I hope that I am not having a false sense of security. As far as I know I have never set up a recovery key. I understood that this was only an issue for encrypted disc systems? I do not have any encryptions set up on any of my Mac iPad or iPhone. Am I on a knife edge without realising it?
David Griffith > On 9 Dec 2014, at 21:22, Joseph <ablindvou...@icloud.com> wrote: > > Hello List, > The only thing i'd suggest regarding your recovery key is this. Don't store > it on a computer device. Reason? What if the computer with the key on it > crashes? I'd write it down somewhere or print it out and keep a copy of the > key somewhere. > While I use 2 step verification, I see the recovery key as being a condition > critical situation and treat it as such. > > >> On Dec 9, 2014, at 1:15 PM, Ray Foret Jr <rforet7...@comcast.net >> <mailto:rforet7...@comcast.net>> wrote: >> >> Mark, many thanks for this very concerning article. I have already saved it >> on my Mac. Very timely, and, as I think, a great service to us all. Again, >> thank you. >> >> Sincerely, >> The Constantly barefooted Ray, >> >> Still a very happy Mac, Verizon Wireless iPhone 6+ and Apple TV user! >> >> Sent from my iPhone, >> the only smart phone with full accessibility for the blind built-in >> >> On Dec 9, 2014, at 2:10 PM, M. Taylor <mk...@ucla.edu >> <mailto:mk...@ucla.edu>> wrote: >> >>> Hello Everyone, >>> >>> I strongly suggest that you read the following article, very carefully. >>> >>> The link to the original post may be found at the end of the text. >>> >>> Mark >>> >>> The dark side of Apple's two-factor authentication >>> >>> Earlier this week, a strange message popped up on my Mac that I thought >>> nothing of. "You can't sign in because your account was disabled for >>> security reasons." I dismissed it in my tired haze, thinking it would solve >>> itself and went to sleep. >>> >>> The next morning, I didn't have time to deal with the message - which was >>> now popping up every half hour - for a few hours until it became annoying. I >>> figured I'd done something dumb and broken iCloud, but that it could wait. >>> >>> I'd turned two-factor on my Apple ID in haste when I read Mat Honan's >>> harrowing story about how his Mac, iPhone and other devices were wiped when >>> someone broke into his iCloud account. That terrified me into thinking about >>> real security for the first time. >>> >>> When I finally had time to investigate the errors appearing on my machine, I >>> discovered that not only had my iCloud account been locked, but someone had >>> tried to break in. Two-factor had done its job and kept the attacker out, >>> however, it had also inadvertently locked me out. >>> >>> The Apple support page relating to lockouts assured me it would be easy to >>> recover my account with a combination of any two of either my password, a >>> trusted device or the two-factor recovery key. >>> >>> When I headed to the account recovery service, dubbed iForgot, I discovered >>> that there was no way back in without my recovery key. That's when it hit >>> me; I had no idea where my recovery key was or if I'd ever even put the >>> piece of paper in a safe place. I've moved since I set up two-factor on >>> iCloud. >>> >>> I began nervously scouring the entire house for the code, before giving up >>> after a few frustrating hours and began searching my computer for any trace >>> of it. I found countless "recovery keys" but they weren't for the right >>> things; for my Mac's hard-drive encryption, Twitter, Facebook and other >>> accounts, but not for my Apple ID. >>> >>> How could I be foolish enough to misplace my Apple ID recovery key? >>> I swore that I'd taken a screenshot, printed it and had taken a photo of it >>> with my iPhone for extra safekeeping. >>> >>> This is when it began to sink in that this single ID held the keys to much >>> of my digital life; everything from iTunes purchases going back seven years, >>> app purchases and even the ability to get my iPhone out of the grips of Find >>> my iPhone's lock. >>> >>> The sinking feeling began. After fruitlessly searching and a lot of cussing, >>> I decided to call Apple. I figured that something must be wrong, since the >>> support page claims you can use trusted devices to recover your ID in cases >>> like this. >>> >>> The first person I spoke to told me immediately after getting on the phone >>> that in no uncertain terms I had forfeit my Apple ID by losing the recovery >>> key. He refused to help me. I hung up and called back. >>> >>> On the second call, I got a lovely woman who totally understood my plight >>> and how terrible it was. She told me a similar thing had happened to her, >>> and it had turned out OK. After 20 minutes of poking around and lots of >>> awkward sighing, she put me on hold to talk to a senior manager. >>> >>> When she got back on the line, the story was just as bleak. "We take your >>> security very seriously at Apple" she told me "but at this time we cannot >>> grant you access back into your Apple account. We recommend you create a new >>> Apple ID." >>> >>> I couldn't believe what I was hearing and fought back that surely there was >>> some other way, but I was told point blank that Apple would not help me. I >>> offered a scan of my government ID, my trusted devices and other proof that >>> it was me. Nope, that won't do for Apple in this situation. She apologized >>> profusely and said there was nothing more should do. >>> >>> Furious about the situation, I took to Twitter in a fit of rage, complaining >>> that Apple couldn't help me out of a dumb situation, in which I could easily >>> prove who I was. It was frustrating enough that when setting up my Apple ID, >>> the company assured me I could recover the account with a trusted device. >>> >>> I know it was stupid that I'd lost the recovery key but I'd set it up so >>> long ago I couldn't remember where it would conceivably be. There's only so >>> many things I can keep track of. Besides, I figured I'd be able to use >>> trusted device to get out of a mess like this. >>> >>> I'd looked almost everywhere twice by this point. Who remembers stuff like >>> this? >>> >>> Apple's two factor signup process tries to point out the importance of the >>> key when you set it up. >>> You have to print the key, then re-enter it to show that you've got it. I >>> don't think this step existed when it launched. >>> >>> So, I pushed on, resuming the hunt. As 24 hours without my Apple ID >>> approached, iMessage broke and my devices all started incessantly >>> complaining that the account was locked, amplifying an already frustrating >>> situation. >>> >>> Figuring that maybe I'd just had bad luck with the phone, I tried Apple's >>> online chat service. I got the exact same answer; "We take your security >>> very seriously at Apple, but we cannot help in this situation." I pointed >>> out that the security page said otherwise, so the chat person put me on the >>> phone with an iTunes senior advisor. >>> >>> After a few minutes of "uhhhh" on the other end of the phone, I got my third >>> "we take your security very seriously at Apple, this account will be >>> permanently disabled unless you can find the recovery key." I argued my >>> point that I had both my trusted devices and my password as required by the >>> support page, but was told this was irrelevant because someone else had >>> tried to get into my account. >>> >>> I talked to a friend who knew people at Apple who told me that the security >>> folks said the iForgot page is final. There's nothing they can do. >>> >>> Basically, I was locked out of my entire digital life, because someone had >>> tried to hack me. The irony of the fact that my increased security had >>> ultimately locked me out dawned on me, mixed with tiredness and frustration, >>> so after taking a moment to scream internally, I started furiously searching >>> ancient time machine backups. >>> >>> As I searched the depths of my time machine backups and was on the phone for >>> the fifth (or even sixth) time to iCloud support, I found an old picture I'd >>> taken on my iPhone of a screen. It was my recovery key. I started crying >>> tears of joy at this point. The Apple rep on the phone started clapping and >>> was very glad to get out of continuing to argue with me. >>> >>> The only time I've ever been glad to have taken a picture of my screen >>> >>> If I hadn't managed to find this key or had never bothered to save it in the >>> first place, I would have lost the Apple ID forever. If I hadn't made a time >>> machine backup of my machine before it got corrupted earlier this year, I'd >>> have been out of luck entirely. >>> >>> Apple support told me that the security lock doesn't expire, so there's no >>> way to get around requiring the key, even though its support site says you >>> can use trusted devices. You're simply not given that option when your >>> account is locked. >>> >>> What's perplexing is it wasn't even technically my fault. Someone tried to >>> guess their way into my account and it was locked as a result; I didn't do >>> anything wrong, yet I was entirely locked out because I couldn't find the >>> key. >>> >>> Apple's support page had given me false hope, because I expected to be able >>> to use a combination of my password and trusted devices to recover from >>> being locked out if it ever happened. >>> >>> This isn't the case when your account is locked; what Apple doesn't tell you >>> is that when your account is locked (because of too many attempts) your >>> password is not a valid recovery option and you'll need your recovery key. >>> >>> What if I was carrying the key in my wallet and I was robbed, like this poor >>> user on Stack Overflow? Apple still wouldn't (or couldn't) help you, because >>> it's "impossible" to recover an Apple ID without that key, according to its >>> support staff. >>> >>> Apple's changing security policy >>> One has to wonder if it was previously possible, before Mat's social >>> engineering hack or the iCloud celebrity hackings took place, to recover a >>> two-factor enabled account by using Apple Support. The "we take your >>> security very seriously at Apple" line seems like it's been rehearsed and >>> drilled into the support staff's heads so that the same scandals don't >>> happen again. >>> >>> I asked Apple PR about this situation, who told me that the support article >>> is correct. If you lose your recovery key with two factor enabled, you lose >>> your account. Apple can't help you. >>> >>> I've learnt my lesson about treating recovery keys with extreme caution from >>> this. I never knew that I'd have no hope of recovery if it was lost; I'd >>> been lulled into a false sense of security, figuring that my trusted devices >>> would get me back into locked account. >>> >>> From now on, I'll know exactly where each recovery key is. I urge you to do >>> the same. >>> >>> http://thenextweb.com/apple/2014/12/08/lost-apple-id-learnt-hard-way-careful >>> >>> <http://thenextweb.com/apple/2014/12/08/lost-apple-id-learnt-hard-way-careful> >>> -two-factor-authentication/ >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "MacVisionaries" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to macvisionaries+unsubscr...@googlegroups.com >>> <mailto:macvisionaries+unsubscr...@googlegroups.com>. >>> To post to this group, send email to macvisionaries@googlegroups.com >>> <mailto:macvisionaries@googlegroups.com>. >>> Visit this group at http://groups.google.com/group/macvisionaries >>> <http://groups.google.com/group/macvisionaries>. >>> For more options, visit https://groups.google.com/d/optout >>> <https://groups.google.com/d/optout>. >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "MacVisionaries" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to macvisionaries+unsubscr...@googlegroups.com >> <mailto:macvisionaries+unsubscr...@googlegroups.com>. >> To post to this group, send email to macvisionaries@googlegroups.com >> <mailto:macvisionaries@googlegroups.com>. >> Visit this group at http://groups.google.com/group/macvisionaries >> <http://groups.google.com/group/macvisionaries>. >> For more options, visit https://groups.google.com/d/optout >> <https://groups.google.com/d/optout>. > > > -- > You received this message because you are subscribed to the Google Groups > "MacVisionaries" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to macvisionaries+unsubscr...@googlegroups.com > <mailto:macvisionaries+unsubscr...@googlegroups.com>. > To post to this group, send email to macvisionaries@googlegroups.com > <mailto:macvisionaries@googlegroups.com>. > Visit this group at http://groups.google.com/group/macvisionaries > <http://groups.google.com/group/macvisionaries>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to macvisionaries+unsubscr...@googlegroups.com. To post to this group, send email to macvisionaries@googlegroups.com. Visit this group at http://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
