Gerfnicken

seanismorris said:

I don’t think this warrants a lawsuit, but let me tell you a story.

1. I sent my iPhone 6s in for a battery replacement.
2. One day, I woke up and thought “I’m going to wipe my IPad clean”
     - Background: I actually do this several times a year, usually after a significant OS upgrade.  It also cleans of any games, junk, etc. that I    don’t really need.  I do this with the knowledge that I don’t use backup, but my contacts, calendar, shortcuts, passwords will sync back.  

I think you can see my problem.  My 6s has been gone 10 days at this point, and it took a full 2 weeks to get my phone back (bad Apple).

Anyways,  my wiped iPad boots up but I run into 2FA to set up the iPad.  I know everything I need to know (password to AppleID) but what I don’t have is my 6s.  (Apple sends the code to the 6s and there’s no alternative).

I also don’t know my email password because it’s saved in Keychain.

At this point, I also don’t know what happened to my phone.  It should be fixed (it was just a freakin battery) and as of the previous day I’d already reached the highest level of support. (There was no update on Apple’s site that they even received it).  The nice support lady, wanted to call me with an update... no phone.  So, we agreed on email... now no email.

Fortunately, I remembered that I removed the SIM card. So, I went to my T-mobile store and used a display phone to authenticate.  Got my IPad up and running and found my iPhone was found/done and being shipped back.

Moral of the story is 2FA is great, but I really want it tied to something other than Idevice, like a YubiKey.

So, the lawsuit isn’t entirely frivolous.  I also didn’t enable 2FA for my AppleID...  I do want 2FA to log into my devices, but that’s not currently an option.  I don’t care as much about my AppleID password it’s really really complex... as in come back in a few 100 million years (cracking it with today’s tech).