Beware the Apple Two Step Authentication

I was recently browsing Facebook (of course) and scrolled past an article by The Next Web entitled The dark side of Apple’s two-factor authentication. I didn’t click it, but due to my having two step authentication on, thought to myself, I’ll have to take a look at that later.

Then it happened.

I got locked out of my own Apple ID.

Recently I have purchased a new iPhone. And in the process hadn’t even thought to update my trusted devices. In all honesty, I thought it would automatically recognise it once I had verified it from my previous iPhone’s backup. And I had also authorised my iPad as a trusted device. So, I wiped my old iPhone.
It wasn’t until I tried to purchase a new app and it required me to send a verification code that I realised my dilemma. I have no verified device, and can’t access my Apple ID to change it.

I frantically started Googling for answers. I read the Apple support page detailing how to access your two-step-authentication-enabled Apple ID. And you need the Recovery Key. Without any two of the required keys (password, trusted device and recovery key), you are stuffed. Apple’s only suggestion being to create a new Apple ID.

No. I have many purchased apps, music and subscriptions attached to my Apple ID. I can’t create a new one.

I then went and read the article above by Owen Williams. He has an issue where his trusted device, which he had, wasn’t receiving the codes. This after someone else had tried to hack his account.
I read on in the hope of finding a solution. A simple fix or workaround. Turns out, Apple literally tells you there is nothing they can do. Shit.
Williams’ saving grace was that he found his Recovery Key in a photo on one of his backups. I couldn’t even remember writing it down. When had they enabled this? Where was I? I have moved since then, did I take a picture?

I searched for quite some time through pictures, drawers, folders, emails and cloud drives hoping there would be something. Nothing.

Thankfully, I still have my old phone as I’m waiting for my brother to pick it up. So, my last thought was to restore my old iPhone from a backup and hope that it would recognise it as my trusted device. I turned it back on and went to restore from iCloud… but I needed a verification code from a trusted device to restore. Bugger.
Maybe I have a backup on my laptop? I plugged it in and I did have one. From over a year ago. Fingers crossed it will work.

I restored from the iTunes backup and went through enabling the iCloud account. Then I sent a verification code. And there it was. On my old phone. Thank god.

I immediately went through and changed my trusted devices and Recovery Key. I wrote that bad boy down. And took a photo. And a screenshot. No way am I losing that again.

So, my plead with you fine folks is please keep your recovery keys safe, change your trusted devices and have a secure password. In this day of security crackdowns and with more of our life stored online, it has never been more important. And please, please, please have a local backup.

‍