavailable to me.

Some Apple ID services will simply not work without 2FA enabled:

  1. Apple Card: Requires 2FA to access your card information and transactions.
  2. Apple Cash: Ensures secure transactions and management of your Apple Cash account.
  3. HomeKit: To control HomeKit-enabled devices remotely, 2FA must be enabled.
  4. Access to Health Records: Requires 2FA to ensure the security of your medical data.
  5. Access to iCloud Data on the Web: To view and manage iCloud data through a web browser, 2FA is mandatory.
  6. Apple Developer Program: Requires 2FA for accessing the Apple Developer website and resources.

My answers to these restrictions are:

  1. I have a credit card and have only ever owned one at a time. This has kept my credit score high. I do not need an Apple Card.
  2. Apple Cash is popular, but most people can pay me with a Zelle account, a check or cash.
  3. My little cabin home in the wild will never need HomeKit or any kind of automation.
  4. My doctors and I keep my health records in the MyChart portal. I don’t need Apple Health Records.
  5. While some iCloud Data viewed from a browser is restricted I can still access and store my data in my email, address book, notepad, calendar, iCloud Drive and Find My services without 2FA.
  6. Since I am retired I no longer need access to the Apple Developer Program.

Some users will switch to 2FA because they want to use some of these services. If a friend or relative wants to sign into the user’s account, 2FA does not need to be utilized. The friend’s Apple device(s) can be added to the user’s trusted device list allowing the friend to sign in without 2FA. Remember, however, these friend’s devices cannot be Android or Windows.

I appreciate Apple’s desire to protect the security of its users, but a more convenient method is needed. Also, a more inclusive method that will give access to your Apple ID on Android and Windows machines would enhance that convenience. Security methods like Public Key Cryptography such as passwordless Fast IDentity Online (FIDO) can provide this convenience.

In the meantime the best frontline security is the password sign-in on your devices. In your home, the lock on the front door is the best security for your house. It is the same for your computer, your phone and all your on-line accounts.

 

IF YOU LIKE THIS BLOG YOU’LL LOVE MY BOOKS:
“Skydivers Know Why Birds Sing” by Ricki T Thues is now available on Amazon.
It is a Love story of Rick and Paula Thues and their 35 years of Skydiving.

Click HERE to buy the paperback or Kindle ebook at Amazon.

Follow Ricki T Thues on Amazon HERE.

ALSO AVAILABLE:
“Technically Human” by Ricki T Thues, the iMentor, is available on Amazon.
It is a compilation of selected episodes from this bLog which tell the story of Humanity through the eyes of the iMentor.

Click HERE to buy the paperback or Kindle ebook at Amazon.
The ebook version of “Technically Human” is also available on Kobo. Click HERE.
For you Barnes and Noble Nook readers it is available for Nook. Click HERE.
The “Technically Human” ebook is also available on Apple Books . Click HERE.

 

 

Related Posts

Leave a Reply