It’s been about two days since my cursed Apple ID was changed. It’s working right now and I’m feeling optimistic about this fix. This is the longest period of functinoality in at least two years. Even if this is not the One-True-Solution™, it’s safe to say that this is a huge step in the right direction.
I’ve tweeted about it a bit, so people have started asking questions about what happened. I thought I’d blog about it a bit to let people know what was changed and why. I should caution, however, that my understanding of this whole system is limited to just this one experience from one perspective. I’m certainly ignorant of most of the details, reasons, and caveats. If anyone with more knowledge would like to fill in the detail, please don’t be shy, I’ll include anything else I find out here on the blog.
I’m not going to mention the customer service details specifically other than to say Apple is amazing and I can hardly imagine any other company doing anything remotely similar. My six-color faith has been refilled to the brim.
OK, let’s do this…
As I understand it, the problem is primarily that my account had a very simple login… basically my first name @a-common-name. And that it’s been around for so long. Other people attempted to sign in with that name, or connected devices to that name, or used it as their backup email address… etc. Without 2-factor auth enabled, there are only a few password attempts allowed before the account goes into lockdown mode and refuses to let you even try anymore. And even with 2-factor auth enabled the system still locks down – but you can use your 2-factor backup code to re-activate things. I have tried both over the past couple years – both end in an unusable account.
It seems that my account was connected to so many devices/people/whatever that it ensured it would get locked out almost immediately after I unlocked it. And that’s been the status quo for quite a while: I unlock the account and within a few hours it’s locked again – even when I didn’t interact with the account at all.
There is a new 2-factor system from Apple for iOS 9 and El Capitan. The new system only allows approved devices to request 2-factor codes. If one of the other approved devices doesn’t allow it, the attempts to acquire a 2-factor sign-in codes are blocked and do not lead to account-lockdown.
I’ll be honest: I don’t fully understand why this blocking happens in the new system, but does not happen in the old system. If anyone can explain that in laymen terms, I’d really appreciate it.
Irony, Served Ice Cold
The new 2-factor system is only available for devices running OS X 10.11 (El Capitan) or iOS 9. If you revisit my earlier post about my cursed Apple ID you’ll notice that last summer I decided to make a clean break; to stop using the account; and just move on. When did I decide was the perfect time? You guessed it! It was at the release of iOS 9 and El Capitan!
I decided that when I got my new iPhone 6S and upgraded to El Capitan I wouldn’t let those new things touch the cursed account. Since then I’ve only attempted changes to the account through a web browser… ensuring that I would be stuck with the old 2-factor system and the cursed lockouts.
I’m 100% positive this irony will seem hilarious just as soon as I’ve stopped crying about it.
Getting connected with the new 2-factor system is not difficult – once you know how. Here’s the basic details:
You can tell you are using the new 2-factor system if the 2-factor sign-in codes you receive are 6-digits. If they’re only 4-digits, you’re on the old system.
Turn off the old 2-factor
In order to get on the new system, you have to completely disable the old one first. If you’re not using 2-factor at all, then you can skip this part.
- Go to https://appleid.apple.com and sign in.
- Under Security choose Edit
- Click “Turn Off Two-Factor Authentication”
Turn on the new 2-factor
- On a Mac running OS X 10.11 (El Capitan) open the System Prefs (I know you can do this via iOS too, but don’t ask me how, I have no idea).
- Choose iCloud and sign in if necessary.
- Click Account Details
- Click the Security tab. (this seems buggy – i had to click this several times – signing in each time – to get it to display the Security sheet – occasionally multiple “Sign In” sheets would drop down overlapping each other – but be persistent, keep typing in that password, it seems to work eventually)
- Click “Set Up 2-Factor Authentication”
After following the steps you’ll eventually have to sign in again and will receive a 6-digit 2-factor code. This means you’re good to go. From there you can add other devices, so long as they’re running OS X 10.11 or iOS 9. I’m not sure what happens if you try to connect an older device. I’m guessing it’s just a No-Go.
I hope this post helps others exercise the demons in their own cursed accounts. If not I can only suggest persistence and finding the right Apple support guru. You never know, it might take years, but anything is possible with the right help from a super knowledgeable, super patient support person. Find Justin, he’s the best.