General Find my iPhone *sucks*!!!

Discussion in 'iOS 12' started by macbook123, Oct 23, 2018.

  1. dcp10 macrumors 6502

    Joined:
    Jul 30, 2010
    #26
    Account recovery is for when a user is locked out. It’s for security to prevent unauthorized people from changing passwords. I’ve never seen a company not have some sort of waiting period. 24 hours isn’t arbitrary though, it’s 1 full day, 22 hours, that would be arbitrary. From your logic, why wouldn’t any number of days be arbitrary? Apple had to pick a number and obviously felt it was long enough in *most* cases.

    Same thing with last location. Keeping a long history is a privacy issue which has possibles of being misused. Divorce cases are a common example cited where location data could be subpoenaed, Apple has said they’re not interested in playing that kind of role.

    No security or privacy policy is going to be perfect unfortunately, and it’s a shame that this happened.

    Don’t go to an Android though. Get a new iPad(some great deals on older models now) and spend some time at a Genius Bar learning the best way to set it up so this doesn’t happen again.
     
  2. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #27
    Seems like the arbitrary part might be be more related to their being a delay in general, and perhaps it being something as long as 24 hours, rather than let's say a couple of hours, for example.

    There are certainly many products and services that allow you to go through a password reset without any type of delay which in a sense ends up penalizing a user simply because the user might have forgotten their password and needs to access their account today if not now rather than tomorrow simply because they just need to wait for the sake of waiting.

    In the cases when an account is locked for some reason in most cases it shouldn't be an issue in getting it unlocked by contacting customer care. If they are simply saying just to wait, seems like they aren't of much help in situations like that, which shouldn't be the case.

    As for keeping last location and all that, things can certainly be said to make it rational when it comes to not doing it all, doing it only for a few hours, only 24 hours, a week, a month, indefinitely, etc. Ultimately in scenarios like this when it comes to something lost and a specific option to keep track of last known location being enabled by the user, seems like keeping that information for a period of more than 24 hours would have more rationale to it.
    --- Post Merged, Oct 25, 2018 ---
    In the end though that's more or less what it comes down to, unfortunately, as you mentioned.
     
  3. Apple blogger macrumors 6502a

    Joined:
    Feb 28, 2013
    #28
    I guess he means that after he spoke to Apple, they must have recovered his password and allowed him to enter a new password. However, Apple must have asked them to Wait 24 hours before the changes take effect..

    I think, (keeping his story aside) there seems to be a serious flaw in apple’s system. From what I read, if we don’t have our iCloud password, We can ask Apple to restore my password (if forgot password doesn’t work too), it looks like it takes 24 hrs form appms end... and since after resaetting the password, when we actually try to locate the device, it won’t be possible cause the location isn’t saved.

    I think in this situation, Apple should save the last location for atleast 48 or 72 hours... because uf resting takes a day, the user should have enough time to locate his iPad too..
     
  4. charlituna macrumors G3

    charlituna

    Joined:
    Jun 11, 2008
    Location:
    Los Angeles, CA
    #29
    and if find my iPad was on then the thief has a pretty platter that he/she can do nothing with cause he/she doesn't know the iCloud account to unlock it.
    --- Post Merged, Oct 25, 2018 ---
    only if you don't remember your security questions, don't have a trusted device and don't have access to the email being used with the account. which makes me think that said 'son' had an iCloud.com email with no recovery, only using it on that device without 2 step set up which would have allowed him to put in his phone number for receiving verification codes and probably put in BS answers to the security including perhaps a bogus birthdate
     
  5. DaveOP macrumors 65816

    Joined:
    May 29, 2011
    Location:
    Portland, OR
    #30
    Did your son not have access to the e-mail address, didnt know the password, and didnt know the secret questions or have 2FA setup?
     
  6. 960design macrumors 68030

    Joined:
    Apr 17, 2012
    Location:
    Destin, FL
    #31
    1. Thief picks up iPad before passcode lock or one that does not have passcode lock.
    2. Thief immediately goes into iCloud and resets password ( that is why the OP could not get into account ).
    3. Password reset gets sent to the iPad email ( most of us have the email account used for password recover logged in on our iPad )
    4. Thief then removes Find My iPhone.
    5. Thief then restores device.
    6. Thief then sells on Ebay or Craig's list.

    We are our own worst enemy.

    Apple does provide a full proof way to prevent a device from every being sold off ( it can always be physically stolen or lost ). MDM and DEP, no way to get around that. Sadly, DEP is only available for Business and Education users right now.
     
  7. DaveOP macrumors 65816

    Joined:
    May 29, 2011
    Location:
    Portland, OR
    #32
    Your steps above are not on Apple, nobody should be using an iPad without a passcode enabled or they're asking for this to happen. To your point above, DEP is only available to those users, but JAMF Now is free for up to 5 users I believe, and will give you the added security you need. DEP is only needed to auto-assign the devices, configurator and JAMF Now can be used to resolve the rest. (I do enterprise MDM for a living, so while I agree with you that DEP and JAMF are great resources, DEP is not needed for personal users.)
     
  8. 960design macrumors 68030

    Joined:
    Apr 17, 2012
    Location:
    Destin, FL
    #33
    Completely agree. Just mentioning a common case of believing iCloud will always save you, but it does not if you forget the simple things.

    Hey, not many of us around, been doing MDM management, research, coding(MDM specific) and pentesting/hardening for 10 years now.
     

Share This Page