Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Other What is causing the prompt: "Use this iPhone to reset your Apple ID password"?

C

ceevee

macrumors member
Original poster
Dec 28, 2012
39
4
https://imgur.com/a/3t1pR9H

I did not initiate a password reset. Out of my three iPhones that use the same iCloud account, this message showed up on two of them.

I selected "Don't Allow" due to suspicion. However, if this was a legitimate way of allowing my other Apple devices to reset my password, how do I provide permission after selecting "Don't Allow"?

Has anyone else experienced this?
 
If you didn't initiate this, then someone is probably trying to hack your Apple ID. They probably have your email and password, but because of 2FA and the fact that you have the device and not them they can't get in. Alternatively, they may be trying to use a "Forgot Password" link in order to get your password. But again, 2FA.

I'd reset your Apple ID password.
 
  • Like
  • Angry
Reactions: jooish, ZebraDude, brucemr and 1 other person
eyoungren said:
If you didn't initiate this, then someone is probably trying to hack your Apple ID. They probably have your email and password, but because of 2FA and the fact that you have the device and not them they can't get in. Alternatively, they may be trying to use a "Forgot Password" link in order to get your password. But again, 2FA.

I'd reset your Apple ID password.
Click to expand...

This is not correct. With 2FA, iPhones, iPads, and Macs linked to your account can be designated as “Trusted Devices” which allows them to reset your Apple ID password simply by using the device passcode. So if you ever forget your password, you can reset from a trusted device without issue.

That’s all this prompt is asking the OP to do, is make the iPhone a trusted device. It isn’t showing up on one of the phones because it already is a trusted device.

If someone is trying to sign in to your account, you get a different prompt that shows the location of the attempted sign-in.
 
  • Like
Reactions: ZebraDude, Zachary Alan Wright, rain111 and 3 others
blasto2236 said:
This is not correct. With 2FA, iPhones, iPads, and Macs linked to your account can be designated as “Trusted Devices” which allows them to reset your Apple ID password simply by using the device passcode. So if you ever forget your password, you can reset from a trusted device without issue.

That’s all this prompt is asking the OP to do, is make the iPhone a trusted device. It isn’t showing up on one of the phones because it already is a trusted device.

If someone is trying to sign in to your account, you get a different prompt that shows the location of the attempted sign-in.
Click to expand...
Thank you so much! I already rejected the prompt on my other iPhones. How do I make those devices trusted after that?

EDIT: realized they were already trusted devices (newer post below)
 
Last edited:
If you didn’t initiate a password change, then something is amiss. I’d logon via a web browser on a device you know is secure and change your password..
 
blasto2236 said:
This is not correct. With 2FA, iPhones, iPads, and Macs linked to your account can be designated as “Trusted Devices” which allows them to reset your Apple ID password simply by using the device passcode. So if you ever forget your password, you can reset from a trusted device without issue.

That’s all this prompt is asking the OP to do, is make the iPhone a trusted device. It isn’t showing up on one of the phones because it already is a trusted device.

If someone is trying to sign in to your account, you get a different prompt that shows the location of the attempted sign-in.
Click to expand...
The two iPhones this prompt showed up on were already trusted devices. I was already using these two iPhones for 2 factor authentication.
 
Had this happen recently. Just changed my password and never had the issue again. This is why Apple has 2FA on by default now, especially after that Fappening incident.

So in short: change your password.
 
  • Like
Reactions: Zachary Alan Wright
Arran said:
It looks like someone is trying to reset your password. I found the same popup in this 2 minute YouTube video showing the entire process. The pop up appears 50 seconds in.

Click to expand...
I just did this with my spare iPhone I use for beta updates. I got that prompt just like in the video. So, looks like the OP had someone with their Apple ID and phone number that is trying to force a password reset.
 
  • Like
Reactions: Zachary Alan Wright and Arran
Just happened to me this morning. Heard it prompt on multiple devices. Freaked me out. Went in, changed pwords, deactivated all devices, deleted CCs, logged out, went back in, changed pword again, manually added devices and contacted apple. Aeems like something is up.
 
just happened to me about 20 minutes ago while on a call. I clicked disallow and changed my password right away.
I fear this is a huge attack that Apple is not prepared for and I believe many people will be compromised today because the wording of that alert just sucks. It almost seems to ask if this iPhone is a good device to use for future resets. Terrible.
They probably have a script just trying every user if and phone number combination available.
 
  • Like
Reactions: Zachary Alan Wright
This happened to me at around 9:30 PT this morning on both my iPhone and iPad. Unfortunately I tapped “yes” on the iPhone, so now I suppose I may have just confirmed my phone number and Apple ID association to an attacker. Should have just done nothing before researching this further.
Changed Apple ID password, but now concerned about possible future vulnerability. Could an attacker spoof a device’s phone number to get around the two-factor auth and thereby gain access to the associated Apple account.
 
  • Like
Reactions: Zachary Alan Wright
Agreed, this could be a mass scripted attack. Happened to me around 9:30AM Pacific Time. This however could be an issue that Apple is experiencing with one of their services as well... Haven't called yet to verify, but seeing all of these reports of correlated experiences and no official response from Apple is somewhat unsettling.
[automerge]1578163636[/automerge]
Crashcup said:
This happened to me at around 9:30 PT this morning on both my iPhone and iPad. Unfortunately I tapped “yes” on the iPhone, so now I suppose I may have just confirmed my phone number and Apple ID association to an attacker. Should have just done nothing before researching this further.
Changed Apple ID password, but now concerned about possible future vulnerability. Could an attacker spoof a device’s phone number to get around the two-factor auth and thereby gain access to the associated Apple account.
Click to expand...

Yes, it is possible for an attacker to spoof your SIM card/phone number, attempt a password reset and have a 2-factor auth code sent to the attacker's device. This is called SIM swapping (https://en.wikipedia.org/wiki/SIM_swap_scam).

Good thing you changed your password. When changing you should have been asked to log out of all devices currently logged into your iCloud account - make sure you do log out of all devices using this feature if you didn't do that the first time around.
 
Last edited by a moderator:
Zachary Alan Wright said:
Agreed, this could be a mass scripted attack. Happened to me around 9:30AM Pacific Time. This however could be an issue that Apple is experiencing with one of their services as well... Haven't called yet to verify, but seeing all of these reports of correlated experiences and no official response from Apple is somewhat unsettling.
[automerge]1578163636[/automerge]


Yes, it is possible for an attacker to spoof your SIM card/phone number, attempt a password reset and have a 2-factor auth code sent to the attacker's device. This is called SIM swapping (https://en.wikipedia.org/wiki/SIM_swap_scam).

Good thing you changed your password. When changing you should have been asked to log out of all devices currently logged into your iCloud account - make sure you do log out of all devices using this feature if you didn't do that the first time around.
Click to expand...
Thanks for your reply, Zachary. I did log out of all devices when I performed the password reset. Still concerned leaving my phone number as a “ trusted” phone number, though.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back