Hmmm, Having recently travelled overseas when we just bought local SIM cards and changed them out as we moved how could two-factor verification work in this scenario. If my ³trusted device² is associated with a particular trusted phone number, it will be uncontactable when the SIM is changed. If I can just sign-in to my account via the new SIM, then it might work but wouldn¹t that just be one-factor verification.
Also if, say, my iPhone is lost or stolen will find my phone still work with a different SIM in it and let me ³wipe it² - that would be good but then am I locked out of my MacBook if my trusted device/trusted phone number are gone that would leave me totally cut-off and would be bad. Or am I missing something obvious here? It seems to me that the fingerprint ID provides a more foolproof security measure but no doubt has its own problems - what happens when you pick up that red-hot bit of metal and singe off your fingerprint ;o) Cheers Neil -- Neil R. Houghton Albany, Western Australia Tel: +61 8 9841 6063 Email: n...@possumology.com on 6/10/15 15:30, Ronni Brown at ro...@mac.com wrote: > Hello WAMUGers who are contemplating upgrading to OS X 10.11 El Capitan, > > I thought I would post about the New Security Improvements for members who > might not be fully aware of the changes. > Take note of the changes to Two-Factor Authentication in iOS 9 and OS X 10.11 > El Capitan. > > El Capitan - New Security Improvements > > There are new security improvements in El Capitan that should protect Mac > users from malware, but unfortunately it may also mean that some of the > software utilities you use no longer work. > > System Integrity Protection: Also called ³rootless,² this feature makes an El > Capitan Mac more resistant to attacks and malware, but it also limits what > power users can do to their systemsunless they disable it. > > What Rootless means in OS X El Capitan? > > In OS X 10.11 El Capitan, System Integrity Protection, also known as rootless, > will prevent the modification or removal of certain system files even by > administrative overrides. This means that no user, application, or process > will be able to write files or modify files in the root System folder or the > /bin, /sbin, and /usr directories, which are hidden by default in OS X¹s > Finder. The /usr/local folder will still be accessible though. > > By locking down the core system Apple will scupper the attempts of any malware > to gain access to files, folders, running processes (software that manages > tasks in the background) and system apps, such as the Finder and Dock. > This might lead to some changes in third party apps you use regularly, for > instance, prior to El Capitan Dropbox showed sync status in the Finder, > luckily this won¹t be gone completely, Apple has added generic code to support > it. > > How will Rootless effect app developers? > > Kernel extensions will still be allowed, but developers will need a valid > certificate from Apple to get them cryptographically signed. > > However developers of programs like SuperDuper! were busy trying to adapt to > the new way of working. SuperDuper needs to read everything on a drive to > perform a clone and, to restore or write anywhere. Which could make it > impossible to restore a volume without disabling System Integrity Protection. > > Update Note: Update SuperDuper! has now released SuperDuper 2.8(v96) and > available for automatic upgrade! SuperDuper 2.8(96) is El Capitan compatible. > > How will Rootless effect me in OS X El Capitan? > > These new security measures are designed to avoid the circumstances where a > user is fooled by some malware and types in their password, allowing a Trojan > horse to install. > > When you update to El Capitan any non-Apple files in those directories will be > removed. This might mean that some of the software you use no longer works, > but it¹s perhaps worth it if it removes horrors lucking within. > > What this means is that it will no longer be the case that a superuser, or > root, can do anything to the system. Root is something that is fundamental to > Unix. However, because it is possible to have this root power on Unix (on > which OS X is based) OS X is vulnerable to attack if a malicious user gains > root access. > > Can I disable Rootless in OS X El Capitan? > > It is possible to disable this protection, however I would certainly NOT > recommend you do and therefore won¹t post to WAMUG mailing list how to disable > Rootless. Apple especially in El Capitan is doing everything possible to keep > your System (& you) Safe, so why break it? > > Changes to two-factor verification for Apple ID > > Two-factor authentication: Apple has beefed up security by adding two-factor > authentication for your Apple ID in El Capitan and iOS 9. > > Apple¹s current ³two-step² system requires users to specify a trusted device > or trusted phone number to which a four-digit code can be sent which you can > use to confirm your identity. Without both the password and verification code > you won¹t be able to access your account. > > Apple has posted an explanation of its plans for two-factor authentication in > El Capitan and iOS 9, here > <https://developer.apple.com/support/two-factor-authentication/> . > Similar to the existing system, users will set up at least one iOS and OS X > device as ³trusted devices.² These devices appear in a list in your Apple ID > account and can be removed from there. They can be found in OS X in iCloud > system preferences, by clicking Account Details, and in iOS 9 in Settings > > iCloud > Account. You also have to verify at least one phone number. > > Following set up, whenever you sign in with your Apple ID on a new device or > browser, you will need to also verify your identity by entering your password > plus a six-digit verification code that will be displayed automatically on any > Apple devices you are already signed in to that are running iOS 9 or OS X El > Capitan. If you don¹t have one of your trusted Apple devices handy, you can > receive the code on your phone via a text message or via phone call instead. > > Cheers, > Ronni > > 13-inch MacBook Air (April 2014) > 1.7GHz Dual-Core Intel Core i7, Turbo Boost to 3.3GHz > 8GB 1600MHz LPDDR3 SDRAM > 512GB PCIe-based Flash Storage > > OS X Yosemite 10.10.2
-- The WA Macintosh User Group Mailing List -- Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> Settings & Unsubscribe - <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug>