hello, i have 2-step verification enabled. but I keep getting verification numbers popping on my iPhone and SMS sent with access numbers. I have changed my security key and password several times, yet I keep getting this.... any explanation how and why is this happening? does that mean hackers got access to my password, or the recovery key?
I'm not sure what you mean by you get the recovery key once a month. Once the recovery key has been issued, one usually would keep it locked away in a safe place, and that's it.
Frequently asked questions about two-step verification for Apple ID - Apple Support
Maybe consider changing the email address associated with your Apple ID instead of the recovery key.
https://support.apple.com/en-ca/HT202667
Use aliases in your day to day Apple affairs. Forward emails to your actual Apple ID email address.
If someone is getting this type of access, carefully think about who has access to your information.
You may also back up a bit and look carefully at these notifications to see if they are even legitimate.
How do they arrive? What is the exact text of them? They could be phishing attempts.
SO anyone can trigger the code on my iphone easily?! I usually have to enter the password then the code, or recovery key then the code...
I Am not getting password request, I am getting the 4 digit authentication number popping on my devices, or sent via SMS...as if someone was able to break in to my account/ password or recovery key... the question is why and how is this happening....
yes! i changed the recovery key... I usually get that once a month at least. sometimes my account will get locked, but it's freaky when you start receiving authentication numbers, it means someone is about to hijack your account...I hope to be proven wrong.
Thank you so much:) i am suspecting someone/somewhere with high hacking skills is trying hard to break into my account....sending an authentication code or an apple sms, means they managed to guess either the password or the recvery key....i shall contact apple for further investigation...
To get a code request, one only needs your Apple ID.
There are 3 elements to 2SV. The password, that recovery key and a trusted device.
Armed with only one of those, you can't take control of the account. I doubt they have any of the 3 elements, but even with your password, they are powerless.
I don't see any upside to constantly changing your recovery key.
The Recovery Key should only be used if you have lost access to two of the three required pieces for Two-Step as LACAllen indicated above:
Password
Verification Code
Trusted Device
So, if someone knows your Apple ID and password, and they were trying to get into your Apple ID account, they would not be able to because the Verification Code is sent to your Trusted Device. They wouldn't have, or be able to add a Trusted Device since they wouldn't be able to get into your Apple ID without the Verification Code.
Do you think that someone other than you knows your Apple ID and password?
Best of luck,
GB
SO anyone can trigger the code on my iphone easily?!
Yes. They simply have to use your Apple ID to try and access a service. The code is sent , but unless they have a trusted device of yours, they can't see it. Keep in mind, your Apple ID may very well be a known email address of yours.
"They" are, as 2SV provides for, blocked from accessing your account. Not from trying to, but from succeeding.
Annoying? Perhaps. But your account is not at risk just because of this.
I usually have to enter the password then the code, or recovery key then the code...
Yes, you do to move forward and access the service, but they can't.
They have neither the code or the recovery key. If they did, you would not be able to access your account right now, as "they" would have control.
Ok... again...it does seem "they" have your password. That is not in dispute. And, for 2SV, is irrelevant.
Having the password alone, without a trusted device or the recovery code is useless to them. This would be why they have not yet taken over your account or accessed any of your "stuff".
They need 2 of the 3 elements to succeed. They appear to have only 1.
They have tried. They have not succeeded. This is the value of 2SV.
I am thinking this is some kind of authority or a big brother who is trying to hack, I changed my password this morning, three hours later I receive a verification code from apple and my account is locked due to security reasons...
See this -- Fix constant Apple ID verification pop-ups
Apologies for the misunderstanding. How often are encountering these requests? You mentioned you "changed my security key", did you mean you changed your recovery key?
Apple ID 2 -step verification hacked?!
