Losing Two-Factor Recovery Key Could Permanently Lock Apple ID

[inscrewtable]

I have my recovery key writtten in heavy black marker pen under my work desk at home. I did not want to put it on a piece of paper in a 'safe' place to lose. I've also tested the recovery key to make sure it works and that it was written down correctly.

 

[Michael Scrip]

Ok how about this.. When we go for the 2 step verification, and register the device.. The recovery key could be our finger print.. It makes sense.. The finger print never leaves the chip.. If we forget our password or if we are hacked all we need is our finger print and the device registered which has our fingerprint info... So some alogortim, would just use the finger print from the chip, without giving it away.. Abd we would have a recovery key all the time..

But only 1 issue , a big one
suppose we lost our device.. We will lose the key.. Cause the fingerprint info was on the device and that device was registerd

In that case, we should have 2 registered devices which have our fingerprint info... It's good thought for a start.. Could work if someone polished the idea...

Or you can do what Apple suggests. Apple has already outlined the proper procedure for all of this.

Where should I keep my Recovery Key?
Keep your Recovery Key in a secure place in your home, office, or other location. You should consider printing more than one copy, so that you can keep your key in more than one place. Your key will be easier to find if you ever need it, and you'll have a spare copy if one is ever lost or destroyed.

You shouldn't store your Recovery Key on your device or computer, because that could give an unauthorized user instant access to your key.

What do I need to remember when I use two-step verification?
Two-step verification simplifies and strengthens the security of your Apple ID. After you turn it on, there's no way for anyone to access and manage your account other than by using your password, verification codes sent to your trusted devices, or your Recovery Key. Only you can reset your password, manage your trusted devices, or create a new Recovery Key. Apple Support can help you with other aspects of your service, but they aren't able to update or recover these three things for you. Therefore, when you use two-step verification, you are entirely responsible for:

- Remembering your password
- Keeping your trusted devices physically secure
- Keeping your Recovery Key in a safe place

If you lose access to two of these three items at the same time, you could be locked out of your Apple ID permanently.​

I don't know what else you expect Apple to do.

Hopefully you've got a password that's difficult to guess. But if you want more security... you can activate two-factor authentication.

And if you do... it's YOUR responsibility to maintain these three things: password, trusted device, recovery key.

 

[djgamble]

While I agree Apple needs to seriously look at their account recovery policies and that the website is innacurate, they do make it very clear when setting up two-step verification how important your recovery key is.

So in this case both parties have a degree of blame attached to them, something that didn't come over when reading the article last night.

In my experience Google was the worst!!! I NEVER used Google services (except for a random 'beta' gmail account I setup ages ago and lost the password for).

However, I used youtube a lot when it was 'youtube'. One day my youtube login stopped working. Google had automatically linked both accounts (because they were doing away with youtube accounts and both accounts used the same secondary e-mail address). Nothing I could do! Although the system admitted that I was entering the correct youtube username/login, Google had deactivated this and refused to give me my 'Google Account' password.

Google said 'nope... we can't verify that you are who you say you are' and refused multiple password recovery attempts. FFS I had my youtube login/password and they admitted they worked! I uploaded a copy of my drivers license... I told them where I lived... Google is supposedly good at 'knowing' users and directing relevant search information towards them. Evidently Google knew me too well and took security VERY seriously... good that hackers couldn't get in... right?

WRONG! I paid somebody (a random Russian guy online) to 'hack' my Google account. He hacked it within seconds and for $50 got me my youtube account back (all I wanted to do was REMOVE some videos of me mucking around and having political rants as an activist uni student... which Google refused to do as well because they wouldn't believe that 'me' and 'I' were one and the same person).

No idea how he did it but pretty bad security!!! The real user can't get access but a random hacker can in minutes!!! Scared me a little...

 

[iLeoMarc]

Except that it apparently doesn't work that way if Apple decides to lock your account due to hack attempts. In that case you have to have the recovery key, even if you have the 2 other factors. I think it is a bit draconian to permanently lock the account like that, given the value attached to it (you could lose not only your iTunes purchases, email, cloud documents etc., but also effectively brick your devices if you use Find my iPhone and need to restore a device for some reason).

They could perhaps release the lock after 48 hours, or unlock the account if you supply password, trusted device, and some additional verification (like showing a photo ID at an Apple store or sending a verification code to an alternate email address).

I understand. But what do you want Apple to do? If an account is being brute forced, they need to put a limit. A 48 hour lock, and if you didn't know about those attempts; they might try again.

Apple treats the recovery key as similar to the security questions when individuals without 2-step authentication has brute force attempts. I edited my post above, to say that each leg of those 3 are as important as each other.

As an aside, I lost my @me.com and more importantly my @mac.com address because of 2-step authentication & also lock my device with Find My iPhone. Now I keep my Recovery Key in multiple places securely.

 

[gnasher729]

So is there any way to find out my recovery key now? I set up 2 factor a little while ago and don't know where/if I saved my recovery key, and it would be nice not to lose everything in the unlikely event a hacker cares about me for 1 second...

You are now in exactly the same situation as a thief who stole your device and managed to steal some information from you. Two-factor authentication is designed to deny the thief access to your devices. And it is designed that no amount of social engineering (making up some stories to tell Apple's employees, possibly with forged evidence) can give the thief access to your data.

Losing that recovery key means you are in the exact same situation as the thief.

 

[foobarbaz]

I wonder how many of the people here calling that guy stupid proceeded to check that their recovery key still exists.

 

[Rigby]

I understand. But what do you want Apple to do? If an account is being brute forced, they need to put a limit. A 48 hour lock, and if you didn't know about those attempts; they might try again.

So what? After another 5 or so failed attempts, they could lock the account again for 48 hours. Also, don't forget that with activated two-factor authentication they'd also need the dynamic verification code.

 

[gnasher729]

I don't know what else you expect Apple to do.

Apple uses a clever trick for hard disk encryption, where lots of people managed to encrypt their hard drive and then didn't know the encryption key: When it's first turned on, your hard drive isn't actually encrypted. You need to enter your encryption password once more. Only then does the encryption start. If you forgot your password at that point, which happened to a huge number of people, then encryption was turned off (which was simple since nothing was encrypted).

Apple could do that with two-factor authentication: For two days, they could just _pretend_ you have two-factor authentication, and after two days they ask you for your recovery key. Only if you have it, the real two-factor authentication is turned on. Of course this can't help if you lose the recovery key later, but it helps really stupid users.

 

[Michael Scrip]

Except that it apparently doesn't work that way if Apple decides to lock your account due to hack attempts. In that case you have to have the recovery key, even if you have the 2 other factors. I think it is a bit draconian to permanently lock the account like that, given the value attached to it (you could lose not only your iTunes purchases, email, cloud documents etc., but also effectively brick your devices if you use Find my iPhone and need to restore a device for some reason).

They could perhaps release the lock after 48 hours, or unlock the account if you supply password, trusted device, and some additional verification (like showing a photo ID at an Apple store or sending a verification code to an alternate email address).

That's correct... you need 2 out of 3 items to access a normal account.

On a LOCKED account, however, you can only access your account with the Recovery Key.

Owen Williams lost his Recovery Key. Luckily he was able to find it eventually.

His story would have been much shorter if he actually had the Recovery Key. (or he wouldn't have written the article at all)

The Recovery Key is literally the key here.

Above all... don't lose your Recovery Key.

As for releasing the lock... I don't think that would really help. It was locked because someone was hacking it. You don't want to give the bad guys any more chances to get in. That's why it was locked in the first place... to keep bad people out.

Releasing the lock might have made Owen's life a little easier... but the hacker would undoubtedly try to take advantage of that too.

So the account remains locked... and you need your Recovery Key.

I repeat... you need your Recovery Key.

 

[Rigby]

You are now in exactly the same situation as a thief who stole your device and managed to steal some information from you.
[...]
Losing that recovery key means you are in the exact same situation as the thief.

What are you talking about? He still has 2 out of 3 factors (password and trusted device). A thief who steals your device has at most one (and only if the device has no passcode or the thief knows that too).

 

[iLeoMarc]

So what? After another 5 or so failed attempts, they could lock the account again for 48 hours. Also, don't forget that with activated two-factor authentication they'd also need the dynamic verification code.

I understand, limits the NEED of keeping the Recovery Key. But I completely understand, if you ran Apple; I could still be trying to guess my password for my lost @mac.com address from the worm hole that is locked accounts.

Just the article makes it seem this is a new thing. I locked my account plus my device a few days after upgrading to iOS7 with activation lock. I am sympathetic to the cause as much as anyone, but I also agree that it was my own personal fault also.

 

[Rigby]

I repeat... you need your Recovery Key.

I think it's pretty stupid to create a situation where you depend on just a single factor with no way of recovery. What if your house burns down or something? Remember that due to the requirement to have two factors, you already have increased protection. There is simply no need to permanently lock an account just because someone entered a wrong password a few times. Unless your password is "password", an online brute-force attack has no chance of succeeding if only 5 attempts every 48 hours are allowed.

 

[Michael Scrip]

Apple uses a clever trick for hard disk encryption, where lots of people managed to encrypt their hard drive and then didn't know the encryption key: When it's first turned on, your hard drive isn't actually encrypted. You need to enter your encryption password once more. Only then does the encryption start. If you forgot your password at that point, which happened to a huge number of people, then encryption was turned off (which was simple since nothing was encrypted).

Apple could do that with two-factor authentication: For two days, they could just _pretend_ you have two-factor authentication, and after two days they ask you for your recovery key. Only if you have it, the real two-factor authentication is turned on. Of course this can't help if you lose the recovery key later, but it helps really stupid users.

I like that idea. It enforces the use of the Recovery Key in the short-term.

But... you still run the risk of losing your Recovery Key... one month, six months or years later.

People who activate two-factor authentication obviously want extra security.

But they should also be responsible enough to use it.

 

[iLeoMarc]

I think it's pretty stupid to create a situation where you depend on just a single factor with no way of recovery. What if your house burns down or something? Remember that due to the requirement to have two factors, you already have increased protection. There is simply no need to permanently lock an account just because someone entered a wrong password a few times. Unless your password is "password", an online brute-force attack has no chance of succeeding if only 5 attempts every 48 hours are allowed.

Also if I am recalling correctly, you used to be able to access certain parts of the iCloud interface without needing 2 step authentication, when it was first introduced back in iOS6 days. The 2-step was limited to account changes at the time. Wonder if that made a difference in the decision to locking accounts with failed logins.

 

[Ericus Macabeus]

So Apple did exactly the right thing then? Scandal.

The article isn't knocking apple for this one. I read it as more of a public service announcement to print and keep your recovery key.

 

[Fzang]

Wow, MacRumors. Seriously? Priorities.

 

[RockSpider]

Boy there must be more geniuses on this site than anywhere else in the world, no one here ever forgets or loses anything and throw crap on people that do, nice people. But then again that's this whole Apple herd mentality thing.

To Macrumours, if you ban me for this one, please make it forever.

 

[Donut4000]

I would make a pdf of the recovery key and then add the pdf in to a Secure Note inside KeyChain and then another in a Secure Note inside 1Password.

I had mine stored in 1Password - but that's a great idea using Keychain too. This story has been a nice wee lesson in making sure your ducks are all in a row regarding your the Apple ID....

 

[Sym0]

Apple ID + 1Password + Dropbox = no problem

 

[Mr. Retrofire]

I am also confused how this is news. Apple explicitly states that losing the key will make the recovery impossible. And anyway, do you want secure accounts or not? If yes, then you are personally responsible for your stuff. Putting this silly article on MacRumours is entirely pointless.

You mean, that you read “entirely pointless” articles on MacRumours!? You are “personally responsible”, not MR.

;-)

 

[s15119]

Duh

 

[llarc84]

I can tell you as a former Apple employee who worked directly in the department that handles these kinds of issues a couple of things. First, Apple is very clear about the extreme importance of keeping your recovery key in a safe place. Very very important.

Second, it is completely normal that if numerous attempts to access your account are made and unsuccessful that the account will be locked automatically for the protection of the accountholder. This is no different then any other company. You will have to enter your recovery key to move any further as Apple is correctly assuming that if your password has been compromised your trusted device may have been also. It's an added layer of security to protect both Apple and the customer, hence the warning about keeping the recovery key in a safe place.

If it is truly stored in a safe place, no one but you will have access to it, which is the way it should be. Unfortunately, this person in this article didn't realize how valuable that recovery key is. This article also makes Apples security look bad when it is actually working as advertised. This is the fault of the user and not Apple.

 

[Mr. Retrofire]

...Please spare us from your foolishness and keep it to yourself...

Yeah, you are perfect. You never lost data and/or money in your entire life.

 

[Michael Scrip]

I think it's pretty stupid to create a situation where you depend on just a single factor with no way of recovery. What if your house burns down or something? Remember that due to the requirement to have two factors, you already have increased protection. There is simply no need to permanently lock an account just because someone entered a wrong password a few times. Unless your password is "password", an online brute-force attack has no chance of succeeding if only 5 attempts every 48 hours are allowed.

House burned down? Apple has thought of that. Let's hope you followed their suggestions:

Where should I keep my Recovery Key?
Keep your Recovery Key in a secure place in your home, office, or other location. You should consider printing more than one copy, so that you can keep your key in more than one place. Your key will be easier to find if you ever need it, and you'll have a spare copy if one is ever lost or destroyed.

You shouldn't store your Recovery Key on your device or computer, because that could give an unauthorized user instant access to your key.​

Yeah... it sucks that Apple is so hellbent on security that your account can become permanently disabled.

I guess it reinforces the importance of managing your Recovery Key.

 

[b11051973]

Yeah, when I signed up for two factor, I took that recovery key very seriously. Seemed fairly obvious to me that I could not lose that recovery key.