Why do I have to use Two-Factor Authentication in order to use the keychain feature?

[joemd60]

On my old iPad, in order to turn on keychain. It is asking me to use two factor authentication, yet my iPhone 11 has it turned on without issues. Why is that? Since when is that a requirement, and not a choice by the individual? Thanks

 

[Lee_Bo]

Re: Two factor authentication

Since when is that a requirement, and not a choice by the individual? Thanks

I believe Apple "switched the flip" about a year ago and made 2FA mandatory. A lot of people were upset about it, however I've seen a lot of posts in support of it. Personally I wish more sites would use it.

 

[joemd60]

Re: Two factor authentication

I believe Apple "switched the flip" about a year ago and made 2FA mandatory. A lot of people were upset about it, however I've seen a lot of posts in support of it. Personally I wish more sites would use it.

View attachment 129932

Thanks Lee. I am aware of Apples take on 2FA. I just found it odd, my 3 year old iPad requires it, but not my iPhone 11 which is still new.
I am not turning it on, on the iPad. Guaranteed it will throw a wrench in the works if I do.
I use 1Password, but like to use both in case one or the other fails.
One issue I find with 2FA, you better have your password handy if you get locked out of your phone for any reason.

 

[Ledsteplin]

Re: Two factor authentication

I believe Apple "switched the flip" about a year ago and made 2FA mandatory. A lot of people were upset about it, however I've seen a lot of posts in support of it. Personally I wish more sites would use it.

View attachment 129932

I've never used 2FA on my iPhones, including my 12 Pro Max. It's definitely not mandatory. You can skip it, but they're sneaky about it.

 

[joemd60]

Re: Two factor authentication

I’ve turned it off, but now my Home pod mini is unresponsive. It tells me to update my password on my iCloud account. It is updated. It had my music all messed up, I couldn’t even play from another speaker, or my iPhone. I ended up having to completely remove the mini from my account. I’ll try setting it up tomorrow, but my guess it will try to force me to use 2FA again, I don’t want to use it. I have one phone, and a non cellular iPad. I don’t want issues should I have to reset my password.
Well, I am guessing 2FA needs to be enabled to connect the HomePod mini. It will not connect whatsoever. Siri responds to some commands. But it will not play music, Siri says “there is a problem in the home app”. And it does not show up in HomeKit. Because, once I disabled 2FA that’s when the problems started, and it does not show up in HomeKit. After further research, 2FA needs to be enabled. Apple
Is pushing their security to 2FA more and more. I also want to apologize for the long post, or if I am off track with this thread. Thanks ������

 

[Ledsteplin]

Re: Two factor authentication

I’ve turned it off, but now my Home pod mini is unresponsive. It tells me to update my password on my iCloud account. It is updated. It had my music all messed up, I couldn’t even play from another speaker, or my iPhone. I ended up having to completely remove the mini from my account. I’ll try setting it up tomorrow, but my guess it will try to force me to use 2FA again, I don’t want to use it. I have one phone, and a non cellular iPad. I don’t want issues should I have to reset my password.
Well, I am guessing 2FA needs to be enabled to connect the HomePod mini. It will not connect whatsoever. Siri responds to some commands. But it will not play music, Siri says “there is a problem in the home app”. And it does not show up in HomeKit. Because, once I disabled 2FA that’s when the problems started, and it does not show up in HomeKit. After further research, 2FA needs to be enabled. Apple
Is pushing their security to 2FA more and more. I also want to apologize for the long post, or if I am off track with this thread. Thanks ������

You might call Apple Support. They might can help straighten it all out. I don't yet have a Homepod mini, nor Homekit. No clue if 2FA is required for those. It is for Pay Cash. Not sure why you can't play music on your iPhone. I can, and don't have 2FA. When I was talking to an Apple Support rep last week, she agreed with me about being wary of using 2FA. Apparently, they get a lot of calls from users with 2FA issues.

 

[joemd60]

Re: Two factor authentication

Those are my feelings as well about 2FA. It should be an option, after further research, it is required for the homepod. With that said, everything is all set, I reset my password, and removed the HomePod from HomeKit. I will keep mine, because I am undecided,although I did buy it to set up some lights. And I will still gift these.
It’s a nice Christmas gift since they’re all iPhone users.������

 

[joemd60]

Re: Two factor authentication

Now Apple won’t let me link my debit or credit card to Apple Pay unless I turn on 2FA. My cards are in the wallet app, and luckily I used it today without issues.
It’s when I go into iCloud- payments and shipping. My PayPal account shows up and running ok. My MasterCard is in place, but still requires me to link it.

 

[Ed7789]

Two factor authentication

This is completely normal. We don't live in a world where using a username and password is simply sufficient.
You can look for "Password" in this list to convince yourself: https://haveibeenpwned.com/PwnedWebsites. And that list is barely the tip of the iceberg.

One can find multi-factor authentication inconvenient or even hate it, but it is a trade-off between convenience and security.
I find that Apple did a good trade-off between the two. Their implementation is not very intrusive in the sense that you it will warn you immediately on your devices when someone tried to authenticate into your account, and they will provide you with (limited) details.
Compared to some other two-factor authentication implementations, like Google Authenticator, this is the second easiest I've seen - next to Microsoft's version.

Two-factor authentication does not require any Internet connection once it is set up. You can get a validation code anytime from a trusted device (see the steps here: https://support.apple.com/en-ca/HT204974).

To give an idea, your Apple Wallet can be tied to your iCloud account. This allows your iPhone to share that account with your iPad, but also that data to be restored to some extent in a backup.

Something similar goes for the HomePod. That class of devices acts as a HomeKit hub, which allows you to control remotely your smart lighting, thermostat and air conditioning which can look quite anodine… HomeKit also controls smart locks, garage doors and security cameras remotely. Not something you want to be left protected behind a username and password.

Apple started really insisting on two-factor authentication recently. Celebgate is one reason why it's so important to be insistent on good security practices. We store a lot of personal information in iCloud (e.g.: photos of our own children, personal emails, documents, passwords, etc.), so it does makes sense that it is well protected.

Two-factor authentication will not protect you against social engineering attacks against you or your provider's (at large) employees, some more sophisticated phishing attacks, but it does help reach that higher bar we all need in this day and age.

P.S./Edit: I feel like I wrote a novel… I really feel strongly about this kind of things, and I hope no one takes it personal.

 

[joemd60]

Re: Two factor authentication

This is completely normal. We don't live in a world where using a username and password is simply sufficient.
You can look for "Password" in this list to convince yourself: https://haveibeenpwned.com/PwnedWebsites. And that list is barely the tip of the iceberg.

One can find multi-factor authentication inconvenient or even hate it, but it is a trade-off between convenience and security.
I find that Apple did a good trade-off between the two. Their implementation is not very intrusive in the sense that you it will warn you immediately on your devices when someone tried to authenticate into your account, and they will provide you with (limited) details.
Compared to some other two-factor authentication implementations, like Google Authenticator, this is the second easiest I've seen - next to Microsoft's version.

Two-factor authentication does not require any Internet connection once it is set up. You can get a validation code anytime from a trusted device (see the steps here: https://support.apple.com/en-ca/HT204974).

To give an idea, your Apple Wallet can be tied to your iCloud account. This allows your iPhone to share that account with your iPad, but also that data to be restored to some extent in a backup.

Something similar goes for the HomePod. That class of devices acts as a HomeKit hub, which allows you to control remotely your smart lighting, thermostat and air conditioning which can look quite anodine… HomeKit also controls smart locks, garage doors and security cameras remotely. Not something you want to be left protected behind a username and password.

Apple started really insisting on two-factor authentication recently. Celebgate is one reason why it's so important to be insistent on good security practices. We store a lot of personal information in iCloud (e.g.: photos of our own children, personal emails, documents, passwords, etc.), so it does makes sense that it is well protected.

Two-factor authentication will not protect you against social engineering attacks against you or your provider's (at large) employees, some more sophisticated phishing attacks, but it does help reach that higher bar we all need in this day and age.

P.S./Edit: I feel like I wrote a novel… I really feel strongly about this kind of things, and I hope no one takes it personal.

None taken on my end, you gave me some new insight on 2FA. Well written post. Thank you

 

[joemd60]

Re: Two factor authentication

One question, those of you that have 2FA enabled. Did you also create a recovery key, is it necessary? Thanks

 

[Ed7789]

Re: Two factor authentication

I really suggest not only generating those, but print them out and put them somewhere very safe.

If you lose the device(s) that have the two-factor token, you will have to use the recovery key.

 

[joemd60]

Re: Two factor authentication

I really suggest not only generating those, but print them out and put them somewhere very safe.
Thank you Ed. ????????????
If you lose the device(s) that have the two-factor token, you will have to use the recovery key.

 

[Just_Me_D]

Re: Two factor authentication

Since you use 1Password, you can easily scan an associated QR code and use the app as an authenticator. Even if you restore your device and set up as new or switch devices, the authenticator within 1Password remains intact.

 

[joemd60]

Re: Two factor authentication

Since you use 1Password, you can easily scan an associated QR code and use the app as an authenticator. Even if you restore your device and set up as new or switch devices, the authenticator within 1Password remains intact.

Thanks D. ??????

 

[Just_Me_D]

Re: Two factor authentication

Thanks D. í ½í±

You’re very welcome, sir...

 

[joemd60]

Re: Two factor authentication

You’re very welcome, sir...

I wonder though if you could explain to me the QR code. I know what they are, but how would we know what apps have them? Or are you referring to the Google Authenticator? Thank you again for your help sir. ??????

 

[Just_Me_D]

Re: Two factor authentication

I wonder though if you could explain to me the QR code. I know what they are, but how would we know what apps have them? Or are you referring to the Google Authenticator? Thank you again for your help sir. í ½í¸„

When you set up 2FA for services like Dropbox, Google, Microsoft, etc., they give you options like texting you a code or using an authenticator app. When you choose the latter, you are instructed to scan the provided QR code via an authenticator app in order to get the code generator setup.

When you’re setting it up from within the 1Password app, you’ll already know what account/service you’re creating the authentication for. Once it’s setup, add a tag for the Watch and then whenever you need to enter the 2FA code when logging in to a service/website, just tap on 1Password via your Watch, select the appropriate service, and then get the code.

 

[Just_Me_D]

Sorry, Tapatalk put the images in reverse order.

 

[joemd60]

Re: Two factor authentication

When you set up 2FA for services like Dropbox, Google, Microsoft, etc., they give you options like texting you a code or using an authenticator app. When you choose the latter, you are instructed to scan the provided QR code via an authenticator app in order to get the code generator setup.

When you’re setting it up from within the 1Password app, you’ll already know what account/service you’re creating the authentication for. Once it’s setup, add a tag for the Watch and then whenever you need to enter the 2FA code when logging in to a service/website, just tap on 1Password via your Watch, select the appropriate service, and then get the code.

//uploads.tapatalk-cdn.com/20201205/1806522b8f3f16945880f8f037e3c4fc.png//uploads.tapatalk-cdn.com/20201205/09bf29037567382d96d3357e039c03e9.png//uploads.tapatalk-cdn.com/20201205/97828c81e86cc9b481678e7adf85d6e6.png

Thank you again, very much appreciated!????????????