IT for Post Production Toronto

Don’t Trust Apple 2-Step authentication for AppleID

I’m writing this because of the horror story I recently had with Apple’s 2-Step authentication process with AppleID as a warning for others. Don’t let this happen to you.

Management of your AppleID can be accomplished from this website. Apple implemented a 2-step authentication option as a response to hacks on celebrity iPhones. In reality, poor passwords on the behalf of these individuals were the root of the problem, not Apple’s security. With that said, everyone needs to be WARNED of the serious problems you can run into with Apple’s 2-Step authentication process.

To set up 2-Step authentication, click the “Get Started” in the Security section of Apple ID management.

get-startedYou will be prompted to answer up to 3 security questions, and then generate an AppleID recovery key. The recovery key is VERY VERY important to save should you ever have issues with your AppleID, as once 2-Step authentication is enabled Apple’s policy is to not help customers change passwords or any details with their AppleID. This is the proper policy to have BUT if you’ve lost your recovery key, you may lose control of your AppleID !

You can’t copy the recovery key text from Apple’s website, so I recommend taking a screen capture of it. Store this is a very safe place, like an encrypted disk image on your computer and USB stick.

AppleID-recovery-KeyI made the mistake of storing it as text in a iCloud note thinking “iCloud is reliable”  and it should be safe there until I archive this info properly in an encrypted disk image. Boy was I WRONG. 

My issue started when I ran into a bug with playlist syncing on AppleTV 4th Gen. One of the posts I read recommended signing out of iCloud on all your devices. So I did. What a mistake.

What I didn’t know and discovered once logging back into iCloud on my MacBook Air was that my AppleID account had become corrupted on Apple’s iCloud. My recovery key was missing from my iCloud notes, argh. To make matters worse, when I tried to set up my AppleTV 4th Gen., it asked me for the security code sent to my iPhone. This all seemed fine, until I didn’t receive the SMS with the 2-Step authentication code. Repeated attempts didn’t work either. Since I didn’t have my recovery key, I was unable to get control of my own AppleID account to turn off 2-Step authentication and my AppleTV was now useless. I was unable to modify any detail (like new credit card) for my iTunes account, log into Apple Developer forums, etc.. I lost control of my own account.

Thank you Apple for this nightmare, NOT.

The first thing to do is Check Apple’s System Status for iCloud issues. If there are no issues on the status page, you can contact Apple to have them call you about an issue you are having. Simple click the “Get Started” on the contact Apple Support page, to set up a time for Apple to call you about your issue.

I found this information on Apple’s forums.

I received a call from Apple at the scheduled time but the support person couldn’t solve my issue of not receiving SMS security codes and passed me on to higher level support, an AppleCare Senior Advisor. He made me contact my telecom tech support to confirm there was nothing blocking Apple’s SMS messages. I did this and emailed the AppleCare Senior Advisor screen captures of SMS messages to and from my telecom’s SMS (VirginMobile Canada, their support was fantastic btw).

The AppleCare Senior Advisor promptly called me back to discuss the issue and put it on high priority to have fixed. I felt it was a corruption on their end, and although Apple never admitted it, when my AppleID account was fixed (a day later) I noticed it had my old credit card information. I just switched credit card in the past month, so I was able to surmise Apple restored my corrupted data from backup. Considering what happened, I think that’s a fair assumption of what happened to my iCloud account.

So, once I began receiving SMS verification messages again, I quickly logged in to manage my AppleID and turned OFF 2-Step verification.

Lesson learned: iCloud data can become corrupt and if you have 2-Step authentication enabled, you can lose access your your own AppleID.

YOU HAVE BEEN WARNED. Turn off 2-Step authentication and just use a secure password.

UPDATE: My iTunes account is not listing recent music purchases (so good thing I backed them up, eh?)