Bad Apple! The real cost of two factor auth


There are so many other words I wanted to put there, most of them unprintable. But right now I’m really pissed off with Apple. I’m an advocate for keeping things safe, I’m a fan of two factor authentication. But as far as I’m concerned Apple have it wrong, desperately wrong.

Currently there is a lot of press around on whether Apple should release information to the FBI (or at least provide access to devices), this is not a rant about the rights or wrongs of that. It’s personal, much more personal.

2013 I had been using an Apple account associated with my main email address, with two factor auth set up. Due to a series of unfortunate events I lost access to the device. I knew the password but no phone (it was only trusted device at the time), in short I lost ability to use that account, it was frustrating, $00’s of software, music and movies had been purchased but none available anymore, primarily because I had not written down the recovery key which was the only other way to reset the account. Accepting that it was my own stupidity that had caused the loss I set up a new account and started from fresh. Again choosing two factor auth but this time carefully recording the number in my trusty Evernote file. Two and a half years later, $000’s of dollars of software, music and movies later (example here FCP is $500 alone) and I need to reset the account. Following all the prompts I was a little shocked to see ‘Your recovery key is not valid’. Double checking everything I tried a few more times, each attempt met with the same warning. To be clear, the recovery key wasn’t written down, the actual Apple screen was captured, there was no chance of error there. The date and time stamp on the Evernote entry matched within 1 minute of the email received that day from Apple advising two factor auth had been activated.

So I was becoming agitated with this and decided to call Apple. One hour ten minutes later and we were no further forward. I’d been escalated a number of times, technicians had me repeat all the same steps all with the same result. It looks like I have to start everything again. Unbelievable.

I use two factor auth on a lot of accounts, and feel secure, be it a text message or an authentication app, I’ve never had a problem. Apple however have gone out of their way to complicate this whole process.

I feel that strongly about this, I’m seriously considering removing all Apple products/software from my life!

Should it be this difficult to get access to things you’ve paid for?