I love Apple.
ElcomSoft, the Russia-based maker of forensic software, has managed to find a way for crime investigators to access the data stored in Apple's iCloud Keychain, if Apple ID account credentials are available. Apple's iCloud Keychain is a remote copy of the password vault that's optionally available to users of iOS and macOS …
Wednesday 23rd August 2017 09:14 GMT Povl H. Pedersen
NOT. To get access to the keychain you need:
icloud username and pasword
and a verified device with 2FA.
Then you can get access to the keychain.
The only thing you bypass is really the local device password of the device having keychain access. Is this a problem ? Not really, but it means I will take my non-pasword protected iPad that the children uses, and move it to a family account.
Monday 28th August 2017 08:44 GMT SAdams
“Easily slurped” ?
Even for people who do not have 2FA - which Apple have pushed and users have to reject - you still need AppleID and password ? So its like single factor authentication ?
Moral of the story, if you use Keychain, use 2FA. And always use a unique password for your apple ID, and for any email accounts that may involve password resets.