Does anyone else implement two-factor authentication this way? Because that’s unbelievably stupid. Why would you need to reset an attacked account’s password if they have two-factor auth? And how can you expect 99% of your users to keep a copy of their recovery key — especially when your own website points out that they’ll be able to create another as long as they’ve got their original password and device? This is a policy that can only, mathematically, end up locking out 100% of Apple’s users over time.
I have my recovery key in 1Password, but I’m considering turning two-factor off for my account (assuming that’s even possible), because Apple’s online services can’t be trusted with anything and I feel pretty stupid for signing up to be an early adopter of new security measures that of course they rushed to implement without understanding the consequences.
Don’t forget that, since iOS 7, your devices are locked to your iCloud account. So “just create another account” doesn’t only make you lose everything you’ve ever bought on the App Store.
Vous voulez savoir quand je poste du contenu sur mon blog ? Il suffit de vous inscrire gratuitement à un agrégateur RSS (Feedly, NewsBlur, Inoreader, …) et d'ajouter www.ff00aa.com à vos flux (ou www.garoo.net pour vous abonner à tous les sujets). On n'a pas besoin de newsletters, pas besoin de Twitter, le RSS existe toujours.
Mentions légales : ce blog est hébergé par OVH, 2 rue Kellermann, 59100 Roubaix, France, www.ovhcloud.com.
Les données des visiteurs de ce blog ne sont pas utilisées ni transmises à des tiers. Les posteurs de commentaires peuvent demander leur suppression par e-mail.
Tous contenus © de l'auteur ou couverts par le droit de citation.
