Excellent article. However, on Appleās website it says that you can get a replacement trusted key but not sure how long ago that article was written.
Thank you. > On 9 Dec 2014, at 20:10, M. Taylor <mk...@ucla.edu> wrote: > > Hello Everyone, > > I strongly suggest that you read the following article, very carefully. > > The link to the original post may be found at the end of the text. > > Mark > > The dark side of Apple's two-factor authentication > > Earlier this week, a strange message popped up on my Mac that I thought > nothing of. "You can't sign in because your account was disabled for > security reasons." I dismissed it in my tired haze, thinking it would solve > itself and went to sleep. > > The next morning, I didn't have time to deal with the message - which was > now popping up every half hour - for a few hours until it became annoying. I > figured I'd done something dumb and broken iCloud, but that it could wait. > > I'd turned two-factor on my Apple ID in haste when I read Mat Honan's > harrowing story about how his Mac, iPhone and other devices were wiped when > someone broke into his iCloud account. That terrified me into thinking about > real security for the first time. > > When I finally had time to investigate the errors appearing on my machine, I > discovered that not only had my iCloud account been locked, but someone had > tried to break in. Two-factor had done its job and kept the attacker out, > however, it had also inadvertently locked me out. > > The Apple support page relating to lockouts assured me it would be easy to > recover my account with a combination of any two of either my password, a > trusted device or the two-factor recovery key. > > When I headed to the account recovery service, dubbed iForgot, I discovered > that there was no way back in without my recovery key. That's when it hit > me; I had no idea where my recovery key was or if I'd ever even put the > piece of paper in a safe place. I've moved since I set up two-factor on > iCloud. > > I began nervously scouring the entire house for the code, before giving up > after a few frustrating hours and began searching my computer for any trace > of it. I found countless "recovery keys" but they weren't for the right > things; for my Mac's hard-drive encryption, Twitter, Facebook and other > accounts, but not for my Apple ID. > > How could I be foolish enough to misplace my Apple ID recovery key? > I swore that I'd taken a screenshot, printed it and had taken a photo of it > with my iPhone for extra safekeeping. > > This is when it began to sink in that this single ID held the keys to much > of my digital life; everything from iTunes purchases going back seven years, > app purchases and even the ability to get my iPhone out of the grips of Find > my iPhone's lock. > > The sinking feeling began. After fruitlessly searching and a lot of cussing, > I decided to call Apple. I figured that something must be wrong, since the > support page claims you can use trusted devices to recover your ID in cases > like this. > > The first person I spoke to told me immediately after getting on the phone > that in no uncertain terms I had forfeit my Apple ID by losing the recovery > key. He refused to help me. I hung up and called back. > > On the second call, I got a lovely woman who totally understood my plight > and how terrible it was. She told me a similar thing had happened to her, > and it had turned out OK. After 20 minutes of poking around and lots of > awkward sighing, she put me on hold to talk to a senior manager. > > When she got back on the line, the story was just as bleak. "We take your > security very seriously at Apple" she told me "but at this time we cannot > grant you access back into your Apple account. We recommend you create a new > Apple ID." > > I couldn't believe what I was hearing and fought back that surely there was > some other way, but I was told point blank that Apple would not help me. I > offered a scan of my government ID, my trusted devices and other proof that > it was me. Nope, that won't do for Apple in this situation. She apologized > profusely and said there was nothing more should do. > > Furious about the situation, I took to Twitter in a fit of rage, complaining > that Apple couldn't help me out of a dumb situation, in which I could easily > prove who I was. It was frustrating enough that when setting up my Apple ID, > the company assured me I could recover the account with a trusted device. > > I know it was stupid that I'd lost the recovery key but I'd set it up so > long ago I couldn't remember where it would conceivably be. There's only so > many things I can keep track of. Besides, I figured I'd be able to use > trusted device to get out of a mess like this. > > I'd looked almost everywhere twice by this point. Who remembers stuff like > this? > > Apple's two factor signup process tries to point out the importance of the > key when you set it up. > You have to print the key, then re-enter it to show that you've got it. I > don't think this step existed when it launched. > > So, I pushed on, resuming the hunt. As 24 hours without my Apple ID > approached, iMessage broke and my devices all started incessantly > complaining that the account was locked, amplifying an already frustrating > situation. > > Figuring that maybe I'd just had bad luck with the phone, I tried Apple's > online chat service. I got the exact same answer; "We take your security > very seriously at Apple, but we cannot help in this situation." I pointed > out that the security page said otherwise, so the chat person put me on the > phone with an iTunes senior advisor. > > After a few minutes of "uhhhh" on the other end of the phone, I got my third > "we take your security very seriously at Apple, this account will be > permanently disabled unless you can find the recovery key." I argued my > point that I had both my trusted devices and my password as required by the > support page, but was told this was irrelevant because someone else had > tried to get into my account. > > I talked to a friend who knew people at Apple who told me that the security > folks said the iForgot page is final. There's nothing they can do. > > Basically, I was locked out of my entire digital life, because someone had > tried to hack me. The irony of the fact that my increased security had > ultimately locked me out dawned on me, mixed with tiredness and frustration, > so after taking a moment to scream internally, I started furiously searching > ancient time machine backups. > > As I searched the depths of my time machine backups and was on the phone for > the fifth (or even sixth) time to iCloud support, I found an old picture I'd > taken on my iPhone of a screen. It was my recovery key. I started crying > tears of joy at this point. The Apple rep on the phone started clapping and > was very glad to get out of continuing to argue with me. > > The only time I've ever been glad to have taken a picture of my screen > > If I hadn't managed to find this key or had never bothered to save it in the > first place, I would have lost the Apple ID forever. If I hadn't made a time > machine backup of my machine before it got corrupted earlier this year, I'd > have been out of luck entirely. > > Apple support told me that the security lock doesn't expire, so there's no > way to get around requiring the key, even though its support site says you > can use trusted devices. You're simply not given that option when your > account is locked. > > What's perplexing is it wasn't even technically my fault. Someone tried to > guess their way into my account and it was locked as a result; I didn't do > anything wrong, yet I was entirely locked out because I couldn't find the > key. > > Apple's support page had given me false hope, because I expected to be able > to use a combination of my password and trusted devices to recover from > being locked out if it ever happened. > > This isn't the case when your account is locked; what Apple doesn't tell you > is that when your account is locked (because of too many attempts) your > password is not a valid recovery option and you'll need your recovery key. > > What if I was carrying the key in my wallet and I was robbed, like this poor > user on Stack Overflow? Apple still wouldn't (or couldn't) help you, because > it's "impossible" to recover an Apple ID without that key, according to its > support staff. > > Apple's changing security policy > One has to wonder if it was previously possible, before Mat's social > engineering hack or the iCloud celebrity hackings took place, to recover a > two-factor enabled account by using Apple Support. The "we take your > security very seriously at Apple" line seems like it's been rehearsed and > drilled into the support staff's heads so that the same scandals don't > happen again. > > I asked Apple PR about this situation, who told me that the support article > is correct. If you lose your recovery key with two factor enabled, you lose > your account. Apple can't help you. > > I've learnt my lesson about treating recovery keys with extreme caution from > this. I never knew that I'd have no hope of recovery if it was lost; I'd > been lulled into a false sense of security, figuring that my trusted devices > would get me back into locked account. > > From now on, I'll know exactly where each recovery key is. I urge you to do > the same. > > http://thenextweb.com/apple/2014/12/08/lost-apple-id-learnt-hard-way-careful > -two-factor-authentication/ > > -- > You received this message because you are subscribed to the Google Groups > "MacVisionaries" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to macvisionaries+unsubscr...@googlegroups.com. > To post to this group, send email to macvisionaries@googlegroups.com. > Visit this group at http://groups.google.com/group/macvisionaries. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to macvisionaries+unsubscr...@googlegroups.com. To post to this group, send email to macvisionaries@googlegroups.com. Visit this group at http://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
