Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Apple ID Two Factor Authentication is Flawed

Could someone tell me why Apple use Trusted Phone numbers for 2FA instead of a Third Party or Apple’s Own 2FA token generation App (If they create one). Because Trusted phone numbers can be dangerous, think of a situation where a user has only one iPhone and one Phone Number, the person set the same phone number as Trusted number. In case the user’s phone is lost or stolen then the person who finds it or steals it can easily recover the apple account and activate the phone using the Phone Number because the Sim Card is inside the phone and the Sim card can be inserted in another phone to receive OTP.


This is just a stupid implementation.

Posted on Oct 27, 2020 2:25 AM

Reply
18 replies

Oct 27, 2020 6:30 AM in response to TheWitcherGeralt

You cannot reset a password without the correct password.

Show me how you can reset a password on an iPhone?

FYI.

  • To reset a forgotten password, you have to restore as new
  • To do that you'll need the screen lock passcode
  • To restore as new you also need to switch iCloud > Find My iPhone OFF
  • To switch FMiP, you need the password (again back to square one)
  • And if you have settings to delete data on your iPhone after 10 tries then nothing will get you through.
  • You heard of Activation Lock?

Good luck with your hacking, maybe you will be the first who can succeed.

Anyway I have enough of this discussion. Good bye.

Oct 27, 2020 5:06 AM in response to TheWitcherGeralt

There are more millions who think otherwise.

Use another device that suits you better.

You knew much but not enough to know that you are wrong.

FYI: If your phone is lost or stolen, you won't even get into the phone (passcode locked) to retrieve 2FA.

2FA is only if someone uses your Apple ID and password on another Apple device that the 2FA is required

Good luck to you, I'm off helping others.



Oct 27, 2020 5:42 AM in response to ckuan

Try to use your mind man and think. When someone stole another persons phone, he can just remove the Sim Card and Put it in another phone, then use the Number to reset iCloud account password as the Number is a Trusted Number then can activate the phone.


Helping is a good thing but arguing about stuff you don’t know or you can’t think is just annoying. You think you’re helping but you’re not.

Oct 27, 2020 5:51 AM in response to ckuan

Again use your mind, if someone steals your phone the person might know you, might be someone from your neighbourhood, friends, from your university he/she can be any one. And the personal might just know your Email ID.


And besides that, many people use the same Email ID for iCloud account, knowing someone’s email ID buy their Mobile Number isn’t a big deal, there are many ways someone can enumerate email ID from mobile numbers.


man you don’t know anything about security or hacking. Please stop replying to something you don’t know about.

Oct 27, 2020 6:03 AM in response to TheWitcherGeralt

You forgot Complex Password is important and should be kept secret and difficult to guess.

But sorry if you're that stupid and let everyone know the password including their dogs, there's no help.

In another word, there's no security system that can help someone who is careless.

2FA flaw is the user which no security system can remedy. Case closed.

Apple ID Two Factor Authentication is Flawed

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.