Apparently Apple would prefer that I not activate 2-factor auth.

I was thinking about enabling it on my Apple ID, but that seems to be impossible.

I have no idea what the answers to my "security questions" are -- if I ever filled those out at all, I almost certainly just pounded my fists on the keyboard until the prompt went away -- and the alleged option to reset them using my recovery email address does not exist. Apparently the only recourse at this point, despite having two verified email addresses and a credit card in their system, is to call them on the phone and speak to some flunky like an animal.

So no 2-factor for me, I guess. Well played, Apple. Well played.

Previously.

Tags: , , , ,

20 Responses:

  1. Sheila Marie says:

    "Favorite sports team." "Best date movie." "Name of your oldest child." "Ideal honeymoon spot." "Dream car." "Favorite luxury brand." "Prom theme." Why don't you just send my high school bullies to my house to point out how much I don't fit in, security questions? Fuck you.

  2. Sheila Marie says:

    "Favorite sports team." "Best date movie." "Name of your oldest child." "Ideal honeymoon spot." "Dream car." "Favorite luxury brand." "Prom theme." Why don't you just send my high school bullies to my house to point out how much I don't fit in, security questions? Fuck you.

  3. John Adams says:

    I am unsure why everyone doesn't fill these in with random garbage from 1password's generator and the save that in the account notes field. This is what I have always done.

    Security questions are not ever secure.

    • Nate says:

      I do that, but with a separate encrypted note for them. But at least for Keychain, the notes field for each password is in plaintext so you have to create a separate encrypted note.

      I don't really trust 1Password in general as they're often doing "helpful" things that decrease the cryptographic strength of their containers.

    • margaret says:

      yeah jamie, why don't you go to the past and use a service from the future?

  4. John Adams says:

    I am unsure why everyone doesn't fill these in with random garbage from 1password's generator and the save that in the account notes field. This is what I have always done.

    Security questions are not ever secure.

  5. Ryan Steele says:

    If you do manage to get two-step verification enabled, make sure not to lose your Recovery Key. Otherwise, you could be locked out of your Apple account forever. Yes, forever.

    • Mike says:

      Good, that's the whole idea.

      • Ryan Steele says:

        The whole idea is to lock people out of their own Apple IDs?

        Don't get me wrong, I'm not advocating for making the system less secure, but I do think Apple could do a better job of ensuring people understand that they have no recourse if some miscreant attempts a brute force attack against their account and they have lost their Recovery Key.

  6. Dave Sill says:

    Looks like it's asking you to set your security questions & answers. +1 on using random gibberish and recording it in your password manager.

    • Owen W. says:

      you may want to read that screenshot more closely

      • Jason says:

        I agree with Dave, the header is, "In case you forget..." which implies to me that they want to create the question/answer pairs right now. Also, when being challenged with the question(s) I've never seen a system that lets you pick which one to answer like the screenshot shows. So that also makes it look like setup to me.

        • jwz says:

          Jesus Christ, people.

        • Chris says:

          I'll agree that the screenshot itself is not clear, but there are definitely sites that require you to remember which one of the security questions you chose when recovering your password. Expecting someone to remember that is absolutely insane, but it happens.

          • jwz says:

            If you think that screen shot is not clear, you are literally the world's least literate moron.

            Jesus, people.

            • Chris says:

              That screen could easily be on an account creation page ("In case you forget your ID and password /in the future,/ ...")
              or on a forgot-password page ("In case you /have forgotten/ your ID and password..."). The tense of "forget" is ambiguous.

  7. Kyle Huff says:

    I would guess that Apple does not want anyone to use two factor. They just want to show that you could use two factor. You know, to protect all those sex films you let your iPhone upload for you.

  8. philo bernandez says:

    Go back to Linux and burn your Mac

  • Previously