![]() If you use the stock Calendar app on macOS, it won’t ask you for your iCloud password. The problem with this is why an app is asking for your password is fairly unknown. Which revokes all existing app-specific passwords, so you now need to go generate new app-specific passwords on every device that needs them. Then if you do that again, because, say, you think you might have typed the app-specific password in wrong, that triggers the “you’ve forgotten your password” routine. If you put in your actual password and it wants an app-specific password, or vice versa, it just says you put in a wrong password. How it doesn’t workĪ fairly major problem: is almost impossible to know whether a password field asking for your Apple ID/iCloud password wants your actual password or an app-specific password. How many and what devices you can authorise to your account is another issue, but there’s a really tl dr StackExchange answer about that particular matter. SMS is only really going to be used for people with one Apple device. In practice, so long as it doesn’t fallback to SMS, I’m kind of okay with Apple securely sending a 2FA code to another device. Apple’s two-factor authentication protocol doesn’t use TOTP or HOTP codes like pretty much everyone else-it uses your other Apple devices, with a fallback to SMS/voice code verification. To do this, you need to have two-factor authentication turned on. The general idea behind Apple’s 2FA is sound if not perfect: instead of giving every crappy mail and calendar app you use your main password, you give it an app-specific password. ![]() Apple’s two-factor authentication and app-specific password implementation is bad. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |