In my attempts to secure my account from the oddness that happened a few weeks ago where my devices in short order became untrusted, several times in a row even after being re-authenticated by me, I’ve activated the new 2-factor-authentication from Apple (the previous one is now called 2-step-authentication).
It seems to work great, I get approval requests for most login attempts, but so far I’ve seen two occasions where 2FA-login is not working or not respected.
The first and most annoying is that Apple TV does not seem to support 2FA-login. So I’m unable to login to my Apple TV for now. But so far it’s not a big problem since I can stream everything through my iPad or iPhone. But it’s still a glitch.
The second is maybe intentional, but when upgrading to iOS 11 I noticed that after the phone restarts and you’re asked to login, even if it’s not on the primary phone used for approving authentication, but a secondary phone, the 2FA approval request is not required, only username and password and then you’re logged in. Luckily I can see logged in devices through the account page, but I consider this a glitch as well.
I came across this article on enabling two-factor-authentication for several accounts.
I noticed that not only are there several more services now offering 2FA than when I last checked a few months back. But once I set out to enable my accounts on these services I also noticed that several of them now supports apps in addition to SMS-messages.
And I’m also very glad that the apps are becoming more generic so I don’t need to have a mass of apps installed on my phone, but rather that it’s now possible to use for example Microsoft Authenticator not only for Microsofts own accounts but also for Google, Twitter, Dropbox, Amazon and others.
The article doesn’t mention Steam though, but I think it should. Steam is quite huge as platform and enabling 2FA was both easy and well worth it, considering the info stored there. And neither is Apple mentioned which is a little odd, but AppleID is also very smooth to enable for 2FA.
There are also some identity services missing in the article where maybe I should look more into their respective settings to see if they now support easy to use 2FA as well.
I’m thinking specifically of WordPress, Instagram, IMDb and Origin. And of course all the web shops where personal info is stored.
And lastly what I’d like to see now is support in Password Safe for PC and the pwSafe iOS app for tagging accounts with a green colour flag if they’re 2FA enabled.
I’ve finally activated two-factor-authentication for my Microsoft account.
Better late than never, but I’ve held back for a while since last I checked there was no good app for iPhone for authentication. Now there is.
And secondarily, I used to use my Facebook and Apple accounts more actively and had 2FA enabled for those. This has changed and the Microsoft account is getting more and more central to most logins I do, so it felt about time to get it done.
And it was remarkably easy, even though the walkthrough from Microsoft is actually wrong or outdated in some places:
Activation worked fine, I installed the Microsoft authenticator app, made sure it worked and then just enable 2FA on the account.
It also told me to generate app-passwords if I used the Outlook app on other devices. Funnily the only place I’ve so far needed to use the app-password is when I launch Office 365 on my Windows 10 computer. All other places, like Email on iPhone, Skype on iPhone, and several other apps works with the “real” user account/password and actual 2FA confirmation. So it’s only the native Microsoft Office 365 Outlook app that fails this so far.
All in all, this was very easy and great to have. Now onto the next big problem, which was a trigger for this in some ways, to see what can be done about the sudden appearance of large amounts of spam on one of my non-Microsoft accounts. Whether the ISP can solve this or I need to start forwarding all mails to my Outlook.com account ?
There was an architectural summit workshop in Oslo today.
I am somewhat lost for words on how to summarize it.
Still, some great discussions around MDM, MEAP, 2FA and IDAM/OIM/IDM.
Tomorrow I am off for a whole day in Copenhagen.
At least then I can get up at 5.30 instead of 4.30…