I've pointed this out before, but who knows, perhaps Catalina fixed it? (Spoiler: It didn't)
If you want to log into your account from a new device, Apple ask all your devices if it's ok. If one of them says OK, that's 2FA, right?
Missed my location by 1000km but you know, it's Australia, right. It's just one state away - call it an off-by-one error. And they prompt for a code I could only get from one of the "known safe" devices, right?
Ok, so the two factors that I need are "My laptop is logged in" and "I know how to transpose numbers from one window to another" - obviously, hackers couldn't do that, could they? What seriously was the point of this?
Apple, there is a sensible standard out here already. Use regular TOTP, let people use 1Password or Google Authenticator or god forbid, implement the standard yourselves. But what you have currently is a joke - please don't leave that stuff to the interns to implement.
How about focussing the next release more on security and less on making all the screen widgets look good in the dark?
No comments:
Post a Comment
All comments will be moderated. No spam, offensive language, politics, etc. Stay on topic and it'll probably get through.