iPhone [Security] Kinda Shocking Apple Support Experience

[bushido]

So here's the thing.

Friend of mine forgot his apple ID password (he's the worst when it comes to technology) but had Find My iPhone enabled so we could not restore his old iPhone 5 obviously. We went on the computer to try resetting the password. We didn't know the security questions either so we tried to get it reset via his email. We tried it a couple of times but the email never arrived at his Hotmail address (I did check the spam folder).

We nearly gave up but I decided to try the Apple support Hotline anyway, now here's the shocking part and I am amazed it actually worked....

First of all I pretented to be him cuz as I mentioned he sucks at anything involving technology. I said that I forgot my Apple ID password and resetting does not work because the email never arrives. So all they asked was for my (his) name, the serial number of the iPhone and an alternative email address to sent it to. So 24 hours later I got an email to my email address so we could reset the Apple id password and to disable Find My IPhone.

I am pretty shocked by this. Let's say someone would have stolen his iPhone. Anyone would would have been able to guess his name from the Apple ID pop up when it asks for the password cuz his email from the Apple id was "first name.lastname@xy.com" and get help from the Apple support Hotline

 

[maka344]

That's not good.

I thought they ask you to cite the three security answers that we all created a while back?!

 

[bushido]

That's not good.

I thought they ask you to cite the three security answers that we all created a while back?!

I said he (i) don't remember them cuz a friend of mine set up the account for me ages ago (cuz I am (he) a tech idiot) which is the truth and thats the reason I would need to reset the password in the first place

I just had to wait 24 hours for whatever security reasons before I got the reset email

 

[C DM]

There will always be some representatives pretty much anywhere that might do something that doesn't align with an established policy, or overlook something for some reason, or make a mistake, etc., etc., etc. Now, if this is the experience with at least a number of representatives or actually a decent proportion of them, then it can be a bigger issues. Otherwise it's more of an anecdotal occurrence which can happen here and there with all kinds of things in life.

 

[Syndicate0017]

[Security] Kinda Shocking Apple Support Experience

I don't mean to come off as calling you a liar, but it's not even remotely this easy for enterprise support. We have devices enrolled in DEP (which basically means that they are 100% enterprise owned devices) and even when we have an activation lock, I have to provide the serial, purchase order number, and wait 3-5 business days for their support team to unlock offending devices.

I don't see how or why anyone at Apple would just send it to some alternate email when ownership of the device couldn't even be proven from the information you provided him. Anyway, glad you got it unlocked but I have my doubts about this actually occurring (at least in the manner described).

 

[aham23]

this was not my experience. it was about a 20 min call where they had me try to guess the answers, then verify addresses, last four of credit card tied to the account, and tons of other stuff, before they agreed i was me.

 

[eww7633]

I'm going to say this is a lie. I know for a fact that the iForgot email can't be sent without verifying the account First. The system will not send it, period.

 

[mercuryjones]

So here's the thing.

Friend of mine forgot his apple ID password (he's the worst when it comes to technology) but had Find My iPhone enabled so we could not restore his old iPhone 5 obviously. We went on the computer to try resetting the password. We didn't know the security questions either so we tried to get it reset via his email. We tried it a couple of times but the email never arrived at his Hotmail address (I did check the spam folder).

We nearly gave up but I decided to try the Apple support Hotline anyway, now here's the shocking part and I am amazed it actually worked....

First of all I pretented to be him cuz as I mentioned he sucks at anything involving technology. I said that I forgot my Apple ID password and resetting does not work because the email never arrives. So all they asked was for my (his) name, the serial number of the iPhone and an alternative email address to sent it to. So 24 hours later I got an email to my email address so we could reset the Apple id password and to disable Find My IPhone.

I am pretty shocked by this. Let's say someone would have stolen his iPhone. Anyone would would have been able to guess his name from the Apple ID pop up when it asks for the password cuz his email from the Apple id was "first name.lastname@xy.com" and get help from the Apple support Hotline

That's not what was supposed to happen. I went through the same thing, called Apple Support and still had to answer the 2 questions correctly, before they would send the email 24 hours later to the alternate email.

 

[H3boy]

Interesting, Did you call from a phone number listed on his account?

 

[bushido]

Interesting, Did you call from a phone number listed on his account?

no cuz i thought i might have to use the phone to show them something while i am talking to them.

they asked for his name (which i would have gotten from the apple id pop up like i said), his age and his address (which i would have gotten easily just by checking "me" from inside the contact app).

we did know the passcode but what if someone does not have a passcode? this seems a bit too easy to disable find my phone to restore it. anyway, i am not lying and i got the email exactly 24 hours later to MY email address that has MY name on it and we were able to reset it.

at the end of the day its maybe a good idea to not use your proper information under "me" or just use a passcode of course