Reset password with two-step verification issue

Question

Level 1

0 points

Reset password with two-step verification issue

This is really a epic fail solution with two-step verification process from Apple.

My account get locked out because someone attempted to login in my Apple ID for so many times.

For security reason, all my devices are showing the following messages, "Apple ID Disabled Your Apple ID has been disabled for security reasons. To enable your account, reset your password at iforgot.apple.com".

1. I went to iforgot.apple.com

2. input my locked out Apple ID

3. Step 1: I inserted my recovery key (I save the key somewhere in my MBP)

4. Step 2: Choose a trusted device to use to verify your identity (My iPhone 4s)

5. My Apple ID already been locked out, so my phone won't receive any temporary verification code.

I do have my Apple ID password, a trusted device and my recovery key.

However I don't get any verification code into my trusted device because my phone is not login into the locked out Apple ID.

I called Apple help line that said: You do have an active registered iphone but you don't get the codes. Sorry we can't really do anything about it, and there is no tool we can help you out.

This is really a epic fail for this recovery flow from Apple. How can they design a security system that against their own recovery flow, and there is no way to re-activate by their support advisor?

This is the end conclusion, and I can't recover my account back with all my data. However, i am surprised that Apple didn't run through those QA test for different scenarios that some users may face the same problems like me.

Regards!

MacBook Pro (13-inch Mid 2009), OS X Mavericks (10.9)

Posted on Nov 8, 2013 8:56 AM

Reply

Answer 1

Best reply

fromsouth

Level 5

4,945 points

Nov 8, 2013 9:08 AM in response to lionliang

Source

http://support.apple.com/kb/HT5570

What do I need to remember when I use two-step verification?

Two-step verification simplifies and strengthens the security of your account. After you turn it on, there will be no way for anyone to access and manage your account at My Apple ID other than by using your password, verification codes sent your trusted devices, or your Recovery Key. You must be responsible for:

Remembering your password.
Keeping your trusted devices physically secure.
Keeping your Recovery Key in a safe place.

If you lose access to two of these three items at the same time, you could be locked out of your Apple ID account permanently.

In addition, with two-step verification turned on, only you can reset your password, manage your trusted devices, or create a new recovery key.

Apple Support can help you with other aspects of your service, but they will not be able to update or recover these three things on your behalf.

It appears that they informed everyone of consequences. Sorry.

Reply

Answer 2

lionliang Author

Level 1

0 points

Nov 9, 2013 7:49 AM in response to fromsouth

Well.. I know that is the end story from their support reference, but I just can't believe how can they design this flow that the owner has all the right information is useless to recovery their own account.

Reply

Answer 3

fromsouth

Level 5

4,945 points

Nov 9, 2013 8:17 AM in response to lionliang

Purely my opinion.

I think they tried to create ecosystem for people that wanted completely closed environment, where they do not depend on anyone or anything including Apple. They succeeded all right, but people can't be independent, when it comes to accounts. I would never personally recommend anything like that to anyone, because I can simply guarantee, that every record that I do have on my computer or desk today is not going to be here 5 years from now.

My suggestion.

There is website www.apple.com/feedback

Feedback could be positive with some kind of improvment offered. You know how they bypass locked mode when music from icloud is played so people can search for device? Maybe they can bypass the same way for verification code - so it would display even on locked out phone.

Reply

Answer 4

lionliang Author

Level 1

0 points

Nov 17, 2013 6:32 AM in response to lionliang

I forget to note this down. Good news that Apple unlock my account after 48 or 72 hours, so I am able to login with my original password and reset my account on iforget. This time, I did turn-off my two-step verification, so I don't need to run through the same experiecne again. I still want to tell Apple that the users shouldn't get log-off from their phone if the same has two-step turn on. Please fix this then I will consider to use the feature again.

Reply

Answer 5

Apr 3, 2014 12:59 PM in response to lionliang

Hey Lionliang,

I know your problem has long since been solved, but I had a question based on your experience.

I am in a similar situation to what yours was, only that I believe that I have stupidly threw out my Recovery Key (I wrote it down and put it in a folder that I later somehow thought was okay to trash without looking through it). I know my password and have all my trusted devices, so I contacted Apple in hopes that they could verify me, and unlock the account from their end, but I pretty much got the same response as you did.

You mentioned in your second post that your account unlocked after a few days. I was curious if this was something that happened automatically. Did it simply allow you to log in to My Apple ID with your pre-existing password, or did you still have to input your recovery key at some point before gaining access? It hasn't quite been three days for me yet, so I have my fingers crossed for a miracle. Thanks!

Reply