Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
MacBook Pro Updates
Losing Two-Factor Recovery Key Could Permanently Lock Apple ID
In March 2013, Apple introduced two-factor authentication to provide additional security for Apple IDs. It expanded the feature to several new countries earlier this year and introduced it to the company's iCloud.com website this September. This was after CEO Tim Cook promised to broaden use of its two-factor authentication system in the wake of a hacking incident that saw several celebrities' iCloud accounts hacked.
The system requires a user to have a second "trusted" device that is used to verify a user's identity in addition to an extra security code called the "Recovery Key". However, in a new account from The Next Web's Owen Williams, that Recovery Key also has the potential to completely lock a person out of their account if they're being hacked.
Williams found that someone had tried to hack his iCloud account. Apple's two-factor system kicked in and locked the account, denying entry to the would-be hacker while also denying entry to Williams. When he went to iForgot, Apple's account recovery service, he assumed two of his password, Recovery Key or trusted device would unlock his account, as he was led to believe by an Apple Support document.
Williams concludes with a warning that anyone with two-factor authentication should take far greater care in protecting and remembering where they store their Recovery Keys, as losing it could permanently lock a user out of their Apple ID with Apple unable to do anything to help. The entire account, which is a fascinating and worthwhile read, can be read at The Next Web.
The system requires a user to have a second "trusted" device that is used to verify a user's identity in addition to an extra security code called the "Recovery Key". However, in a new account from The Next Web's Owen Williams, that Recovery Key also has the potential to completely lock a person out of their account if they're being hacked.
Williams found that someone had tried to hack his iCloud account. Apple's two-factor system kicked in and locked the account, denying entry to the would-be hacker while also denying entry to Williams. When he went to iForgot, Apple's account recovery service, he assumed two of his password, Recovery Key or trusted device would unlock his account, as he was led to believe by an Apple Support document.
When I headed to the account recovery service, dubbed iForgot, I discovered that there was no way back in without my recovery key. That’s when it hit me; I had no idea where my recovery key was or if I’d ever even put the piece of paper in a safe place. I’ve moved since I set up two-factor on iCloud.Williams contends he took a screenshot of the Recovery Key and printed that out as well as taking a photo on his iPhone to keep as a backup, but could not locate either and was on the verge of losing his "digital life". He called Apple customer support and was told that he had forfeited his Apple ID by losing his Recovery Key and that there was no way Apple could help him. He called back a second time.
When she got back on the line, the story was just as bleak. “We take your security very seriously at Apple” she told me “but at this time we cannot grant you access back into your Apple account. We recommend you create a new Apple ID.”After a couple more days of talking to Apple customer support and even friends who worked at Apple, he continued to receive same responses: he was locked out of his account due to someone trying to hack into it and couldn't unlock it without a Recovery Key even though Apple's support document says it's possible with a trusted device. Eventually, Williams located his Recovery Key in what he calls the "depths" of his Time Machine backup, allowing him to finally unlock his account.
Williams concludes with a warning that anyone with two-factor authentication should take far greater care in protecting and remembering where they store their Recovery Keys, as losing it could permanently lock a user out of their Apple ID with Apple unable to do anything to help. The entire account, which is a fascinating and worthwhile read, can be read at The Next Web.
[ 206 comments ]
Top Rated Comments
(View all)
58 months ago
I am also confused how this is news. Apple explicitly states that losing the key will make the recovery impossible. And anyway, do you want secure accounts or not? If yes, then you are personally responsible for your stuff. Putting this silly article on MacRumours is entirely pointless.
58 months ago
Almost all the posts in here are incorrect about the purpose of the Recovery Key.
The Recovery Key is required if you forget your Apple ID password or lose access to a trusted device.
According to this article, the person in question knew his password and had a trusted device. He shouldn't have needed the Recovery Key.
The only thing Apple says about an account being compromised is that you need to reset your Apple ID password. And it says nothing about needing a Recovery Key to do that.
The Recovery Key is required if you forget your Apple ID password or lose access to a trusted device.
According to this article, the person in question knew his password and had a trusted device. He shouldn't have needed the Recovery Key.
The only thing Apple says about an account being compromised is that you need to reset your Apple ID password. And it says nothing about needing a Recovery Key to do that.
58 months ago
Two-Factor Authentication is just that:
A user will need 2 out of the 3;
1. Password
2. Device
3. Recovery Key
The name of service describes it.
They could perhaps release the lock after 48 hours, or unlock the account if you supply password, trusted device, and some additional verification (like showing a photo ID at an Apple store or sending a verification code to an alternate email address).
58 months ago
This happened to me
This exact issue happened to me (lost my recovery key and account was locked out), and was fixed just today in fact (funny coincidence?).
So initially my two-factor enabled account was locked out by someone else trying to log into it too many times. Unlike simple accounts, two-factor accounts won't unlock after 8 hours, and actually have to have the passport reset. Where the issue arises is that Apple only ever says you have to have 2 or the 3 "keys" to regain access to your account:
1. Password
2. Trusted Device (or mobile number)
3. Recovery Key
However, if your account gets locked out, the iforgot website only gives you the option to enter the recovery key. There is a link under the box to enter it "Lost Recovery Key" which leads you to the two-part authentication support page. It lists that to reset your recovery key, you simply need to login to manage your apple ID and regenerate a new one. However this simply leads you back to a locked out account, which leads back to iforgot (a big loop).
I raised this issue with Apple Support back in July/August 2014 and over 15 calls and emails back and forth and 4 different senior support specialists they were still "looking into it". Finally I got tired of the lack of effort on their side to resolve my issue so I emailed them back (first week of December 2015), this time copying Tim Cook and Eddy Cue. It's surprising how much faster things moved after that. I received a phone call from a representative from the executive support team who hooked me up on a call with an Apple Engineer and another support specialist (they seem to have many levels of these).
Long story short, the Apple Engineer was able to "unlock" my account temporarily which allowed me to login to my Apple ID management account page and reset my account. I was able to use my existing password and a text message sent to my phone to resolve the two-step authentication part. The engineer was a bit of a dick about it and was blaming me for having lost the Recovery Key, but I don't see how thats my problem as they said I could use "any" 2 not my "Recovery Key" then "any" 2.
So there is hope if you think they can't do it. You might have to wait 3-4 months like me, but all is not lost :).
This exact issue happened to me (lost my recovery key and account was locked out), and was fixed just today in fact (funny coincidence?).
So initially my two-factor enabled account was locked out by someone else trying to log into it too many times. Unlike simple accounts, two-factor accounts won't unlock after 8 hours, and actually have to have the passport reset. Where the issue arises is that Apple only ever says you have to have 2 or the 3 "keys" to regain access to your account:
1. Password
2. Trusted Device (or mobile number)
3. Recovery Key
However, if your account gets locked out, the iforgot website only gives you the option to enter the recovery key. There is a link under the box to enter it "Lost Recovery Key" which leads you to the two-part authentication support page. It lists that to reset your recovery key, you simply need to login to manage your apple ID and regenerate a new one. However this simply leads you back to a locked out account, which leads back to iforgot (a big loop).
I raised this issue with Apple Support back in July/August 2014 and over 15 calls and emails back and forth and 4 different senior support specialists they were still "looking into it". Finally I got tired of the lack of effort on their side to resolve my issue so I emailed them back (first week of December 2015), this time copying Tim Cook and Eddy Cue. It's surprising how much faster things moved after that. I received a phone call from a representative from the executive support team who hooked me up on a call with an Apple Engineer and another support specialist (they seem to have many levels of these).
Long story short, the Apple Engineer was able to "unlock" my account temporarily which allowed me to login to my Apple ID management account page and reset my account. I was able to use my existing password and a text message sent to my phone to resolve the two-step authentication part. The engineer was a bit of a dick about it and was blaming me for having lost the Recovery Key, but I don't see how thats my problem as they said I could use "any" 2 not my "Recovery Key" then "any" 2.
So there is hope if you think they can't do it. You might have to wait 3-4 months like me, but all is not lost :).
58 months ago
It's been this way since day 1. Hello!
Since the password has been entered wrong multiple times hence "forgotten", "hacked", "locked", "disabled", call it whatever you want, the system requires you to have the other 2 options:
recovery key + trusted device
Since the password has been entered wrong multiple times hence "forgotten", "hacked", "locked", "disabled", call it whatever you want, the system requires you to have the other 2 options:
recovery key + trusted device
58 months ago
I wonder how many of the people here calling that guy stupid proceeded to check that their recovery key still exists.
[ Read All Comments ]
Apple may have discontinued its gold-plated Apple Watch Edition back in 2016, but that hasn't stopped some keen do-it-yourselfers from filling the void.
YouTube stars Casey Neistat and...
FileMaker 18 for macOS launched today, introducing a collection of feature enhancements like an improved user interface and a larger variety of security controls. FileMaker, Inc. is one of...
Apple today previewed a new Safari feature called Privacy Preserving Ad Click Attribution that it says will allow advertisers to measure the effectiveness of their ad campaigns on the web without...
Popular PC game League of Legends is on its way to mobile devices, according to three sources with knowledge of plans for the game who spoke with Reuters. The smartphone version of the game is being...
Nintendo today kicked off the beta for its mobile game Mario Kart Tour, limited to Android in Japan and the United States. Thanks to players starting to get their hands on the game, we now have a...
Mobile network EE has announced it will launch 5G in the United Kingdom on May 30, beating rival Vodafone's 5G offering which launches in early July.
At a London press event this morning,...
Valve has released a new free standalone Steam Chat app for iOS and Android that brings several of the desktop Steam chat client's features to mobile.
Steam users can now use their...
As of today, transit users in the Portland-Vancouver area are able to use their iPhones and Apple Watches to ride the TriMet, C-Tran, and Portland Streetcar, according to the Portland Tribune.
A...
