Skip App Verification Mac

An app designed to verify votes in a key state in the US election has been blocked by Apple. The app used the state of Pennsylvania’s online tool for verifying the status of an election ballot.

How it works

With two-factor authentication, only you can access your account on a trusted device or the web. When you want to sign in to a new device for the first time, you'll need to provide two pieces of information—your password and the six-digit verification code that's automatically displayed on your trusted devices or sent to your phone number. By entering the code, you're verifying that you trust the new device. For example, if you have an iPhone and are signing into your account for the first time on a newly purchased Mac, you'll be prompted to enter your password and the verification code that's automatically displayed on your iPhone.

Because your password alone is no longer enough to access your account, two-factor authentication dramatically improves the security of your Apple ID and all the personal information you store with Apple.

Once signed in, you won’t be asked for a verification code on that device again unless you sign out completely, erase the device, or need to change your password for security reasons. When you sign in on the web, you can choose to trust your browser, so you won’t be asked for a verification code the next time you sign in from that computer.

Trusted devices

A trusted device is an iPhone, iPad, or iPod touch with iOS 9 and later, or Mac with OS X El Capitan and later that you've already signed in to using two-factor authentication. It’s a device we know is yours and that can be used to verify your identity by displaying a verification code from Apple when you sign in on a different device or browser. An Apple Watch with watchOS 6 or later can receive verification codes when you sign in with your Apple ID, but cannot act as a trusted device for password resets.

Trusted phone numbers

A trusted phone number is a number that can be used to receive verification codes by text message or automated phone call. You must verify at least one trusted phone number to enroll in two-factor authentication.

You should also consider verifying an additional phone number you can access, such as a home phone, or a number used by a family member or close friend. You can use this number if you temporarily can't access your primary number or your own devices.

Verification codes

A verification code is a temporary code sent to your trusted device or phone number when you sign in to a new device or browser with your Apple ID. You can also get a verification code from Settings on your trusted device.

A verification code is different from the device passcode you enter to unlock your iPhone, iPad, or iPod touch.

Set up two-factor authentication for your Apple ID

You can follow these steps to turn on two-factor authentication on your device. Learn more about the availability of two-factor authentication.

Turn on two-factor authentication on your iPhone, iPad, or iPod touch

Turn on two-factor authentication in Settings

If you're using iOS 10.3 or later:

Go to Settings > [your name] > Password & Security.
Tap Turn On Two-Factor Authentication.
Tap Continue.

If you're using iOS 10.2 or earlier:

Go to Settings > iCloud.
Tap your Apple ID > Password & Security.
Tap Turn On Two-Factor Authentication.
Tap Continue.

You might be asked to answer your Apple ID security questions.

Enter and verify your trusted phone number

Enter the phone number where you want to receive verification codes when you sign in. You can choose to receive the codes by text message or automated phone call.

When you tap Next, Apple sends a verification code to the phone number you provided.

Enter the verification code to verify your phone number and turn on two-factor authentication.

Turn on two-factor authentication on your Mac

If you're using macOS Catalina:

Choose Apple menu  > System Preferences, then click Apple ID.
Click Password & Security under your name.
Click Turn On Two-Factor Authentication.

If you're using macOS Mojave or earlier:

Choose Apple menu  > System Preferences, then click iCloud, and select Account Details.
Click Security.
Click Turn On Two-Factor Authentication.

Some Apple IDs created in iOS 10.3 or macOS 10.12.4 and later are protected with two-factor authentication by default. In this case, you see that two-factor authentication is already turned on.

Create an Apple ID with two-factor authentication on the web

If you don't have an iPhone, iPad, iPod touch, or Mac, you can create a new Apple ID with two-factor authentication on the web.

Learn how to create an Apple ID on the web.

If you have an Apple ID that's not protected by two-factor authentication, some Apple web sites might ask you to update your account.

What to remember when you use two-factor authentication

Two-factor authentication significantly improves the security of your Apple ID. After you turn it on, signing into your account will require both your password and access to your trusted devices or trusted phone number. To keep your account as secure as possible and help ensure you never lose access, there are a few simple guidelines you should follow:

Remember your Apple ID password.
Use a device passcode on all your devices.
Keep your trusted phone number(s) up to date.
Keep your trusted devices physically secure.

Manage your account

You can manage your trusted phone numbers, trusted devices, and other account information from your Apple ID account page.

Keep your trusted phone numbers up to date

To use two-factor authentication, you need at least one trusted phone number on file where you can receive verification codes. Consider verifying an additional trusted phone number other than your own phone number. If your iPhone is your only trusted device and it is missing or damaged, you will be unable to receive verification codes required to access your account.

You can update your trusted phone numbers when you follow these steps:

Go to your Apple ID account page.
Sign in with your Apple ID.
Go to the Security section and click Edit.

Skip Verification Apk App

If you want to add a phone number, click Add a Trusted Phone Number and enter the phone number. Choose to verify the number with a text message or automated phone call, and click Continue. To remove a trusted phone number, click next to the phone number you want to remove.

View and manage your trusted devices

You can view and manage a list of your trusted devices on iOS, macOS, and in the Devices section of your Apple ID account page.

On iOS:

Go to Settings > [your name].
Select a device from the list.

On macOS Catalina: Best mac app.

Choose Apple menu  > System Preferences.
Select Apple ID.
Select a device from the sidebar.

On macOS Mojave or earlier:

Choose Apple menu  > System Preferences.
Select iCloud, then click Account Details.
Click the Devices tab.
Select a device from the list.

On the web:

Go to your Apple ID account page.
Sign in with your Apple ID.
Go to the Devices section.

The device list shows the devices that you're currently signed in to with your Apple ID. Select a device to view device info like the model and serial number. Below that you can see other useful information, including whether or not the device is trusted and can be used to receive Apple ID verification codes.

You can also remove a trusted device by selecting Remove from Account from the device list. Removing a trusted device will ensure that it can no longer display verification codes and that access to iCloud, and other Apple services on the device, is blocked until you sign in again with two-factor authentication. If you need to find or erase your device before you remove it from your trusted device list, you can use Find My iPhone.

Generate app-specific passwords

With two-factor authentication, you need an app-specific password to sign in to your account using third-party apps or services such as email, contacts, or calendar apps not provided by Apple. Follow these steps to generate an app-specific password:

Sign in to your Apple ID account page.
Click Generate Password below App-Specific Passwords.
Follow the steps on your screen.

After you generate your app-specific password, enter or paste it into the password field of the app as you would normally.

Frequently asked questions

Skip Verification Apk

Need help? You might find the answer to your question below.

What if I forget my password?

You can reset or change your password from your trusted device or browser when you follow these steps.

On your iPhone, iPad, or iPod touch

Go to Settings > [your name]. If you're using iOS 10.2 or earlier, go to Settings > iCloud > tap your Apple ID.
Tap Password & Security > Change Password.
Enter a new password.

On your Mac

If you're using macOS Catalina:

Choose Apple menu  > System Preferences, then click Apple ID.
Click Password & Security, then click Change Password.

If you're using macOS Mojave or earlier:

Choose Apple menu  > System Preferences, then click iCloud.
Choose Account Details. If you're asked to enter your Apple ID password, click Forgot Apple ID or password and follow the onscreen instructions. You can skip the steps below.
Click Security > Reset Password. Before you can reset your Apple ID password, enter the password used to unlock your Mac.

On the web

If you don't have access to an iPhone, iPad, iPod touch, or Mac, you can reset or change your password from iforgot.apple.com.

What if I can't access a trusted device or didn't receive a verification code?

If you're signing in and don’t have a trusted device handy that can display verification codes, you can have a code sent to your trusted phone number via text message or an automated phone call instead. Click Didn't Get a Code on the sign in screen and choose to send a code to your trusted phone number. You can also get a code directly from Settings on a trusted device. Learn how to get a verification code.

If you use iOS 11.3 or later on your iPhone, you might not need to enter a verification code. In some cases, your trusted phone number can be automatically verified in the background on your iPhone. It’s one less thing to do, and your account is still protected with two-factor authentication.

If I can't sign in, how do I regain access to my account?

If you can’t sign in, access a trusted device, reset your password, or receive verification codes, you can request account recovery to regain access to your account. Account recovery is an automatic process designed to get you back in to your account as quickly as possible while denying access to anyone who might be pretending to be you. It might take a few days—or longer—depending on what specific account information you can provide to verify your identity.

Do I still need to remember any security questions?

No. With two-factor authentication, you don't need to remember any security questions. We verify your identity exclusively using your password and verification codes sent to your trusted devices and phone numbers. When you enroll in two-factor authentication, we keep your old security questions on file for two weeks in case you need to return your account to its previous security settings. After that, they're deleted.

Can Apple Support help me regain access to my account?

Apple Support can answer your questions about the account recovery process, but can't verify your identity or expedite the process in any way.

What are the system requirements for two-factor authentication?

For the best experience, make sure that you meet these system requirements on all of the devices you use with your Apple ID:

iPhone, iPad, or iPod touch with iOS 9 and later
Mac with OS X El Capitan and iTunes 12.3 and later
Apple Watch with watchOS 2 and later
Apple TV HD with tvOS
Windows PC with iCloud for Windows 5 and iTunes 12.3.3 and later

Can Apple IDs created for children use two-factor authentication?

Yes. Any Apple ID that meets the basic system requirements can enroll in two-factor authentication. Learn more about who can use two-factor authentication.

What if I don’t recognize the location shown in my sign in notification?

When you sign in on a new device, you’ll get a notification on your other trusted devices that includes a map showing the approximate location of the new device. This is an approximate location based on the IP address the device is currently using, rather than the exact location of the device. The location shown might reflect the network you're connected to, and not your physical location.

If you know you’re the person trying to sign in but you don’t recognize the location shown, you can still tap Allow and continue signing in. However, if you ever see a notification that your Apple ID is being used to sign in on a new device and you're not the one signing in, tap Don’t Allow to block the sign in attempt.

What if I use two-factor authentication on a device running older software?

If you use two-factor authentication with devices running older OS versions—like an Apple TV (2nd or 3rd generation)—you might be asked to add your six-digit verification code to the end of your password when signing in. Get your verification code from a trusted device running iOS 9 and later or OS X El Capitan and later, or have it sent to your trusted phone number. Then type your password followed by the six-digit verification code directly into the password field.

Can I turn off two-factor authentication after I’ve turned it on?

If you already use two-factor authentication, you can no longer turn it off. Certain features in the latest versions of iOS and macOS require this extra level of security, which is designed to protect your information. If you recently updated your account, you can unenroll within two weeks of enrollment. Just open your enrollment confirmation email and click the link to return to your previous security settings. Keep in mind, this makes your account less secure and means that you can't use features that require higher security.

Is this different than Apple’s older two-step verification feature?

Yes. Two-factor authentication is built directly into iOS, macOS, tvOS, watchOS, and Apple’s web sites. It uses different methods to trust devices and deliver verification codes, and offers a more streamlined user experience. You need two-factor authentication to use certain features that require improved security.

If you already use two-step verification and want to update to two-factor authentication, learn how to switch to two-factor authentication. If your account isn't eligible for two-factor authentication, you can still use two-step verification to protect your information.

November 28th, 2017 by Vladimir Katalov
Category: «Did you know that..?», «Elcomsoft News», «Security», «Tips & Tricks»

Who am I to tell you to use two-factor authentication on all accounts that support it? This recommendation coming from someone whose business is supplying law enforcement with tools helping them do their job might be taken with a grain of salt by an average consumer. Yet we still strongly believe that, however good a password you have to encrypt your local documents or NAS drives, any remotely popular online service absolutely requires an additional authentication factor.

We covered the risks related to passwords more than once. There is no lack of horror stories floating on the Internet, ranging from leaking private photos to suddenly losing access to all data and devices registered on a certain account. Today, smartphones store excessive amounts of information. If any of that data is synced with a cloud, the data will be shared with something other than just your device.

So what is that “other” thing that you need to secure access to your account? It might be something you have in addition to something you know. Something that cannot be easily stolen or accessed remotely. This is exactly what two-factor authentication is for.

All three major mobile companies, Apple, Google and Microsoft, offer very different implementations of two-factor authentication. Speaking Google, you have several convenient options: SMS (which is not really secure, and Google knows it), the recently added Google Prompt, the classic Google Authenticator app, printable backup codes, FIDO keys and a few more. (Spoiler: if you are on a different side and need to extract the data as opposed to protecting it, we have an app for that).

What about Apple? There are a few things you should definitely know about Apple’s implementation. The problem with Apple is that Apple accounts protected with two-factor authentication can be actually less secure at some points. Surprised? Keep reading.

Take Over That Person’s Account by Resetting Their iCloud Password

Move hidden app mac. If I get a dollar every time when asked how to reset iCloud password… Oh, wait; I will sure become a billionaire soon!

Jokes aside, resetting iCloud password has many legitimate purposes other than reusing a stolen iPhone. Sometimes the password can be extracted from different sources, but what if all known methods failed?

Neatly every system allows resetting the password if it is lost or forgotten. You just need to prove that you are you, the account owner; or have a legal right to access it.

Here is how it worked with Apple iCloud in “pre-2FA” times. You could reset your password through email, or by correctly answering the security questions. If you did not have access to your mail account anymore, forgot about your security questions, and somehow lost access to the trusted phone number, there was still an option of going through Apple support. While that could take a long time and may require telling Apple your personal data, such as a credit card. All these methods are described in Apple knowledge base:

Instructions are a bit confusing, but we wanted to concentrate on just a single case: if you have two-factor authentication enabled and have the passcode set.

We made a video for you (note: iOS 10 or later is required, 2FA should be enabled on the account, and the device should be passcode protected with a known passcode):

So all you have to do is just couple of clicks on the trusted iPhone, and you’ll have to enter a passcode once.

What Apple does not mention is that the passcode is not always required. We cannot say for sure, but it seems that the requirement to enter the passcode here is eliminated if the iPhone has been unlocked with it (but not Touch ID or Face ID) last time, or if that feature (changing the iCloud password) has been already used. After some time, however, you will be still prompted for the passcode – is it cached, or may be the special token is created? No idea.

What if you do not have an iPhone handy, but only have a Mac? It’s almost the same. Go to iCloud settings, and there you can set the new password without entering the old one. All you will be prompted for is the password you use to log in into your Mac.

(as a side note, that works the opposite way as well, i.e. you can reset Mac login password through the iCloud, but that’s a different story)

Is it a bug? Definitely not, it is in fact a convenience feature. But if you ask whether if creates a security risk, the answer is a reassuring “Yes”. All you need is a trusted device and the passcode (or a Mac password). Pease also note that the Mac password can be cracked (though not very easy); we have an app for that, too.

What if 2FA is not enabled on the account, or passcode (or login password in a case of Mac) is not set? You will be prompted for the old password (and sometimes even forced to answer security questions). But what if we enable 2FA or set the passcode first? No, that will not work either, try yourself and see what happens.

Eliminating the Second Factor

There was always just one workaround to access iCloud accounts protected with 2FA: using tokens instead of a password. We were the first who discovered it a long time ago, and it was a real breakthrough in iCloud acquisition.

Apple’s response was smart: they dramatically shortened the token’s lifetime. The token extracted from the desktop still works for most types of iCloud data, including files in iCloud Drive, iCloud Media Library and synced information (contacts, call logs, calendars, notes and Safari browsing history). However, if you try to use that token to download iCloud backups the next day, you can only obtain the list of devices and backups, but downloading fails.

The token extracted from the desktop is not the only one that we use. If you log on into 2FA-protected iCloud with Phone Breaker using a password, you are of course prompted for the second authentication factor as well. This could be a code send to the trusted device as a push notification, or a code generated on the device manually, or (now with the latest version) a code delivered to a trusted phone number as a text message (SMS). If the login was successful, EPB creates and saves its own token, and for all future requests to the same account make use of that token instead; this allows logging in without providing the second factor.

But again, the problem is with token expiration.

The solution? We have it now. And surprisingly, it uses the good old password (so the new token is generated every time), but does not require you to enter the second factor.

How could that be possible? Thanks to Apple’s new authentication scheme, GSA (GrandSlam Authentication) available in iOS 9+, macOS 10.11 and later. With this, one can use SMS to receive the security code. More importantly, this makes the computer “trusted”, so it does not ask for the second factor anymore.

Gmail Phone Verification Skip

This means that if you run Elcomsoft Phone Breaker 8.1 on the computer that is already logged into the cloud (the suspect’s computer), then all you need is a password to the account. That will be it! No push notification to the trusted devices, no SMS codes, nothing. And if you run EPB on another desktop, you will only have to provide the second factor once, and we will do the rest of the job (make the computer trusted) for you – but, in contrary to the token-based solution, no problems with expiration anymore. Of course, we will also save the password for you, so to get fresh portion of iCloud data, you only need to select the Apple ID from the list.

What about iCloud Keychain? About the same. No 2FA anymore, just login and password

Can we get data that makes the computer trusted and move it to another computer? Not at this time, but we are working on it. It is not as easy as copying a file; we’re still trying to figure out what exactly makes the computer “trusted”.