IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / Know where your two-factor keys are...
Post #396,968
by Another Scott
12/9/14 8:13:18 AM
Reply
New Know where your two-factor keys are...
MacRumors:

The system requires a user to have a second "trusted" device that is used to verify a user's identity in addition to an extra security code called the "Recovery Key". However, in a new account from The Next Web's Owen Williams, that Recovery Key also has the potential to completely lock a person out of their account if they're being hacked.

Williams found that someone had tried to hack his iCloud account. Apple's two-factor system kicked in and locked the account, denying entry to the would-be hacker while also denying entry to Williams. When he went to iForgot, Apple's account recovery service, he assumed two of his password, Recovery Key or trusted device would unlock his account, as he was led to believe by an Apple Support document.

When I headed to the account recovery service, dubbed iForgot, I discovered that there was no way back in without my recovery key. That’s when it hit me; I had no idea where my recovery key was or if I’d ever even put the piece of paper in a safe place. I’ve moved since I set up two-factor on iCloud.


Williams contends he took a screenshot of the Recovery Key and printed that out as well as taking a photo on his iPhone to keep as a backup, but could not locate either and was on the verge of losing his "digital life". He called Apple customer support and was told that he had forfeited his Apple ID by losing his Recovery Key and that there was no way Apple could help him. He called back a second time.


Scary, but unsurprising, really.

It's things like this that make me leery of using face recognition or fingerprint scanning to unlock things. What if I don't shave? What if I cut my finger?

It also reminds me of how pissed off I get about having to change passwords every 60 days. :-/

Be careful...

Cheers,
Scott.
Post #396,969
by malraux
Picture of malraux
12/9/14 9:19:00 AM
Reply
New Apple is pretty explicit about not losing that key
I have mine in 3 places.
Regards,
-scott
Welcome to Rivendell, Mr. Anderson.
Post #396,970
by boxley
12/9/14 9:23:34 AM
Reply
New no tickee no laundry, not surprised
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free American and do not reflect the opinions of any person or company that I have had professional relations with in the past 59 years. meep
Post #397,005
by static
Picture of static
12/10/14 6:47:46 PM
Reply
New Where convenience meets security.
Having worked in IT Security for a while years ago and still knowing how the various actors in that story think, this is a more important tale than most people will realize.

For years and years we were subject to Microsoft's approach which almost always compromised security for convenience. Roll forward a few decades and the Cloud is a Thing. We know Apple has been burnt with compromised accounts. Now we starting to see what it _really_ means to have security prioritised over convenience!

A lot more people are going to be in for just such a nasty surprise until we as a society properly grasp what this means. Which is basically what the paranoid geeks have been doing for years.

Wade.
     Know where your two-factor keys are... - (Another Scott) - (3) - Dec. 9, 2014, 08:13:18 AM EST
         Apple is pretty explicit about not losing that key - (malraux) - Dec. 9, 2014, 09:19:00 AM EST
         no tickee no laundry, not surprised -NT - (boxley) - Dec. 9, 2014, 09:23:34 AM EST
         Where convenience meets security. - (static) - Dec. 10, 2014, 06:47:46 PM EST

What does this have to do with the movie?
41 ms