14 DAY TRIAL // If you’re able to obtain someone’s Apple ID password, it’s possible to impersonate them and send iMessages from their account, as well as make purchases on the App Store, and other stuff that should normally be protected under the two-factor authentication mechanism.
Two-step verification, also referred to as two-factor authentication, involves securing an online account with an additional device or service, such as SMS. In order to sign in on a yet-unauthorized computer, you’d need to confirm twice that it’s you who is trying to log in, and not someone else.
Easier said than done for several Apple services, apparently. According to Hackers of NY founder Dani Grant, “Even if you have 2FA enabled, Apple will not prompt for 2FA if someone is trying to login to your account on many of their services.”
He uses several short YouTube videos to demonstrate that despite having two-factor authentication switched on, not every access point to their account is protected. He makes it clear that “for many of Apple’s core services, 2FA is not enforced,” and the videos seem to confirm it.
Apple also takes it upon itself to warn users via email that their account is being accessed from another computer that hadn’t previously been associated with that Apple ID / iCloud account. Most recently, it only does it for FaceTime, according to Grant. It would be far more important for this warning to crop up when someone attempts to use iMessage, to access iCloud via a web browser.
While it may seem hard to believe that someone will obtain your password, it’s not as hard as you may think. Hence, last year’s leak of celebrity nude pics. Yep, it could happen to you.
