|
|
|
|
|
|
by amckinlay
3084 days ago
|
|
|
Apple security is confusing. For example, Find My Mac does not require 2FA even when 2FA is enabled. An attacker can remotely wipe your MacBook with just your iCloud password. Another example: apparently there is a distinction between "two-factor authentication" and "two-step authentication", the later being a deprecated, but active system. Reading the docs for the older system, you'll soon discover differences in things such as account access and recovery that lead to an entirely different set of consequences and caveats for security. You'll find out that in certain scenarios you could permanently lose access to your iCloud account and iTunes purchases under "two-step authentication*, but not the newer "two-factor authentication". If a user confused the two while reading the Apple online support pages, it could have grave consequences. Security is something that needs to be documented and marketed in clear terms. Why Apple would adopt names so similar for two distinct implementations of a security mechanism that they could arbitrarily describe either is incoherent with Apple's supposed model of user friendliness. It's what Microsoft does with its products, not Apple. Additionally, all facets of a security feature should be documented, and documented well. It is unacceptable that Apple does not warn users that 2FA can be bypassed in certain scenarios. I hope Apple does further focus on security, and documenting it well. |
|
|
This is intentional. Otherwise people who only have one device would be unable to wipe their device if it gets lost.