Phishing, Passwords and Apple Security

Some news making waves this week, reported on both Daringfireball.net and atp.fm, highlights the fact that any iOS app can popup a dialog requesting a password for your AppleID, (or theoretically any of your accounts).

While this is true, and it’s also true that phishers, and spear-phishes are getting very advanced in finding ways to trick people into giving away their passwords, I believe the important message to spread is: What a great job Apple is doing to pro-actively protect it’s users. Nonsense? Contrary to that article? Read on to understand my point of view, then tell me your arguments.

Two Factor Authentication.

Banks for many years, have required, a second, third or further way to verify you are who you say you are. As far back as 2001, I recall my bank asking me a second or third question when I attempted to login on a new device, or from a new location. These usually took the form: What is your favorite car? MacLaren (obviously) and such.

The sensationalist report about the kind of phishing that malicious App developers could do is just a reminder, that you should use, and services should offer Two Factor authentication for every service you use that holds any kind of personal information. From Photos to location, notes.

What makes Apple so Special?

Implementing two factor authentication for users of other services, like Google, Facebook etc has always been cumbersome and complex, with users having issues like this, and others that made them disable it.

It takes an mistake to improve, so, after some celebrity iCloud accounts were accessed in 2014, (these accounts were phished too, the bad guy found ways to get all the information he heeded to get into the accounts), Apple implemented one of the simplest two step verification systems in 2015.

In 2017, Apple made Two Factor Authentication mandatory for any device running iOS11 or High Sierra.

And so, If you are a user of Apple’s current software, you are instantly protected by two factor authentication, and EVEN if you get Phished, or give you iCloud password to your best friend, they will not be able to access your account without your explicit and subsequent consent.

This is what you’ll see on your Trusted Devices if someone tries to access your iCloud account:

Two factor Authentication pop up
iPad two factor Authentication Pop up
iPad two factor Authentication Pop up

How is this superior to others who do Two Factor Authentication with Text Message? Many researchers have already revealed how other Two factor authentication, done by phone or text message can easily be compromised.

Between the fact that Apple has now mandated two factor authentication, made it easy to use, and made it virtually invulnerable to compromise. (A user would have to click “allow, then copy the code that Apple presents  by hand (no copying and pasting of this code is possible).

With all of these facts, I believe that Apple should be praised for how well it protects users, compared to Microsoft, Google, Amazon and others. Do you disagree? I welcome discussion, it’s how we grow, please share your thoughts here, on twitter or by email, phone etc.

If we’re going to complain about Apple, how about we ask why Siri can speak on the new Apple Watch, but can’t read our emails to us, nor Wikipedia articles. Try that on iPhone or iPad, it’s life changing.

Thank you for reading.

 

 

 

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.