How is this secure when I can go into my account and using only the device password to remove the security keys?

Question

xCWkymPvU Author

Level 1

4 points

How is this secure when I can go into my account and using only the device password to remove the security keys?

Posted on Mar 7, 2023 3:51 AM

Reply

Answer 1

xCWkymPvU Author

Level 1

4 points

Mar 8, 2023 2:51 PM in response to Sheree_P

The problem is that it allows me to remove the configured Security Keys WITHOUT using one of the Security Keys. All I need is my phone passcode (which we all know isn't secure). It should require the full iCloud password to do this OR one of the Security Keys just like removing a device from iCloud. Someone who knows your phone passcode (like someone you live with) could take over your iCloud and you can't do anything about it.

Reply

Answer 2

Chris_C1

Community Specialist

Mar 8, 2023 3:03 PM in response to xCWkymPvU

Hi xCWkymPvU,

At this point, it would be best for you to Contact Apple Support for additional assistance and next steps.

Cheers!

Reply

Answer 3

Sheree_P

Community Specialist

Mar 8, 2023 11:34 AM in response to xCWkymPvU

Hey xCWkymPvU,

Welcome to Apple Support Communities.

We see you reviewed this article: About Security Keys for Apple ID.

With just two-factor authentication, you would need to enter your Apple ID password and the the six-digit code.

"Because you use a physical key instead of the six-digit code, security keys strengthen the two-factor authentication process and help prevent your second authentication factor from being intercepted or requested by an attacker."

When using a Security Key to add/remove security keys, the six-digit code isnt required which decreases the chance your iPhone/Apple ID data getting compromised through that second step of entering the code.

Take care.

Reply

How is this secure when I can go into my account and using only the device password to remove the security keys?

Similar questions