Author: Daniel Risso

Delete an iCloud Account

--Originally published at Computer and Information Security

We commented last class about to have the right to delete our accounts and data from our providers so I decided to tray too errase an old Apple ID I "had"

It's seams that is easy to close an account according the Apple website but it isn't 

To erase an account I had to follow this steps:
  1. Answer the security questions
  2. Change my password
  3. Get an email and verify it
  4. Create a case to delete
  5. Call apple support with an case number
  6. Wait 20 min on the phone call
  7. Because I had a Developer Account scale the case to EUA
  8. Wait 15 min to get an Developer Representative 
  9. They have to re-check documentation and call me back
  10. I get an email to accept terms and condition TLDR 
  11. I get a call after two days to verify my request of close and agree by phone all the terms and conditions 
  12. I have to wait 48 h to gat my account deleted and my info erased

2FA

--Originally published at Computer and Information Security

After the last class TC2027 on Monday 14 and Ken's suggestion of using an "strong" password  I was trying to figure what is the matter with our "regular" password when we activate a 2FA like an SMS, phone call or Google Authentication App. 
So I research about it and made this small post about it.

What I found was many examples about how 2FA and MFA resides on really normal transactions like credit cards, banks and doors, to say that we are using 2FA we should have 2 of:


  • something you know
  • something you have
  • something you are 

    • Witch basically is adding security layers to the standard "something you know" user and password, based on that is easy to resolve my questions; 2 layers are better than just 1 and stronger layers improve security even further.

    Other point I found is that there is a problem on the recovery passwords features because normally this process avoid the use of 2FA so many services have implemented a 3FA for recoveries, like a third part contact or a Unique Security Key (64digit).

    And on the balance of Secure <-> Easy to Use you can mantiene it simple, even though it could be a problem to lose the 2nd factor or to access easily on a "new" device you can have special one use password for specific devices or apps.

    Right now I use 2FA only on my primary accounts (G Suit, iCloud, FB, Dropbox, Git) and use Keychain as password-management system to generate and save strong passwords for anything else and I cloud recommend you to do the same.


        References:
        https://www.google.com/landing/2step/
        https://www.cnet.com/news/two-factor-authentication-what-you-need-to-know-faq/
        https://www.lynda.com/Server-tutorials/Multifactor-authentication/606075/643304-4.html