Does this e-mail from Apple look legitimate?

[Gary S]

It was too much of a hassle to change to a one step code so I'm sticking with the 2-step code.

[Paddy]

QUOTE(Gary S @ Mar 7 2017, 04:13 PM) <{POST_SNAPBACK}>

It was too much of a hassle to change to a one step code so I'm sticking with the 2-step code.

Well, don't lose that 6 digit verification code!

I'm glad I never turned it on.

[Gary S]

Paddy,    to you too smarty pants.  

I couldn't even sign into the cloud on my new iPad last night.

To switch over to the one step code, I need another email address and I don't want to get another e-mail address from Charter or Yahoo. Have any suggestions?

[Xairbusdriver]

Not sure why you don't want another email address from anyone, especially if they are already being paid for. Most ISPs give you at least two addresses, some many more. Nor do you have to use every address you have. Many suggest using one as a 'throw-away' account hat you can use to sign into places you do not want to start ending junque email. If they do, just drop that address and let the SPAM fall into the great bitbucket in the web.

Of course, here's always gMail which rank right up there with Hotmail. Personally, Google collects enough on me without having a "free" account with them.

[Gary S]

QUOTE

Personally, Google collects enough on me without having a "free" account with them.

I hear you Jim.

[Paddy]

Yes, Google collects info - but on the upside, their email service is pretty darn good. Very good spam filtering for one thing. I have at least 4 Gmail accounts. I also have several Yahoo accounts.

Zoho is another freebie alternative: http://zoho.com - lots of options

And then there is Outlook - https://www.microsoft.com/en-us/outlook-com/?cb=v8ho - formerly known as Hotmail, (but without the automatic association with throwaway/spam) - you can get an email addy there and then use it in Apple Mail.

https://computers.tutsplus.com/tutorials/ho...look--mac-54038 - not sure if this is still correct as it's from 2013 and it's possible the default is now IMAP. You'd have to try it to see.

Other than Gmail, those are the most reliable ones I'm aware of.

[Xairbusdriver]

Somewhat related recent event: WikiLeaks releases US Government hacking tools
The "related" part is in the comment at the end of the linked article:

QUOTE

Matthew Ravden, a vice president at security systems specialist Balabit, told IT Pro that: “Assuming these revelations are true..., it’s probably fairly shocking to the general public to see the lengths [an] ... organization will go to find ways of ‘listening in,’ through TVs, smart-phones or other ‘connected’ devices.”

“For those of us in the security industry, however, none of this is particularly surprising,” Ravdin continued. “The resources available to the CIA, (British) MI5, or the (Russian) FSB are such that they can do pretty much anything; they live by a different set of rules from the rest of us.”

My real point is not that our data is 'vulnerable' but that we provide much of it by using the enterweb so casually, and even naively. We are often lulled into a totally incorrect notion that we are only conversing without any 'middleman'. Would we be as casual if we communicated via a physical bulletin board on the corner of some street?

While "government" listening should be a concern, we should constantly be aware that what we say, show or do on the web is likely very public. Resist the urge to think nobody else will see what you do or say. Just behave like your mother (hopefully!) told you!

[gunug]

Awhile back someone hacked our school district account at Apple; they were located in one of the former Iron Curtain countries and Apple caught onto them trying to charge downloads to our account pretty quickly.  We didn't end up paying anything; not sure if they could've! I forgot the point to this remark was several emails from Apple that had come about this didn't sound real and our contacts at Apple weren't able to confirm that they were.

[Xairbusdriver]

Just an update:

I turned Apple's "two-factor" (the name has changed a couple of times) a year ago or so. I don't remember having any problems. I also don't remember needing the 16 digit "Recovery Code" I have stored in 1Password. I could be rong, houevur.

First: I found a <couple> of <articles> from suspiciously on the same date in 2015 that indicate that "Recovery code" may not actually be needed or even used since El Capitan (OS X 10.11?).

Second: The six-digit code mentioned above is not the same as the "Recovery code". It's simply a unique code that is sent to all your trusted and registered Apple devices. They have to be unlocked, however, to be received. If you forgot to unlock any of your devices, you can go do that and then use the "Resend a code" link on the AppleId web site. You could also have selected text messaging to a non-Apple device for that code, but I think that is a security risk in itself. "Texts" are in no way secure.