Losing Two-Factor Recovery Key Could Permanently Lock Apple ID

[DaveN]

So Apple has no "customer service" way of verifying a user and then letting them in? I would think that two factor authentication works as designed, but there should always be an option for a legit user to call Apple Support and go through a rigorous verification process to identify themselves and get back their access.

And what do you suggest as a rigorous phone verification process? That the caller know the recovery key? Information given on the phone is no more secure or unique than what can be entered online. Then you will have people blaming Apple because they didn't know all the answers to the verification questions. At some point you have to take responsibility for keeping stuff that shouldn't be lost. I have hard copies of all my keys in a central location. As long as my house doesn't burn down, I'm ok.

Apple could be more clear on the recovery method by saying upfront that if your account is locked because of hacking that you will need your recovery key because your password may be compromised and therefore cannot be used to authenticate you.

 

[beanbaguk]

EXTRA EXTRA!

MUPPET LOSES RECOVERY KEY AND APPLE IS TO BLAME!

Seriously, this is totally Owen Williams fault and he should know better than most as a techie.

I hope it teaches him a good life lesson. Back up your passwords in a secure location. I know where all mine are.

And I'd also like to add good job Apple. Seeing as you cannot break into the account through a back-door goes to show the system is secure and works as designed.

 

[Digital Dude]

...'fascinating and worthwhile read' ?? Sounds pretty boring to me but if you say so. Anyway, I tried one of the 2-step security methods on one of my 'other' web accounts and it was a complete waste of time when ever I wanted to log on.

Likewise, Apple's attempt to mimic 1Password's software isn't anywhere near as fluid or robust. In short, I use 1Password and I also maintain a separate location for my 'source critical' account Pass/I.D.'s.

 

[Spazman]

This may all seem like a silly issue and not such a big deal, but I know an avid and long time Apple fan who uses iCloud and has lots of iTunes purchases who has their account locked out every few days. She can not just use her password and device to reestablish her account, she has to have her Recovery Key with her at all times as she never knows when it will be locked out again.

That does not seem to make sense to me. There needs to be a process, like the iforgot page, that lets the user use the other two forms of verification before completely locking them out and requiring only the Recover Key to unlock the account!

 

[phillipduran]

This recovery key thing is not a good idea if it is the sole way to recover your 2 step auth account. They should have a second method such as sending in your photo ID or some other method. Perhaps add to that a 7 day account activity lock or something so that if your Apple ID gets hacked, someone can't gain access to your account and wreck havoc. It's not going to be the most secure, but "get a new Apple ID" would be about a $10,000 digital media loss for me. I've had one Apple ID for a long time.

 

[xdhd350]

I remember when I signed up for this, it was CLEARLY written. Gotta be careful with this stuff.

[url=http://i128.photobucket.com/albums/p176/martygras9/Recover.jpg]Image[/URL]

Not clearly written at all. Note the use of the word "if", rather then "when". The writer who is the subject of this article, points out that exact thing. The wording leads one to believe that the recovery key is necessary ONLY IF you forget your password and a don't have a trusted device. The "IF" scenario did not apply in the original article because the account owner DID know his password and DID have access to a trusted device. Therefore, he correctly believed that in his case, the recovery key was not required.

One sentence on Apple's page could clear this all up. "If your account is LOCKED due to multiple access attempts with the wrong password, your recovery key WILL BE REQUIRED TO UNLOCK your account, regardless of all other factors."

 

[alent1234]

good to know apple made it really secure

 

[phillipduran]

I don't know what else you expect Apple to do.

Allow photo ID and perhaps even a second form of Identification shown in person at an Apple store to allow for the recovery of the account.

Rare is the chance that you will need this recovery key, and its importance is easily forgotten or the key misplaced over the years.

If you can prove who you are in person, why would you tell them no, you can't regain access to your account?

 

[iMerik]

[url=http://i128.photobucket.com/albums/p176/martygras9/Recover.jpg]Image[/URL]

Not clearly written at all. Note the use of the word "if", rather then "when". The writer who is the subject of this article, points out that exact thing. The wording leads one to believe that the recovery key is necessary ONLY IF you forget your password and a don't have a trusted device. The "IF" scenario did not apply in the original article because the account owner DID know his password and DID have access to a trusted device. Therefore, he correctly believed that in his case, the recovery key was not required.

One sentence on Apple's page could clear this all up. "If your account is LOCKED due to multiple access attempts with the wrong password, your recovery key WILL BE REQUIRED TO UNLOCK your account, regardless of all other factors."

Good point.

 

[pubwvj]

One more reason I don't trust the 'cloud' data storage. I like having my data and my backups under my control at my secret mountain lair locations in a galaxy far-far away. In other words, I have control. All of this ceding control and putting everything in the cloud looks very dangerous.

 

[alent1234]

So Apple has no "customer service" way of verifying a user and then letting them in? I would think that two factor authentication works as designed, but there should always be an option for a legit user to call Apple Support and go through a rigorous verification process to identify themselves and get back their access.

it's called security to avoid a social engineering attack

 

[GeneralChang]

Great security, and also the reason I've always been scared to turn on FileVault. It's super nice to know that my OS has the ability to be that secure, but I just know that my squishy grey matter would fail me at some point and I'd be locked out of my computer forever.

That being said, I have turned on two factor authentication for iCloud, so I guess I'm not that scared.

 

[alent1234]

Allow photo ID and perhaps even a second form of Identification shown in person at an Apple store to allow for the recovery of the account.

Rare is the chance that you will need this recovery key, and its importance is easily forgotten or the key misplaced over the years.

If you can prove who you are in person, why would you tell them no, you can't regain access to your account?

then part of the account creation needs to be having to type in your DL number and have it verified by apple

 

[gnasher729]

Reminds me of the woman who sued McDonald's for serving her 'hot coffee'... apparently it was McDonald's fault for serving her 'hot coffee', which was too hot...

McDonald's served their coffee undrinkable hot - they offered unlimited refills, and by serving the coffee very very hot they made sure that few people asked for a refill, so McDonald's would save money. McDonald's had also settled seven hundred cases where customers were injured before this happened. So they served coffee that they knew would injure people and had already injured at least 700 people, in order to save some money.

Accidents with coffee happen all the time. McDonald's deliberate actions changed the outcome from being painful to third degree burns. And that was entirely their fault.

 

[Rainbow Evil]

I haven't set up two-factor on my Apple account... but don't they make it VERY clear that you should NOT lose your recovery key? Did you simply ignore that?

All the other services that I use two-factor on have some pretty strong language upon signup. Basically they say:

"Don't f--- up... don't lose your keys..."

I hope Apple can help you.

Turns out I'd thought about using 2 factor authentication a couple of times but decided against it in the end which is why I couldn't find my recovery key. This is probably the reason for it!

 

[dmdev]

Here's why I think Apple's implementation could be better.

For those of you who know your password, have your trusted device in hand, and have your recovery key on a piece of paper in your other hand? GREAT!

I don't have ANY of those three. Yet I can guess your AppleID, and every day for the next year I can intentionally guess wrong passwords until your account is locked. How you'd feel, I'll leave as an exercise to the reader.

Or, how about all in one day I try to log into millions of AppleIDs? That won't cause damage, right?

The whole point of two-factor, to me, is that it is OK if someone guesses my password with brute force, because I still have my trusted device. In that case I wouldn't mind needing the trusted device AND recovery key.

But in the case where someone is just randomly guessing (and always wrong), why should a non-expiring lock be placed on my account?

 

[a.coward]

then part of the account creation needs to be having to type in your DL number and have it verified by apple

Then you get into privacy issues. You saw the uproar regarding
CurrentC and their requirement for your DL number. And, you'd
be surprised on how easy it is to obtain someone's DL number.

Anyway, I don't think there is an easy answer to this issue
that would keep everyone safe, retain privacy and still have some
some sort of "customer service" based recovery mechanism.

Apple just chose to take a more secure process based on customer
responsibility. Also, remember, you are not required to use two-
factor authentication. If you do not want to take responsibility
for your own privacy and protection, you do not have to activate
this feature.

 

[oliversl]

So Apples two way authentication is really really buggy. We still have the same decades old problem, how can you authenticate yourself in a computer system?

A bank has signatures, photo IDs, finger print. There is also DNA for some cases in forensic. But in a computer system, there is always a secret string can identify you. I think Apple can do better than this.

 

[Rigby]

then part of the account creation needs to be having to type in your DL number and have it verified by apple

I don't see why. Apple already has some pieces of information on file about the user, including the name, DOB, and in most cases a credit card number. If the user can produce 2 out of 3 authentication factors (password and trusted device), and can *additionally* produce a photo ID with matching name/DOB and perhaps the physical credit card registered in the iTunes account in an Apple store, that should be more than enough verification to allow the user to regain access to a locked account.

 

[GeneralChang]

McDonald's served their coffee undrinkable hot - they offered unlimited refills, and by serving the coffee very very hot they made sure that few people asked for a refill, so McDonald's would save money. McDonald's had also settled seven hundred cases where customers were injured before this happened. So they served coffee that they knew would injure people and had already injured at least 700 people, in order to save some money.

Accidents with coffee happen all the time. McDonald's deliberate actions changed the outcome from being painful to third degree burns. And that was entirely their fault.

Yeah, I also was struggling to see how that story had anything to do with this one...

 

[Rigby]

So Apples two way authentication is really really buggy.

I don't think it's buggy. The problem is not (and has never been) the technical implementation, but the security policies. Before the "fappening" they were way too lax. Now the pendulum seems to have swung a bit too far in the other direction.

 

[Daveoc64]

she has to have her Recovery Key with her at all times as she never knows when it will be locked out again.

That is of course a very big problem.

I see a lot of smug people here saying that they have their recovery key stored somewhere safe, but could they get to it on a two week vacation?

 

[Primejimbo]

Except that it apparently doesn't work that way if Apple decides to lock your account due to hack attempts. In that case you have to have the recovery key, even if you have the 2 other factors. I think it is a bit draconian to permanently lock the account like that, given the value attached to it (you could lose not only your iTunes purchases, email, cloud documents etc., but also effectively brick your devices if you use Find my iPhone and need to restore a device for some reason).

They could perhaps release the lock after 48 hours, or unlock the account if you supply password, trusted device, and some additional verification (like showing a photo ID at an Apple store or sending a verification code to an alternate email address).

I agree 100%. Apple says you need 2 of the 3 items to get in, but in this case the recovery key was needed even though he had the password and trusted device. Apple should change this or even your idea after 48 hours you can get in. From there maybe make it once you get it, it forces you to change the password then.

I get Apple is protecting your data, but what's the point when they protect it from you also?

EXTRA EXTRA!

MUPPET LOSES RECOVERY KEY AND APPLE IS TO BLAME!

Seriously, this is totally Owen Williams fault and he should know better than most as a techie.

I hope it teaches him a good life lesson. Back up your passwords in a secure location. I know where all mine are.

And I'd also like to add good job Apple. Seeing as you cannot break into the account through a back-door goes to show the system is secure and works as designed.

How is this HIS fault? Apple says you need 2 of the 3 items to get in, and he had that. He had his password and a trusted device, and that is 2 right there AND it says this on their website. Apple NEVER said that the Recovery Key is needed when there is an hack attempt.


here it is, he was in the right and 2 of the 3
http://support.apple.com/en-us/HT202649

With two-step verification turned on for your Apple ID, you will always need at least two of the following to sign in:

• Your Apple ID password
• Access to one of your trusted devices
• Your Recovery Key

 

[unplugme71]

Except that it apparently doesn't work that way if Apple decides to lock your account due to hack attempts. In that case you have to have the recovery key, even if you have the 2 other factors. I think it is a bit draconian to permanently lock the account like that, given the value attached to it (you could lose not only your iTunes purchases, email, cloud documents etc., but also effectively brick your devices if you use Find my iPhone and need to restore a device for some reason).

They could perhaps release the lock after 48 hours, or unlock the account if you supply password, trusted device, and some additional verification (like showing a photo ID at an Apple store or sending a verification code to an alternate email address).

That would really piss me off as I have invested probably $3000-3500 in apps, music, books, etc... I smell a law suit

 

[devfarce]

I was locked out of my account temporarily when I got an iPhone 6. I had a 4s that was a trusted device and didn't print out the recovery key or forgot where it was. I got my iPhone 6 and got it all set up. I also removed the iPhone 4s from my trusted device list since I was planning on selling it. A few days goes by and I realize that vibrate doesn't work on my 6 so I exchange it at an apple store. I take it in and get my new phone. Before I have a chance to validate my account through the old handset he erases my phone. It shouldn't be much of a problem since I also had my phone number set for SMS codes. The codes didn't come through so I was stuck. I ended up entering my password dozens of times after restoring from an iTunes backup and eventually was granted access to my account. I viewed this as a bug and reported it to Apple. I gained access to my account through what appeared to be a loophole. I had all account data available to me through the phone and all services were working. I wasn't able to get into the security settings but I had everything else. I then troubleshot the SMS issue with ATT and Apple and was able to start receiving the SMS codes to get my account back. The whole process took about a week.

Lessons learned.
Print recovery key
Have more than one phone number on file for account recovery.
Don't wipe an old phone until you set up a new one.