Messages is the text-messaging software included with your Mac. Use it to send messages with iMessage, or to send SMS and MMS messages through your iPhone.

• 48
• 14
• 62

1. How to Get SMS Text Messages Across All Your Apple Devices. 9/24/20 12:30PM. If you have an iPhone, then you know the joys of iMessage.
2. Apple launched iMessage as an alternative to the WhatsApp-style over-the-top messengers, adding rich functionality and security, but limiting that to the Apple user community. Because iMessage.

Multi-factor authentication is the new reality. A password alone is no longer considered sufficient. Phishing attacks, frequent leaks of password databases and the ubiquitous issue of reusing passwords make password protection unsafe. Adding “something that you have” to “something that you know” improves the security considerably, having the potential of cutting a chain attack early even in worst case scenarios. However, not all types of two-factor authentication are equally secure. Let’s talk about the most commonly used type of two-factor authentication: the one based on text messages (SMS) delivered to a trusted phone number.

SMS-based two-factor authentication

Two-factor authentication (2FA) adds an extra layer of security to your online accounts by requiring an additional factor such as a one-time password, time-limited code, an action performed on a trusted device, or a physical token. After signing in with your login and password, you’ll need to provide the additional – second – authentication factor. The most commonly second authentication factors used by Apple, Google and Microsoft are codes sent via SMS and prompt through an authentication app, while many major services such as Amazon, Facebook, Dropbox and PayPal rely on time-limited codes generated offline in standard “authenticator” apps using the TOTP protocol.

The use of the second authentication factor means that a hacker would need have both the user’s password and their second authentication factor. While different companies employ a diverse range of various authentication factors, SMS-based two-factor authentication still remains among the most commonly used – and the least secure types.

There are many things wrong with SMS-based two-factor authentication. For one, receiving a text message while traveling may be a very expensive option, or not an option at all depending on the roaming agreements between your mobile provider and the providers of your destination country. Text messages, especially when roaming, may arrive with a significant delay, with the code already expired by the time it arrives.

SMS-based two-factor authentication is also less secure than using alternative methods. While approving a push message (trusted device authentication) would generally require unlocking the phone by entering a PIN code or using biometrics, which more or less guarantees that the authentication prompt is confirmed by an authorized user, an SMS can be received by anyone who can pull a SIM card. Granted, SIM cards can be protected with a PIN, but how many users still have that?

Text messages can be intercepted even without the original physical SIM card. Hackers use social engineering to trick carriers into swapping a ‘lost or stolen’ SIM card. There have been reports of them using fake ID’s, fake power of attorney and plain old bribery to convince employees. Sometimes hackers port the number away to an online service using nothing more than a prepaid credit card as their proof of identity. In other words, there are simply way too many things wrong with security based on SIM cards.

There are also vulnerabilities in the mobile telecom system such as the renowned vulnerability in the SS7protocol. The SS7 attack enables a hacker intercept voice and SMS communications on a cellular network. According to telecommunications experts, all a cyber criminal would need to successfully launch an SS7 attack are a computer running Linux and the SS7 SDK – both free to download from the Internet.

Once the hacker has access to a trusted phone number, they can gain full control over the victim’s Apple Account, including but not limited to the following:

1. Resetting Apple ID password
2. Setting up a new device and restoring iCloud backups
3. Downloading iCloud backups and many types of synchronized data (excluding end-to-end encrypted categories)
4. Lock or erase the user’s other devices (possibly demanding ransom for unlocking)

All of this makes two-factor authentication based on text messages a very bad idea, so Apple implemented a different, significantly more secure approach.

Two-factor authentication based on trusted devices

Apple ecosystem employs two-factor authentication based on trusted devices. If you enroll an Apple iOS or macOS device such as an iPhone or a MacBook to your 2FA-enabled Apple Account, that device automatically becomes a trusted second authentication factor. Since Apple does not allow any device from outside of the company’s walled garden, users can only designate their iPhone, iPad or Mac as a trusted device.

There are several methods of using a trusted device as the second authentication factor. The push prompts:

A trusted device is an iPhone, iPad, or iPod touch with iOS 9 and later, or Mac with OS X El Capitan and later that you’ve already signed in to using two-factor authentication. It’s a device we know is yours and that can be used to verify your identity by displaying a verification code from Apple when you sign in on a different device or browser. An Apple Watch with watchOS 6 or later can receive verification codes when you sign in with your Apple ID, but cannot act as a trusted device for password resets. Two-factor authentication for Apple ID

And the verification codes:

Sms Apple Cider Vinegar

A verification code is a temporary code sent to your trusted device or phone number when you sign in to a new device or browser with your Apple ID. You can also get a verification code from Settings on your trusted device.

Both methods require the user to first unlock their device by using biometrics or typing their screen lock password. A hacker cannot use a stolen device for the purpose of receiving two-factor authentication codes without first unlocking the device, which, after a short while, will require entering the screen lock password. The screen lock password is a hallmark of Apple’s security model; there is hardly anything so vigorously protected in the entire ecosystem. In other words, device-based two-factor authentication is a modern, highly secure authentication system.

The problem of closed-ecosystem two-factor authentication

It may appear that two-factor authentication based on trusted devices, as implemented by Apple, is a secure and reliable system. In fact, it is. The problem lies slightly outside the scope of “trusted device 2FA”.

Imagine that the user lost access to their last owned Apple device, or only owned one device in the first place. Even if they can provide their password, there would be no easy way to regain access over an Apple Account once all possible methods of obtaining a second authentication factor are exhausted. (Quite the opposite is true if the user forgets their password but still has access to their second authentication factor: resetting the Apple ID password will be instant after only a few taps on the trusted device. This makes me wonder whether the password or the trusted device is actually the second authentication factor).

In The Ugly Side of Two-Factor Authentication, I have already described what happens if the user has no access to the second authentication factor. The user would have to follow the instructions outlined in Recover your Apple ID when you can’t reset your password. This is a step-by-step process, during which the user is asked to provide as much details about their account as possible. This may include trusted phone numbers, any credit cards on file, and possibly other information.

Depending on how much information the user has on file with Apple, and how much of that information they can remember during the recovery process, Apple may or may not grant access to the user’s account. Even if the decision is made in the user’s favor, Apple imposes a lengthy waiting period of multiple days. In any case, this is a lengthy process with no guaranteed outcome.

Obviously, all this would be a great hassle if users would have to pass through the recovery process every time they upgrade their (only) iPhone. For this reason, Apple made a firm requirement: two-factor authentication requires at least one trusted phone number on file.

A trusted phone number is a number that can be used to receive verification codes by text message or automated phone call. You must verify at least one trusted phone number to enroll in two-factor authentication. Two-factor authentication for Apple ID

If the user cannot access (or does not have) any trusted devices, Apple will send a text message (SMS) to the trusted phone number on file. Which brings us back to the weaknesses and vulnerabilities of SMS-based two-factor authentication.

Conclusion

The system is only as secure as its weakest link. In the case of Apple’s implementation of two-factor authentication, the weakest link is SMS-based authentication. Apple is the only major cloud provider that still insists on users having at least one trusted phone number on file, making the whole two-factor authentication scheme as flawed as SMS-based authentication in whole.

• 48
• 14
• 62

With Messages for Mac, you can send unlimited messages to any Mac, iPhone, iPad, or iPod touch that uses iMessage, Apple's secure-messaging service. iPhone owners can use it for SMS and MMS messages, too.

Set up iMessage

iMessage is the Apple messaging service you get automatically with your Apple ID.If Messages asks you to sign in, use the same Apple ID that you use with Messages on your iPhone and other devices. It's usually the same Apple ID that you use for iCloud, the iTunes Store, the App Store, and the account you created when you first set up your Mac.

Learn what to do if you get an error when trying to sign in to iMessage.

Have a conversation

1. Click the New Message button at the top of the Messages window.
   
2. Type the recipient's name, email address, or phone number, or click and choose a recipient. If they're in your Contacts app, Messages finds them as you type. To start a group conversation, just add more recipients.
   
3. Type your message in the field at the bottom of the window, then press Return to send it.
   • To include emoji, click .
   • To include an image or other file, just drag or paste it into the message field.
   • To include an audio recording, click and record your message.
   • To add other items, such as Memoji stickers, GIFs, and message effects, click the apps button .
4. After starting a conversation, click the Information button (or Details) in the upper-right corner of the window to take actions such as these:
   • Use FaceTime to start an audio call or video call .
   • Share a screen .
   • Hide alerts, so that you aren't disturbed by notifications about the conversation.
   • Share your location temporarily or indefinitely, or send your current location. You can also see the recipient's location—if they're sharing their location with you.
   • See all of the photos and files that were exchanged in the conversation.
   • Customize the group, such as by changing the group's name or photo, adding members to the group, or leaving the group. If the group has four or more members, you can remove members: Control-click the member's name, then choose Remove from Conversation.

New in macOS Big Sur

macOS Big Sur introduces new features to improve conversations:

• Pin a conversation to the top of the conversation list so that you can quickly get to it. Just Control-click the conversation to open a shortcut menu, then choose Pin.
• Help bring your message to the attention of a group member: Either click their name after you type it, or include the @ symbol before their name: “@Jocelyn, see you then!” When you mention someone, their name is highlighted in the message, and they will receive a notification letting them know they’ve been mentioned.
• Create an inline reply to a specific message in a conversation: Control-click the message to open a shortcut menu, then choose Reply. Or click a bubble to select it, then press Command-R.
• Use iMessage apps to add effects to your message.

Sms Apples

Use iMessage apps

Starting with macOS Big Sur, Messages includes iMessage apps near the message field. Use it to choose items from your Photos library, add Memoji stickers, add trending GIFs using #images, and use Message Effects such as balloons, confetti, or lasers.

Add a tapback to a message

A Tapback is a quick response that expresses what you think about a message, such as that you like it or think it's funny. Your Tapback is visible to everyone in the conversation who is using iMessage.

1. Control-click a message bubble to open a shortcut menu.
2. Choose Tapback from the menu.
3. Click a Tapback to add it to the message bubble.

Here's another way to add a Tapback: Click a bubble to select it, then press Command-T.

Use Siri to send messages

You can also use Siri to send, read, and reply to Messages. Examples:

• ”Send a message to Susan and Johnny saying I'll be late' or ”Tell Johnny Appleseed the show is about to start” or ”Text a message to 408 555 1212.”
• ”Read the last message from Brian Park” or ”Read my new messages.”
• ”Reply that's great news” or ”Tell him I'll be there in 10 minutes.”

Send text messages to anyone

If you have an iPhone with a text messaging plan, learn how to set up text message forwarding so you can send and receive SMS and MMS messages from your Mac.

Delete a message or conversation

When you delete a message or conversation, it's permanent: You can't get it back.

Delete a message

1. Click a message bubble to select it.
2. Choose Edit > Delete.
   

Delete a conversation

1. Control-click a conversation to open a shortcut menu.
2. Choose Delete Conversation.
3. Click Delete.

FaceTime is not available in all countries or regions.