Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




BDFL - Memuneh
60004 posts

Uber Geek
+1 received by user: 11104

Administrator
Trusted
Geekzone
Lifetime subscriber

Topic # 195036 3-Apr-2016 19:15
Send private message

I was sitting here reading something when my phone beeped with a SMS notification. From Apple, with an Apple ID Verification Code (two factor authentication is enabled in my account). I only use this for iTunes - and haven't used iTunes in a couple of years now, with Amazon Fire TV, Netflix and Hulu.

 

No, this is not a phishing SMS. There's no link or request to reply. It's just the standard SMS Apple sends for 2FA.

 

So I logged into my account and get a new verification code. Yep, from same SMS number and same wording. I change my password and all is good.

 

Now, this begs the question: to get the SMS sent to your phone the correct email and password must have been entered. How did someone else have that? My iTunes password is unique and long. Never used it anywhere else and a search doesn't show it anywhere.

 

Have you seen any strange activity in your account lately?





Create new topic
What does this tag do
932 posts

Ultimate Geek
+1 received by user: 191

Subscriber

  Reply # 1525323 3-Apr-2016 19:26
Send private message

Haven't had any strange activity here.. Couldn't be someone trying to reset your password?



BDFL - Memuneh
60004 posts

Uber Geek
+1 received by user: 11104

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1525324 3-Apr-2016 19:28
Send private message

Do they send the 2FA SMS on password reset request?

 

Also strange because this specific account doesn't use my freitasm@... email address, but a made up word email address.





 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software
What does this tag do
932 posts

Ultimate Geek
+1 received by user: 191

Subscriber

  Reply # 1525326 3-Apr-2016 19:34
Send private message

Actually don't think they would send on password reset except perhaps if had answered security questions correctly.
I wonder if someone was trying to add your mobile number as a second factor.. Nothing stopping one mobile number being the second factor for several accounts.

When I log in it prompts before sending SMS (and shows the last digits of the phone number) - surely someone would see that and realise they didn't have access to the mobile before sending it? Or maybe it only prompts because I have multiple numbers added



BDFL - Memuneh
60004 posts

Uber Geek
+1 received by user: 11104

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1525328 3-Apr-2016 19:45
Send private message

jnimmo: I wonder if someone was trying to add your mobile number as a second factor.. Nothing stopping one mobile number being the second factor for several accounts.

 

Now this is a possibility, I didn't think of that.





Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Amazon launches the International Shopping Experience in the Amazon Shopping App
Posted 19-Apr-2018 08:38


Spark New Zealand and TVNZ to bring coverage of Rugby World Cup 2019
Posted 16-Apr-2018 06:55


How Google can seize Microsoft Office crown
Posted 14-Apr-2018 11:08


How back office transformation drives IRD efficiency
Posted 12-Apr-2018 21:15


iPod laws in a smartphone world: will we ever get copyright right?
Posted 12-Apr-2018 21:13


Lightbox service using big data and analytics to learn more about customers
Posted 9-Apr-2018 12:11


111 mobile caller location extended to iOS
Posted 6-Apr-2018 13:50


Huawei announces the HUAWEI P20 series
Posted 29-Mar-2018 11:41


Symantec Internet Security Threat Report shows increased endpoint technology risks
Posted 26-Mar-2018 18:29


Spark switches on long-range IoT network across New Zealand
Posted 26-Mar-2018 18:22


Stuff Pix enters streaming video market
Posted 21-Mar-2018 09:18


Windows no longer Microsoft’s main focus
Posted 13-Mar-2018 07:47


Why phone makers are obsessed with cameras
Posted 11-Mar-2018 12:25


New Zealand Adopts International Open Data Charter
Posted 3-Mar-2018 12:48


Shipments tumble as NZ phone upgrades slow
Posted 2-Mar-2018 11:48



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.