Lost Mode locks your screen with a passcode and lets you display a custom message with your phone number to help you get it back.
You can also remotely erase your device if needed, and your custom message continues to display even after the device is erased.
In the meantime, the PCI Council has come out with an MFA Supplement that sets forth some guidelines that may possibly be incorporated into the standard at some point in the future.
In this case, one of the security threats PCI is addressing is an attacker trying to guess (or brute force) an account’s username and password.
It’s a common tactic, and many security assessors and penetration testers disapprove of the notion of letting anyone know what they got wrong in a login sequence, just in case it’s an attacker.
Even if an attacker manages to use the right username and password, Duo’s push notification gives the details of the secondary request, allowing the original user to indicate that the request is fraudulent and deny it.
The next part of this PCI guideline reads: “If an unauthorized user can deduce the validity of any individual authentication factor, the overall authentication process becomes a collection of subsequent, single-factor authentication steps, even if a different factor is used for each step.” We don’t agree with this arbitrary division of a multi-factor authentication process into “steps” just because the user receives feedback on the primary authentication success or failure.
Find My i Phone includes Activation Lock—a feature that's designed to prevent anyone else from using your i Phone, i Pad, i Pod touch, or Apple Watch if it's ever lost or stolen.
Activation Lock is enabled automatically when you turn on Find My i Phone.But anyone who has had to staff a help desk knows how frustrating it is for the user, who may not even be sure of the username, much less the password.The conventional assumption that a user always knows and remembers their username dates back to a time in which everyone only had one or two accounts, usually just for work.When you turn on Find My i Phone on your i Phone, i Pad, or i Pod touch, your Apple ID is securely stored on Apple’s activation servers and linked to your device.From that point on, your Apple ID password or device passcode is required before anyone can turn off Find My i Phone, erase your device, or reactivate and use your device.When you’re trying to parlay a multi-factor authentication (MFA) product into a solution that complies with current requirements and stays ahead of future ones, it’s hard to tell which way the ship is sailing — especially when you run up against parts that are more what you’d call guidelines than actual rules.