From Duo: We understand there is some risk to utilizing iCloud Keychain, and although we have faith in the strong security properties of iCloud Keychain, we understand Apple account compromise is still a possibility. To mitigate this risk we send a push notification to the old phone upon account reactivation, letting a user know a potential malicious actor has fraudulently reactivated their phone. If they confirm this was done by someone other than themselves, we will immediately deactivate both devices, and send a notification email to all Administrators specified in the “alert email” setting. Users will also see this alert every time they open their device for 24 hours after the Instant Restore event has occurred. |