I struggled with this a couple years ago and could not figure out what was locking my account once every 3 days. Apple doesn't let you reuse passwords so you're creating and remembering a new password every change. 2 factor does nothing, if you get your password wrong 3-4 times, it still locks it and forces a password change. Apple support couldn't help me figure out what IP was sending bad login attempts so I couldn't even nail down what device, or if it was someone else doing it. Support made me change the apple ID email to another email, that didn't stop and turns out you really shouldn't do that because you lose all in app purchases. In the end, wiping an old Apple TV 3 at my office fixed the problem, for whatever reason after an update it kept sending a bad password even after logging out and logging back in using the new email.
If you want revenge on someone, get their apple ID, and just fail login 5x a day to force them to unlock their account daily. It is the most frustrating thing imaginable.
I struggled with this a couple years ago and could not figure out what was locking my account once every 3 days. Apple doesn't let you reuse passwords so you're creating and remembering a new password every change.
It's 2018, there are dozens of excellent password managers, and iOS 12 now has built-in support for Safari and apps for auto-filling extremely strong passwords without having to remember any of your online account passwords.
In fact, this change in iOS 12 has allowed me to get even the least tech savvy in my family to setup and use a good password manager.
I struggled with this a couple years ago and could not figure out what was locking my account once every 3 days. Apple doesn't let you reuse passwords so you're creating and remembering a new password every change.
It's 2018, there are dozens of excellent password managers, and iOS 12 now has built-in support for Safari and apps for auto-filling extremely strong passwords without having to remember any of your online account passwords.
In fact, this change in iOS 12 has allowed me to get even the least tech savvy in my family to setup and use a good password manager.
You need to be logged into your iTunes/iCloud account before you have access to keychain and password manager. iCloud and iTunes login is a popup with no access to any password managers.
I struggled with this a couple years ago and could not figure out what was locking my account once every 3 days. Apple doesn't let you reuse passwords so you're creating and remembering a new password every change.
It's 2018, there are dozens of excellent password managers, and iOS 12 now has built-in support for Safari and apps for auto-filling extremely strong passwords without having to remember any of your online account passwords.
In fact, this change in iOS 12 has allowed me to get even the least tech savvy in my family to setup and use a good password manager.
I agree. Apps like 1Password have always been excellent, but the way they integrate seamlessly into security/login workflows with iOS 12 makes them even better. Keeping my fingers crossed that this bug doesn't bite me.
I struggled with this a couple years ago and could not figure out what was locking my account once every 3 days. Apple doesn't let you reuse passwords so you're creating and remembering a new password every change.
It's 2018, there are dozens of excellent password managers, and iOS 12 now has built-in support for Safari and apps for auto-filling extremely strong passwords without having to remember any of your online account passwords.
In fact, this change in iOS 12 has allowed me to get even the least tech savvy in my family to setup and use a good password manager.
You need to be logged into your iTunes/iCloud account before you have access to keychain and password manager. iCloud and iTunes login is a popup with no access to any password managers.
As I stated. "It's 2018, there are dozens of excellent password managers, and iOS 12 now has built-in support for Safari and apps for auto-filling extremely strong passwords without having to remember any of your online account passwords."
Everything in that sentence is referring to using a robust, 3rd-party solution, not Apple's anemic solution.
I struggled with this a couple years ago and could not figure out what was locking my account once every 3 days. Apple doesn't let you reuse passwords so you're creating and remembering a new password every change.
It's 2018, there are dozens of excellent password managers, and iOS 12 now has built-in support for Safari and apps for auto-filling extremely strong passwords without having to remember any of your online account passwords.
In fact, this change in iOS 12 has allowed me to get even the least tech savvy in my family to setup and use a good password manager.
I agree. Apps like 1Password have always been excellent, but the way they integrate seamlessly into security/login workflows with iOS 12 makes them even better. Keeping my fingers crossed that this bug doesn't bite me.
Wasn’t 1Password compromised not so long ago? Anything not completely owned and operated by Apple for absolute security I have no confidence in.
*Looks like the issue with 1Password was in 2016 when they were pushing passwords to save to cloud backup.
I struggled with this a couple years ago and could not figure out what was locking my account once every 3 days. Apple doesn't let you reuse passwords so you're creating and remembering a new password every change.
It's 2018, there are dozens of excellent password managers, and iOS 12 now has built-in support for Safari and apps for auto-filling extremely strong passwords without having to remember any of your online account passwords.
In fact, this change in iOS 12 has allowed me to get even the least tech savvy in my family to setup and use a good password manager.
I agree. Apps like 1Password have always been excellent, but the way they integrate seamlessly into security/login workflows with iOS 12 makes them even better. Keeping my fingers crossed that this bug doesn't bite me.
And because it's so easy to use I'm now saving money and time while making my family more secure.
I created a family plan (which includes a couple old friends) which is $5/month for up to 5 people and then $1/month for every person after that. I had everyone setup on it send me $12 for the year via ApplePay. That reduces my cost to $1/month, which is much less than buying the app outright or macOS, iOS, and Windows every several years.
It saves time because I don't have to deal with panicked people as much for password issues and since I'm the owner of the 1Password account I have managerial control (which doesn't let me see any of their vault data) but does it make it easy for me send them a way to easily change the "one password" they have to memorize. Additionally, some accounts, like Hulu and Netflix, are shared so if those passwords are ever changed the new data will be synced to the Shared vaults for those that have access without having to send them a message or try reading to them a randomly generated 64-character passcode.
I struggled with this a couple years ago and could not figure out what was locking my account once every 3 days. Apple doesn't let you reuse passwords so you're creating and remembering a new password every change.
It's 2018, there are dozens of excellent password managers, and iOS 12 now has built-in support for Safari and apps for auto-filling extremely strong passwords without having to remember any of your online account passwords.
In fact, this change in iOS 12 has allowed me to get even the least tech savvy in my family to setup and use a good password manager.
I agree. Apps like 1Password have always been excellent, but the way they integrate seamlessly into security/login workflows with iOS 12 makes them even better. Keeping my fingers crossed that this bug doesn't bite me.
Wasn’t 1Password compromised not so long ago? Anything not completely owned and operated by Apple for absolute security I have no confidence in.
*Looks like the issue with 1Password was in 2016 when they were pushing passwords to save to cloud backup.
What is that suppose to mean? Are you saying they were dropping passwords onto "cloud backups" in plaintext, because saving your vault to a various cloud-based solutions for backup and syncing to other devices has been a part of 1Password for nearly its entire existence? Do you have a link that backs you claim that 1Password was "compromised"?
Woaha! I've relied on 1Password for a long time and this is the first I've heard of any issue. I'm somewhat skeptical of the posting, especially given the 2016 reference...however...
But I digress...on the topic...I've spent a fair amount yesterday and today dealing with this AppleID mess. It actually started on Sunday with the referenced notification. Since then, I've changed a primary AppleID 2 times...just to be sure. Absolute first time I've been engulfed in such shenanigans, which makes me assume, this is widespread.
Actually, it's a good motivator as I'm going through and changing ALL passwords as a precaution. Painful, yes, but I liken it to sleeping...not what I want to do a lot, but some times, you just gotta!
Did anyone else get the phishing email? Perhaps they attempt to brute force a bunch of accounts, knowing Apple will lock them and knowing they won't get in. But also knowing news sites will report it. Then simultaneously they send out a bunch of phishing emails that look almost exactly like a real Apple email saying your Apple ID has been disabled and people, having read the news, click on the link without a second thought and give them their real credentials.
Woaha! I've relied on 1Password for a long time and this is the first I've heard of any issue. I'm somewhat skeptical of the posting, especially given the 2016 reference...however...
But I digress...on the topic...I've spent a fair amount yesterday and today dealing with this AppleID mess. It actually started on Sunday with the referenced notification. Since then, I've changed a primary AppleID 2 times...just to be sure. Absolute first time I've been engulfed in such shenanigans, which makes me assume, this is widespread.
Actually, it's a good motivator as I'm going through and changing ALL passwords as a precaution. Painful, yes, but I liken it to sleeping...not what I want to do a lot, but some times, you just gotta!
No, the issue (as I recall) was people were complaining about their passwords being saved to a cloud backup and this was during a period of time that people were under the impression their cloud backups were being hacked (whereas they were actually being compromised via phishing attacks and social engineering).
Trouble is, based on what I see on a daily basis in the Apple Discussion Forums, a significant number of users routinely forget their security questions and Apple ID passwords. Then they fly into a rage when told how to go about reestablishing control. They also don't give a rat’s hind end about security.
Yes, I have a friend who cannot remember her security questions. When she initially set up her IDs she saw them as stupid and a nuisance and just rushed through them. Now, if she ever needs them she'll be in trouble.
I have another friend who sets up long, complicated non-intuitive passwords. He usually writes them down on a piece of scratch paper -- which he then loses...
Sigh...
Why haven't you told your friends that they can log into their accounts and change the answers to their security questions?
As of 10:24 PM east standard time my Apple ID is working, which was not the case this morning. I have called Apple about three times over the past 30 years and this morning I gave them hell about this issue and told them to fix it because I wasn't going re-enter my password for the multitude of devices I own for the record. I did NOT FORGET my password.
This just shows the fragility of the Apple ecosystem when using their two-factor authentication system that depends on being logged into your Apple ID - NOT SMART. They need to implement timecodes like Google Authenticator timecodes which are not dependent on an active online account. Most major internet services support timecodes, but not the major banks.
Also, note Microsoft's recent downgrade of Windows 10 Pro version to home in the past week. because of an activation server problem too.
In general, this is a warning to have alternative ways to conduct your electronic life. Also, it's a good time double check your Apple security questions.
Fortunately, I had a backup Android phone and had an alternative email for apple to "contact" me.
Also, thinking about switching to Ubuntu for the future because Apple seems hell-bent on wrecking Mac OS X. Do people like the green button on the window that removes the menu bar for "focus" instead of just fully expanding a window, option-click on the green would have been a more clever implementation?
Finally, Apple needs to think about user experience/security/reliability versus things like talking animoji poo piles.
2 pieces of advice . 1.Use iCloud Keychain to make passwords. Do not try to remember them. 2. Use 2Factor Authentication.
No, use a real password manager. I recommend 1Password or PasswordWallet by Selznick. The last thing you need is your most important data locked up, corrupted, or lost by the mess that is Apple's 'cloud' stuff.
GeorgeBMac said: Yes, I have a friend who cannot remember her security questions. When she initially set up her IDs she saw them as stupid and a nuisance and just rushed through them. Now, if she ever needs them she'll be in trouble.
I have another friend who sets up long, complicated non-intuitive passwords. He usually writes them down on a piece of scratch paper -- which he then loses...
Sigh...
Sheesh. They should be called un-security questions. If a company is stupid enough to force you to set them up, the answer you want to something like, 'Where did you go to high school?' should be something like: 4D^qLT6%wl ... and only be used for that one security question for that one account.
And, yes, they won't be able to remember these, or even keep track of them very well w/o learning to use a password manager. IMO, that is required knowledge to have tech no the Internet these days.
2 pieces of advice . 1.Use iCloud Keychain to make passwords. Do not try to remember them. 2. Use 2Factor Authentication.
No, use a real password manager. I recommend 1Password or PasswordWallet by Selznick. The last thing you need is your most important data locked up, corrupted, or lost by the mess that is Apple's 'cloud' stuff.
GeorgeBMac said: Yes, I have a friend who cannot remember her security questions. When she initially set up her IDs she saw them as stupid and a nuisance and just rushed through them. Now, if she ever needs them she'll be in trouble.
I have another friend who sets up long, complicated non-intuitive passwords. He usually writes them down on a piece of scratch paper -- which he then loses...
Sigh...
Sheesh. They should be called un-security questions. If a company is stupid enough to force you to set them up, the answer you want to something like, 'Where did you go to high school?' should be something like: 4D^qLT6%wl ... and only be used for that one security question for that one account.
And, yes, they won't be able to remember these, or even keep track of them very well w/o learning to use a password manager. IMO, that is required knowledge to have tech no the Internet these days.
The only problem with that security answer is that many still limit the field to just alphanumerical, and some with just letters and spaces. But you can make this answer long enough that it's also sufficiently complex.
Additionally, they also usually need to know your email address or username to gain access. For the reason, I use random usernames and email aliases whenever possible to make it hard for say, one website to have a breach and then have that cross over to another website where a hacker may hope that my email address or username is the same. I used to use a standard alias for the email, like [email protected]*, but now I just use something random, like [email protected]*.
I even use random birthdays for the sites that require it, which can also be used for regaining access. Since I store all this data securely in 1Password there's absolutely no reason for me to not to do these simple things once and save it.
Finally, I have a calendar reminder for me to copy my 1Password vault to a flash drive which I save to a safety deposit box 4x a year. At this point I could probably move that to twice a year since I add so few sites or even change the data too often these days, but every 3 months isn't inconvenience and I do other things whilst at the bank, so it's fine. I don't know if a bank vault and the metal boxes would be a sufficient shield from an EMP, but I figure if that ever happens I'll have bigger things to worry about at that time, and the convenience of burning an optical disc every three months is definitely an inconvenience.
PS: To get friends and family to slowly adopt the seemingly overwhelming task of setting up a password manager to the levels that we have done I have created some easy-to-follow steps in multiple stages that will make it simple and fairly anxiety free, and allow for repetition to create the pathways needed for them to help remember how to do it (and help others).
* If you think that any part of these emails will lead to an account in my name, then you're sorely mistaken. These are just examples.
Comments
If you want revenge on someone, get their apple ID, and just fail login 5x a day to force them to unlock their account daily. It is the most frustrating thing imaginable.
In fact, this change in iOS 12 has allowed me to get even the least tech savvy in my family to setup and use a good password manager.
Everything in that sentence is referring to using a robust, 3rd-party solution, not Apple's anemic solution.
*Looks like the issue with 1Password was in 2016 when they were pushing passwords to save to cloud backup.
And because it's so easy to use I'm now saving money and time while making my family more secure.
I created a family plan (which includes a couple old friends) which is $5/month for up to 5 people and then $1/month for every person after that. I had everyone setup on it send me $12 for the year via ApplePay. That reduces my cost to $1/month, which is much less than buying the app outright or macOS, iOS, and Windows every several years.
It saves time because I don't have to deal with panicked people as much for password issues and since I'm the owner of the 1Password account I have managerial control (which doesn't let me see any of their vault data) but does it make it easy for me send them a way to easily change the "one password" they have to memorize. Additionally, some accounts, like Hulu and Netflix, are shared so if those passwords are ever changed the new data will be synced to the Shared vaults for those that have access without having to send them a message or try reading to them a randomly generated 64-character passcode.
But I digress...on the topic...I've spent a fair amount yesterday and today dealing with this AppleID mess. It actually started on Sunday with the referenced notification. Since then, I've changed a primary AppleID 2 times...just to be sure. Absolute first time I've been engulfed in such shenanigans, which makes me assume, this is widespread.
Actually, it's a good motivator as I'm going through and changing ALL passwords as a precaution. Painful, yes, but I liken it to sleeping...not what I want to do a lot, but some times, you just gotta!
This just shows the fragility of the Apple ecosystem when using their two-factor authentication system that depends on being logged into your Apple ID - NOT SMART. They need to implement timecodes like Google Authenticator timecodes which are not dependent on an active online account. Most major internet services support timecodes, but not the major banks.
Also, note Microsoft's recent downgrade of Windows 10 Pro version to home in the past week. because of an activation server problem too.
In general, this is a warning to have alternative ways to conduct your electronic life. Also, it's a good time double check your Apple security questions.
Fortunately, I had a backup Android phone and had an alternative email for apple to "contact" me.
Also, thinking about switching to Ubuntu for the future because Apple seems hell-bent on wrecking Mac OS X. Do people like the green button on the window that removes the menu bar for "focus" instead of just fully expanding a window, option-click on the green would have been a more clever implementation?
Finally, Apple needs to think about user experience/security/reliability versus things like talking animoji poo piles.
The last thing you need is your most important data locked up, corrupted, or lost by the mess that is Apple's 'cloud' stuff.
Sheesh. They should be called un-security questions. If a company is stupid enough to force you to set them up, the answer you want to something like, 'Where did you go to high school?' should be something like: 4D^qLT6%wl ... and only be used for that one security question for that one account.
And, yes, they won't be able to remember these, or even keep track of them very well w/o learning to use a password manager. IMO, that is required knowledge to have tech no the Internet these days.
Additionally, they also usually need to know your email address or username to gain access. For the reason, I use random usernames and email aliases whenever possible to make it hard for say, one website to have a breach and then have that cross over to another website where a hacker may hope that my email address or username is the same. I used to use a standard alias for the email, like [email protected]*, but now I just use something random, like [email protected]*.
I even use random birthdays for the sites that require it, which can also be used for regaining access. Since I store all this data securely in 1Password there's absolutely no reason for me to not to do these simple things once and save it.
Finally, I have a calendar reminder for me to copy my 1Password vault to a flash drive which I save to a safety deposit box 4x a year. At this point I could probably move that to twice a year since I add so few sites or even change the data too often these days, but every 3 months isn't inconvenience and I do other things whilst at the bank, so it's fine. I don't know if a bank vault and the metal boxes would be a sufficient shield from an EMP, but I figure if that ever happens I'll have bigger things to worry about at that time, and the convenience of burning an optical disc every three months is definitely an inconvenience.
PS: To get friends and family to slowly adopt the seemingly overwhelming task of setting up a password manager to the levels that we have done I have created some easy-to-follow steps in multiple stages that will make it simple and fairly anxiety free, and allow for repetition to create the pathways needed for them to help remember how to do it (and help others).
* If you think that any part of these emails will lead to an account in my name, then you're sorely mistaken. These are just examples.