Hi Neal,
For somebody else to change the recovery key they would have to physically get a hold of one of your trusted devices as well as know your password. The recovery key is randomly generated and can’t be changed to a user defined value. I also keep mine in a SafeNote in my Roboform password manager which of course means even if everything I own burns to the ground I could still access all my passwords and important information as long as I remember my Roboform login credentials. Of course one could argue that if somebody gains access to my Roboform password, they could get access to a lot of sensitive information. This is of course true, but they would actually have to know that I use Roboform, what my user name is (Roboform does not use an email address to log in) and then they would have to know my password which for Roboform is 18 characters including upper case, lower case, symbols and numbers. It’s probably my longest and most secure password. The master password I use on a day to day bases to access my passcards and SafeNotes is only 14 characters, but it’s of no use unless somebody has physical access to one of my computers or my iPhone and on my iPhone the app is additionally protected since you can’t even open it without a 4-digit passcode which is different from the 4-digit passcode which unlocks my phone. It is possible to be quite save online if you use common sense and good passwords. Regards, Sieghard From: [email protected] [mailto:[email protected]] On Behalf Of Neal Ewers Sent: Tuesday, December 09, 2014 12:57 PM To: [email protected] Subject: RE: The dark side of Apple's two-factor authentication Hmmm, I found this on the web. I don’t know how new it is, but it appears, from reading this, that one can reset their recovery key. I find this strange in that if someone who has hacked into your iCloud has your password, what’s to stop them from doing this as well. What if I lose my Recovery Key? If you lose your Recovery Key <http://support.apple.com/kb/HT5577> , you can replace it any time: 1. Go to My Apple ID <https://appleid.apple.com/account/home> . 2. Select Manage your Apple ID and sign in with your password and trusted device. 3. Select Password and Security. 4. Under Recovery Key, select Replace Lost Key. When you create a new key, your old Recovery Key is no longer usable <http://support.apple.com/kb/HT5577> . Me again. Anyway, thanks for sharing this information. It will certainly help someone at some point. Neal From: [email protected] [mailto:[email protected]] On Behalf Of Teresa Cochran Sent: Tuesday, December 09, 2014 2:34 PM To: [email protected] Subject: Re: The dark side of Apple's two-factor authentication Hi, Mark and all, The other day I erased and restored my iPod. I'd lost my recovery key. I installed Google Voice and had a code sent to that phone number, which was already established as one of my trusted devices. I reset my recovery key this way. Needless to say, I'm going to Braille it and put it somewhere safe, in case someone tries too many times to log in (most likely me) and I get locked out. Teresa "We can see with the eyes, but we see with the brain as well, and seeing with the brain is often called imagination."--Oliver Sacks On Dec 9, 2014, at 12:10 PM, M. Taylor <[email protected] <mailto:[email protected]> > wrote: Hello Everyone, I strongly suggest that you read the following article, very carefully. The link to the original post may be found at the end of the text. -- The following information is important for all members of the viphone list. All new members to the this list are moderated by default. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. The archives for this list can be searched at http://www.mail-archive.com/[email protected]/. --- You received this message because you are subscribed to the Google Groups "VIPhone" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To post to this group, send email to [email protected] <mailto:[email protected]> . Visit this group at http://groups.google.com/group/viphone. For more options, visit https://groups.google.com/d/optout. -- The following information is important for all members of the viphone list. All new members to the this list are moderated by default. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. The archives for this list can be searched at http://www.mail-archive.com/[email protected]/. --- You received this message because you are subscribed to the Google Groups "VIPhone" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To post to this group, send email to [email protected] <mailto:[email protected]> . Visit this group at http://groups.google.com/group/viphone. For more options, visit https://groups.google.com/d/optout. -- The following information is important for all members of the viphone list. All new members to the this list are moderated by default. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. The archives for this list can be searched at http://www.mail-archive.com/[email protected]/. --- You received this message because you are subscribed to the Google Groups "VIPhone" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/viphone. For more options, visit https://groups.google.com/d/optout.
