Protect your companyâs most sensitive networked information and data with RSA SecurID two-factor authentication. RSA SecurID two-factor authentication is based on something you have (a software token installed in the Token app) and something you know (an RSA SecurID PIN), providing a more reliable level of user authentication than reusable passwords. Two factor authentication and Android mail client Good evening all. We are having a weird issue where, when we turn on two factor authentication from our Office365 tenant, via the azure AD portal, the base android email application will no longer connect our tenant. In the last few days I recognized the app Spar (from readdle), which is a mail app for iOS. Works fine and looks great, but there is one thing that bothers me: The app stores the email account's access token. So, if you use e.g. Gmail there is a special OAuth token. I'm using iCloud Mail with Two-factor authentication.
With two-factor authentication, you need an app-specific password to sign in to your account using third-party apps or services such as email, contacts, or calendar apps not provided by Apple. Follow these steps to generate an app-specific password. Email accounts: Outlook.com, Office 365 (work), Gmail, iCloud; Two Factor Authentication enabled for all email accounts; Problem Definition: I have two main problems: On my iOS devices, I am unable to send email from Outlook.com. When I configure the default Apple email client for my account, I provide my Outlook.com email address.
Two-factor authentication is a highly recommended feature available for Apple accounts. While it isnât perfect, it goes a long way toward protecting your Apple ID from being compromised if someone gets hold of your password.
On the other hand, there does appear to be a bug concerning 2FA and the Mail app in macOS.
Basically, if you upgrade to 2FA on your Apple account, you may run into issues actually using your iCloud email through the standard Mail app. Note that this only happens if you upgrade to 2FA on a device other than your Mac.
But if the bug has impacted you, you may be prompted to enter a password the next time you open Mail. Close open apps mac.
Typically, this means that youâve previously set up iCloud mail before enabling 2FA. Although you can try to enter any past passwords to authenticate, it wonât always work.
Basically, it all comes down to how macOS handles email accounts and other facets of iCloud. There are several system platforms that automate iCloud in Mac.
RELATED:
How to Fix Mail App issue after 2FA upgrade on your MacBook
To fix the password prompting on Mail after upgrading to 2FA, youâll want to follow several steps in order. Hereâs what to do.
You may run into two possibilities here.
If your iCloud account displays the iCloud logo and the labels âiCloudâ and âIMAP,â then you should technically be good to go. (Note: In a bit, weâll cover what to do if this is the case and itâs still not working.)
On the other hand, if thereâs an @ symbol next to the email account, then the account in question is not set up properly. In these cases, youâll want to follow these steps.
Then, youâll want to go to  > System Preferences > iCloud.
Make sure youâre logged into iCloud. If you werenât, this could have been causing the issue. Log in and you may see your iCloud email appear; it should now work normally.
On the other hand, if you are already logged into iCloud, take a look at the checkbox next to Mail.
While this will reset and possibly fix most 2FA-related Mail syncing issues, thereâs the chance that something else is wrong with your account.
If Mail still isnât working after the above steps (or your iCloud account has the IMAP and iCloud logo mentioned earlier), youâll want to contact Apple Support.
We hope that you found this short article helpful. Please let us know if you have any comments.
Mike is a freelance journalist from San Diego, California.
While he primarily covers Apple and consumer technology, he has past experience writing about public safety, local government, and education for a variety of publications.
Heâs worn quite a few hats in the journalism field, including writer, editor, and news designer.
Related Posts:
April 26th, 2019 by Oleg Afonin
Category: «Passwords & Human Factor», «Security»
In Appleâs land, losing your Apple Account password is not a big deal. If youâd lost your password, there could be a number of options to reinstate access to your account. If your account is not using Two-Factor Authentication, you could answer security questions to quickly reset your password, or use iForgot to reinstate access to your account. If you switched on Two-Factor Authentication to protect your Apple Account, you (or anyone else who knows your device passcode and has physical access to one of your Apple devices) can easily change the password; literally in a matter of seconds.
But what if you do know your password and your passcode but lost access to the only physical iOS device using your Apple ID and your SIM card at the same time? This could easily happen if you travel abroad and your phone is stolen together with the SIM card. There could be an even worse situation if your trusted phone number is no longer available (if, for example, you switched carrier or used a prepaid line and that line has expired).
Itâs particularly interesting if you have a child under the age of 13 registered in your Family Sharing, and the child loses their only iOS device (at that age, they are likely to have just one) and their phone number (at that age, they are likely to use prepaid service). So let us explore what happens to your Apple Account if you lose access to your secondary authentication factor, and compare the process of regaining control over your account in Apple and Google ecosystems.
Apple Account: Two-Factor Authentication
If you are not familiar with two-factor authentication, go ahead and read this Appleâs article: Two-factor authentication for Apple ID. Itâs good reading and really explains a lot of things (but doesnât cover some others).
This is not the first time we write about two-factor authentication (Exploring Two-Factor Authentication is the most recent write-up thatâs still worth reading). In fact, this is not even the first time weâre writing about the ugly side of two-factor authentication. Year over year, we couldnât help but observe that Apple are making 2FA a way too powerful tool. Two-factor authentication had slowly mutated from being a roadblock to unauthorized account access into something else. Something that can be used to change oneâs account password in a click, remove factory reset protection and disable iCloud lock/Find My iPhone. Today, your second authentication factor has become way more important than your password. Letâs compare what you can and cannot do with your login/password and your trusted device as your second authentication factor.
Log in to Apple Account
Factory resetting the iPhone, turning off iCloud Lock
Restore new device from iCloud backup
![]() If you lost your password
Losing the password to your Apple ID is no big deal. After all, companies have been dealing with lost passwords for decades. Well-established mechanisms exist allowing you or anyone else who has access to your SIM card or your iPhone (and knowing your passcode to that phone) to easily change or reset your account password.
Option 1: you can change the password if you have at least one trusted device acting as your second authentication factor.
Option 2: you can use iforgot.apple.com to reset your password. If you still have one of your devices that can receive a push notification via the 2FA mechanism, resetting the password takes less than a minute.
Option 3: there are plenty of other options allowing you to reset your Apple ID password if you still have access to your second authentication factor (be it a trusted device or a SIM card with a trusted phone number).
Security consequences of losing the password
There are no severe consequences to your personal information when losing your Apple ID password if you havenât also lost your second authentication factor.
The only Apple service one can use without your second authentication factor is Find My Phone. In worst case scenario, a malicious person may remotely lock all your devices registered on that Apple ID (you can unlock them and change your Apple ID password) or remotely wipe your devices (in this case you lose data, but can change your Apple ID password and restore from a backup).
What counts as a second authentication factor?
The following items count as your second authentication factors:
Did you notice a trend here? Only your Apple device OR your trusted phone number can become your second authentication factor. No QR codes you could back up and no Windows/Android devices to serve as backups.
So what happens if you only have one Apple device (e.g. an iPhone or, say, an iPad mini) and one trusted phone number, and suddenly lose access to both?
Mac Mail Apps That Work With Two Factor Authentication UsingIf you lost your second authentication factor: Apple ID
Interestingly, losing your second authentication factor presents a truly unsolvable challenge. As in, if you lost access to ALL your trusted devices AND your trusted phone number, you are so out of luck â even if you know your account password and the passcode.
One may suggest that losing access to all instances of the second authentication factor would be highly unlikely (in fact, not that unlikely).
Security consequences of losing the second authentication factor
There may be severe consequences if youâve lost your second authentication factor.
If you lost your iPhone, iPad or other Apple device WITHOUT a SIM card in it: a malicious person must first unlock it to access the second authentication factor. If you are using secure lock screen, the chance of successful unlock is low.
If you lost your trusted SIM card (with or without the iPhone): a malicious person may be able to reset your Apple Account password, remotely lock/erase your other devices, download your iCloud backups and some synchronized data (such as calendars, iCloud mail, photos and so on).
They will not gain access to any of the following: your passwords stored in iCloud Keychain; your Health data (if you were using iOS 12.0 or newer); your messages (text messages and iMessage history); some app data (e.g. Authenticator secrets, Gmail messages, chat logs in many instant messengers etc.)
Account recoveryMac Mail Apps That Work With Two Factor Authentication Problems
A very common scenario for Apple users is losing their only iPhone while traveling. Without two-factor authentication, replacing the device would be as easy as buying a new one and restoring from the cloud backup. However, the lack of a trusted device and the loss of the only trusted SIM card puts travelers in an unfortunate situation where their only option is wait.
With Two-Factor Authentication, Apple introduced an automated way to reinstate account access. In most situation, a lengthy wait is imposed. Providing certain bits of additional information such as the registered phone number(s) can theoretically speed up the recovery.
Users are advised to go to iforgot.apple.com and follow the prompts. Even though the process is automated, recovery may take a very long time. According to Apple, âIf you use two-factor authentication and canât sign in or reset your password, you can regain access after an account recovery waiting period.â âWhen the wait period is over, Apple sends you a text or automated phone call with instructions to regain access to your account. Follow the instructions to immediately regain access to your Apple ID.â
Securing Children Accounts: Family Sharing, Screen Time and Two-Factor Authentication
Family Sharing is a great way to share oneâs purchases with up to six family members. Apple recommends everyone, including minors, to use their very own Apple IDs on their personal devices. Adding children to your Family Sharing account also enables you to take control of how they use their devices by enabling Screen Time. How to download apps on mac. In order for Screen Time to provide you with remote control over the childâs device through iCloud, youâll be forced to add Two-Factor Authentication to your childâs account.
Adding children who are less than 13 years age to your family group is a one-way venue. For reasons unknown, Apple does not allow removing underage children from Family Sharing (not even by disbanding the family). As a result, if your child loses access to their (only) device and their trusted phone number at the same time, you may be stuck with an inactive Apple ID in your family that occupies one of the six available sharing slots. This is especially true if you didnât bother registering a non-iCloud email for your child, making â[email protected]â not only their Apple ID but their only email address as well.
Appleâs official recommendation is pushing the childâs account to another family group (a telephone conversation with Apple support left me with a clear impression of them suggesting you to make a fake Apple ID to push that stuck child away; donât ask me why Apple chose to do it this way).
Think Different: How Google Handles Secondary Authentication
When it comes to two-factor authentication, Google is pretty much the direct opposite of Apple. Google does not tie you to any particular ecosystem, allowing you to use any (and I mean, any) device as your second authentication factor. Letâs just list what can act as 2FA in Googleâs world:
Mac Mail Apps That Work With Two Factor Authentication Key
If you lost your second authentication factor: Google Account
Google recognizes the issue of 2FA codes not being available after your phone is lost or stolen, and has a comprehensive write-up on the issue: Common issues with 2-Step Verification. Google makes its point by suggesting you use your backup options to sign in to your Google Account. Since Google is offering a much wider choice of secondary authentication factors, this suggestion does not look like a mockery, which we feel is the case with Apple.
If none of the backup options are available but you can still use your computer, you may be able to use that computerâs Web browser as a secondary authentication factor. If you are signed in to your Google Account in your computer (e.g. in the Chrome browser) and you asked Google to no longer prompt for 2FA codes on that device, you can simply open the Google Two-Step Verification page, type in your Google Account password and reset your two-factor authentication options. As an example, you can generate a new set of backup codes to allow you sign in to your Google Account instantly on a new Android phone, which will then become your secondary authentication factor.
If you have exhausted all of your backup options and donât have access to a computer with trusted Web browser, youâll have to go through the automated Account Recovery procedure. We tried following this procedure after deliberately losing the second authentication factor (but still specifying the correct password). Unfortunately, this can be hit or miss. In our test, not only was our recovery attempt unsuccessful, but Google has temporarily blocked access to the test account we were attempting to recover, requiring us to change the password.
Regaining access to Google child accounts via Family Link
Just like Apple, Google also allows users creating a family to share their purchases across several Google accounts. On Android devices, Google Family Link offers similar functionality to Apple Screen Time, allowing you to control how your children use their Android devices.
Google implements a very different approach to securing children accounts. While children under the age of 13 cannot set up their accounts to use two-factor authentication, it does not mean that anyone who knows the password can sign in. In order to log in to the childâs account, the sign-in must be approved by one of the authorized adult supervisors. An adult must enter a password to their Google Account (and pass 2FA) in order to authorize the childâs sign in.
If the child loses their only Apple device and their only trusted phone number, in Appleâs world theyâll be denied access to their Apple Account. Their parents can do very little (or nothing at all) to regain control over such accounts.
Google does not believe that this is an acceptable trade-off between security and convenience, and offers parents or legal guardians an easy way to regain control over the childâs account: one can simply reset the childâs password right away through the Family Link app (which, coincidentally, can be run on Android and iOS devices).
![]() Mac Mail Apps That Work With Two Factor Authentication GuideConclusion
Both Apple and Google have their own implementations of two-factor authentication. In this article, we reviewed the differences between the two implementations in situation when the user, while still knowing their password, loses access to the secondary authentication factor. In addition, we reviewed the differences in accessing dependent (child) accounts in Apple and Google ecosystems.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |