More than four months after Tim Cook promised emailed login alerts and the reintroduction of two-factor authentication in the wake of the high-profile celebrity iCloud hacks, five Apple logins remain unprotected by the system. Hackers of NY founder Dani Grant used videos to demonstrate each of the vulnerabilities in a blog post.

Grant showed that two-factor authentication isn’t needed when using an unknown Mac to login to iMessage, iTunes, FaceTime, the App Store or Apple’s website. According to Grant, only one of the five services sent an email notification advising that an unknown device was used to log in … 

FaceTime was the sole service for which Apple sent an email notification, Grant said:


It should be noted that similar messages have been sent out by Apple in the past for iMessage as well, though the same protection is not currently offered by iTunes, the App Store, and Apple’s website.

While the iCloud ‘hacks’ didn’t involve any compromise of the service itself, relying instead on a combination of phishing and easily-guessed passwords or security questions, it did draw attention to the risks to technically-naive users (especially celebrities, who are forced to choose from a limited number of security questions whose answers can be easily researched).

Apple briefly introduced two-factor authentication for iCloud.com in June of last year, before reintroducing it shortly after the scandal. But as Grant illustrates, other Apple services remain vulnerable.

Check out the rest of the video demos on Medium.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear