I don’t own an Apple device, and am operating my Apple account and mail from a Windows PC. How can I enable two-factor authentication from my Windows 10 computer and generate an app-specific password?
This question likely popped up because of Apple’s decision to end third-party access to calendars, contacts, and email without using two-factor authentication (2FA) for your Apple ID/iCloud account and generating an app-specific password.
Our reader has a real problem. Apple only allows 2FA to be turned on from a Mac or iOS device. Once enabled, you can use SMS text messaging or computer-synthesized voice calls for confirmation codes, and the Apple ID site for managing app-specific passwords. (In fact, you can’t create app-specific passwords except at the site, which seems odd.)
This requires priming the pump. My best suggestion is that Rajeevan finds a friend, relative, or colleague who would let them create an account on a Mac that was used solely to set up 2FA. After creating an account on that Mac, logging in, and enabling 2FA, that macOS account would likely never be needed again. And Apple doesn’t track Mac and iOS logins to your Apple ID – that’s not a requirement at present. (It’s possible at some future point, Apple would make you log in with the Apple ID either on an iOS device or a Mac, and you’d have to a find a friend to make that happen. But for now, just the setup stage is all that’s required.)
Apple lets you set up multiple trusted phone numbers as well as having at least one trusted device. The device will be that Mac (and specifically, your account on that Mac). But you could run into trouble if you only set up a single phone number for your 2FA confirmation codes and then you lose access to that number. In that case, you might be unable to log into the Apple ID site to add another trusted number, and would have to use the Mac on which you set up an account to verify yourself and change your settings.
For that reason, you might add a friend or relative’s phone number (with their permission) as one or more additional ways to get a code.
APPLE’S THUNDERBOLT DISPLAY DOESN’T WORK WITH A 12IN MACBOOK’S USB-C PORT
While the USB-C connector type has a lot of advantages and it’s now guaranteed with Intel’s full support at being the dominant peripheral format for the next many years, there’s still a lot of confusion about the difference between USB-C and Thunderbolt 3. That comes up in an email from reader Simon Shaw, who can connect his 24in Apple Cinema Display to a 12in MacBook (2016 release)
using a Mini DisplayPort to USB-C, but finds his 27in Apple Thunderbolt Display doesn’t have a solution. It probably seems even more arbitrary when MacBook Air models dating to 2011, including the ones still on sale, can work with both Cinema Displays and Thunderbolt Displays with no problem.
No solution is forthcoming, but it’s not surprising that this remains a puzzle. First the summary, and then the details: A DisplayPort-only monitor can work with the proper adaptor with any USB-C Mac. A Thunderbolt-only monitor can only work with a Mac with Thunderbolt built in, no matter the kind of port on the Mac. A DisplayPort-only monitor can work through backwards compatibility, which might require an adaptor, with a Thunderbolt-equipped Mac.
Now the gory bits. DisplayPort is a video standard that also has a couple of connector types: full-sized DisplayPort and Mini DisplayPort. You can also use an HDMI-to-DisplayPort cable for connections as well. The Apple Cinema displays push DisplayPort (the video data specification) natively over DisplayPort (the hardware port specification).
Thunderbolt is a general data-transfer standard that used the Mini DisplayPort style jack for its first two versions, and can carry DisplayPort video data along with other kinds of data. DisplayPort is packaged as an alternate data mode within the larger Thunderbolt specification. (The DisplayPort-
only Cinema Displays also work over older versions of Thunderbolt, which is how the MacBook Air and other Macs provide compatibility.)
Finally, USB-C is a general hardware port type for peripherals, which is designed to work with bus controllers – the hardware that handles traffic over the port – that can have varying capabilities. Some computers and phones will only support USB 2 and 3 and DisplayPort. That’s true of the 2015 and later 12in MacBooks.
Other computers will sport 40Gb/s Thunderbolt 3 in their controllers, alongside backwards
compatibility and interoperability with Thunderbolt 2, USB 2 and 3, DisplayPort, ethernet, and other standards. That’s the case with 2016 MacBook Pros and 2017 iMacs.
Because the MacBook only handles USB and DisplayPort over its USB-C port, it can’t interact with a Thunderbolt-only monitor, because that monitor requires a Thunderbolt controller to unpack the DisplayPort video data.
However, because the MacBook Pro and iMac models with Thunderbolt 3 can read Thunderbolt 2 signals, the use of a simple Thunderbolt 2 to Thunderbolt 3 adaptor allows these Macs to push video to a Thunderbolt Display.
RESTART YOUR MAC REMOTELY
Reader G. Murray needs to restart his Mac at times when it’s not within easy reach. He’s wondering what options are available with modern Macs. His Mac is located on a network created by a Time Machine, so it has a privately assigned IP address using NAT (Network Address Translation).
Two kinds of options apply here: for when the Mac is still ticking away but isn’t doing what you want, so you want to restart it if only you could connect remotely to it; or when the Mac is unreachable and ostensibly crashed or experiencing other problems, and you want to power cycle it.
Remotely connect to a working Mac
Screen sharing and remote terminal access can both let you control a Mac remotely, but reaching
that Mac over the Internet is often the fly in the ointment. While macOS includes Back to My Mac, which pairs with iCloud to allow remote access to a Mac via the Screen Sharing app, it only works in its regular configuration from another Mac signed into the same iCloud account. Apple offers no guest access from other Macs – though you could set up an account on another Mac temporarily – nor does it have an iOS app.
Instead of Back to My Mac and the Screen Sharing app, you can use the generic screensharing protocol VNC. (Just to be more confusing, Apple’s Screen Sharing app is based on VNC, but not identical.) VNC can work over Back to My Mac,
but doesn’t always, as it’s not a supported feature. Third-party macOS and iOS apps let you access any VNC-capable system.
Enable screen sharing in the Sharing system preference pane, and click the Computer Settings buttons to turn on VNC. Warning! Always set a strong password for VNC, as it’s easy for attackers to scan for VNC and find yours if it’s reachable from the Internet.
Back to My Mac fails with ‘double NAT’ situations, which I unfortunately have and which aren’t entirely rare. A double NAT happens typically when an ISP provides a modem that also acts as a router, and which has features you can’t replicate or turn off. If you connect, say, an AirPort Extreme with DHCP and NAT enabled to a LAN port on the ISP’s modem, you’re creating a NAT inside a NAT. All outbound connections work fine, but inbound ones can be a mess. (In my case, the provided modem has some obscure networking features used by CenturyLink’s fibre-optic network.)
Instead of relying on macOS, you can turn to third-party remote access software, although my favourites have faded away and left active development, while ones that used to have free or affordable versions have gone commercial and expensive.
TeamViewer (tinyurl.com/zya9oz5) remains the exception, being still continuously developed and free for personal, non-commercial use. It can punch through a double NAT, and it’s my preferred tool as if works on practically every platform,
including macOS and iOS. The company charges a pretty hefty rate if you’re using it for business purposes, starting at £94 per month for remotely accessing up to three devices. For business users without big budgets, I recommend LogMeIn, which is $250 (around £194) per year from (secure. logmein.com/home) for two devices.
Creating a remote Terminal session via SSH, a secure protocol that’s trustworthy over the Internet, requires setting up port mapping on a router or WiFi base station using DHCP reservation (so your Mac has the same private IP address all the time) and NAT port forwarding (so an Internet-reachable network cubbyhole maps to the Mac you want it to).
Unfortunately, Apple no longer offers a detailed guide to AirPort configuration as it did years ago.
I’m reluctant to blow my own trumpet, but if you really need to set up this kind of remote access for SSH or other services, you’ll find complete instructions on this topic in my book, Take Control of Your Apple Wi-Fi Network.
Remotely power cycle your Mac
Now long ago I owned a surge protector power strip from Sophisticated Circuits (the PowerKey line) that had a dial-up modem built in. You could call into a phone line and it would let you use a touch-tone phone to control power cycling individual outlets, among other features.
In the days of running Mac and other servers that needed ‘remote hands’, the several PowerKey models I owned saved a lot of latenight car trips to offices.
But we have the Internet now, and you can purchase the same kind of item that works over IP instead of a voice line. Unfortunately, these devices tend to cost a lot, but they’re designed to be robust and connect via ethernet to increase reliability.
Another option would be to set up HomeKit with remote access, and use aHomeKi tcompatible smart outlet.
REINSTALL MACOS WHEN THE STARTUP VOLUME WAS ERASED Q
My friend was wiping my Mac so I could sell it and I’m pretty sure they’ve deleted the startup disk? It’s not letting me reinstall the operating system on a recovery startup.
Because Recovery didn’t work, the fastest way to install fresh is to make or borrow a macOS installer on a USB flash drive or a disk drive. We have instructions for making a bootable installer with macOS Sierra (as well as archived versions for several previous releases). You need at least an 8GB flash drive. The article includes instructions on obtaining the installer, which might involve you having to use someone’s else Mac to download it, if you don’t have a replacement Mac on hand yet.
But if you can’t get access to another Mac or the necessary drive, it’s still possible to use a different Recovery mode on all recent Macs, dating back to 2010. Normally, you can start up a Mac while holding down Command-R to boot into what Apple now calls macOS Recovery. That allows you to run Disk Utility, reinstall or wipe and install the system,
access Terminal for command-line functions, and so on. In that mode, when you choose to reinstall without erasing the drive, my recollection is that Recovery looks for the current OS system installer on your startup disk in the Applications folder, and uses that. (Apple doesn’t document that, and I haven’t had to test that for years.)
Failing finding it, Recovery downloads the currently installed version of macOS (or OS X), which is about 5GB. When complete, it installs it and reboots, and places the installer in the Applications folder.
However, there’s yet another option: macOS Recovery over the Internet, which requires either a Mac model released in 2012 or later, or most 2010 and 2011 models with a firmware upgrade applied. There, the Mac reaches out over a Wi-Fi or ethernet connection to download the relatively modest Recovery software, which then bootstraps the download of the full macOS installer.
Apple says Internet-based Recovery should happen automatically on supported models, and you should see a spinning globe when that mode is invoked while the download occurs. However, if you have normal Recovery installed and it refuses to install macOS for some reason, you can manually invoke Internet Recovery.
While Command-R at startup always installs whatever the most recent version you installed on your Mac, holding down Command-Alt-R brings down the very latest compatible version that can be installed. Apple also offers Shift-Command-Alt-R,
which installs the version of OS X or macOS with which your computer shipped, or the next oldest compatible system still available for download.
(Apple just changed this behaviour with 10.12.4, but if you’re using Internet Recovery for a clean install on an erased drive, the new behaviour should be active as it will be pulled from the version of Recovery that’s bootstrapped from Apple’s servers. The pre-10.12.4 option is simply Command-Alt-R, but it acts like the new Shift-Alt-Option-R, installing the shipped OS or the oldest compatible version.)
Apple recommends the Command-Alt-R option as the only safe way to reinstall a Mac with El Capitan or earlier versions of macOS if you want to be sure your Apple ID doesn’t persist even after erasure.
Screen Sharing in macOS lets you use the built-in version as well as enable VNC
TeamViewer can punch through a double NAT
Recovery lets you install onto an erased partition, but only if Recovery wasn’t erased, too