A couple of years ago my son forgot the (3-digit!) PIN for his iPod touch. He tried various possibilities, with the device responding with increasingly long lockouts between attempts, until it locked him out permanently. I'm not an iOS user and I had no idea it would do that. I am still angry that it did. It wasn't associated with a Mac, so we couldn't unlock it that way.
He eventually shrugged and we ended up resetting the device, but he lost various pictures and videos. He had iCloud backups of some things, but it turned out he had been dismissing "your storage is full" warnings for some time.
Then the next day he came home from school, plonked himself down on the sofa, and without a moment's thought typed in the PIN he had forgotten. Of course it didn't work, as we had reset the device by then.
It still makes me wince but at least, unlike in this story, the device could be reset and reused and we didn't lose access to the iCloud backups that did exist. And ours was just operator error, facilitated by an uncaring machine.
>> Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.
Maybe not the wallet for a portable device's PIN; the wallet could easily be included with the theft of the phone/pad/portable. However, it's still a good idea to write down passwords (and maybe print out your private key in an OCR-friendly font) and store them in the fire-safe or safe deposit box or whatever you probably already use for important documents.
Then you don’t understand why this feature exists. The 3 digit pin will get hacked given enough time. The erase was to garantuee that your data is safe.
Tbf - I feel really sorry that this happened to him, but on the other hand, I am extremely glad that a once-locked device can never be unlocked by anyone without a purchase receipt. I'm sure it deters the theft of iPhones/iPads at least a bit if they know the device will become completely useless once locked out.
Even if they know the username and password though? A thief shouldn't know your username and password, and if I have the username and password to a device, I expect to be able to get in.
It just seems to be easier and more likely to have tablet locked forever, especially for a child, this way then have it actually stolen. Also, a mean schoolmate can lock kids device forever if the kid is not looking.
Which sounds like a good reason not to password protect the device.
I have carried around laptops and smartphones for decades now. Not a single one was stolen. Even if one was stolen now, what's the average cost of 'Stuff being stolen' over the years?
I had Laptops with me since the 90s. For over 20 years. If my iPad Pro gets stolen now, that's $1000 over 20 years = $50/year. I don't mind.
I really would love if a Linux distribution would support the iPad so I know I can do with it whatever I like forever.
From a security point of view, they're absolutely doing the correct thing, though account lock-outs also allow for denial-of-service attacks
Maybe we need to not lock people out of their personal iPads forever (just make the person wait 30s between attempts) and if you want stronger security then you actually enable it (because people who want that are "smart enough" to set it)
I think Apple is doing the right thing. The error lays in the user, a) don't rememebr my security questions .... eh well...
B) Apple provides ways to restore everything, two factor, email recovery etc etc, if you didn't take care of your own security for 7 years, what are you crying about? Sometimes I don't get users.
I've actually been having problems recently with my account randomly being locked. I suspect it's bots trying to brute force, but its silly apple would lock my account instead of blocking the requests, especially since I have 2fa. Really annoying resetting my password only to have it happen an hour later. Tech support also has no idea why its happening.
Thing that I just noticed a few hours ago, their password change form has a max of 32 characters and my last apple pass was 64. Wonder if they made a change that broke something?
My kids iPad has been doing the same. It keeps saying we're locked out, and not accepting the (correct) password, and we have to reset the password constantly. No idea why it's happening. I've tried setting simpler passwords (I use KeePass and generate 32char complex passwords by default), but it doesn't help. I never thought of the fact that it could be someone brute forcing it and locking us out, I just shrugged it off as being "typical new-Apple". We're almost completely off Apple devices now because we have so so many problems with them in the last couple years, after being a happy Apple family since the Macintosh SE.
Unfortunate, but perhaps a useful learning experience.
I disable iCloud on all of my Apple devices. Instead, I just make regular backups myself and tolerate different recent content on each device until synced with my Mac, which is backed up as well.
Dealing with giant bueruecracy can be the most frustrating experience. bureaucracy’s are ultimately made of people though and rules can be stretched, broken, or changed. I hope some real human working at Apple sees this, has some sort of power to change things, and is willing to step up to bat for OP’s daughter.
So the device is locked because Activation Lock (Find My iPad) was enabled. But the root problem is the AppleID lockout.
> Apple will not unlock her iCloud account... even though she has never forgotten her password.
This is news to me. Why on earth is she not able to get back in if she knows the password? Did she perhaps enable 2FA when "modernizing" her AppleID and lose access to the 2nd factor? That's the only thing that the Apple support document on this mentions as a reason for requiring more than your password.[1]
The article mentions they don't know the trigger, and neither does Apple, but yes, once its locked, the password is useless, you need the correct answers to your security question or you're screwed.
Not forever, looking at the screenshot - “just” 45 years.
I hope he gets this resolved - otherwise his daughter will have one hell of a digital time capsule to open in her late 50’s - assuming apple or anything else still exists.
Functionality like this is pretty good to deter theft. If thieves can't easily re-enable bricked devices, black market price is much lower, thus there's less incentive to mug people carrying those devices.
> The other day, Apple locked her out of her iCloud account and her iPad. We don’t know why. The Apple support people don’t know why.
Sure seems like an Apple problem. I don't randomly get locked out of my Windows / Linux laptop or Android tablet without reason from the hardware / OS vendor.
> She did not do anything to trigger the Apple ID issue.
I chalk this up to the child not wanting to admit they entered the wrong passcode too many times. iOS devices "disable" themselves after enough failed attempts. This is a good thing - you want this to happen if your device is stolen. "Disabled" only means you need to prove ownership by either:
a) Connecting the iPad (via USB) to iTunes on a Mac or PC that is logged into the same Apple ID account. This is the original method, from the era when desktop iTunes was mandatory to setup and sync iOS devices.
b) Using "Find my iPad" to reset the device via the iCloud web interface. This was added as an alternative when cloud sync/backup was added (ie: when owning a second device running iTunes became optional).
Two critical points from the OP:
1. Inability to provide the birth date and answers to security questions.
2. Inability to access the email account associated with the Apple ID ("her email provider deleted the account about 3-4 years ago").
These are only needed to perform password reset / account recovery for an Apple ID - which tells me they do not even know the Apple ID's password, and cannot provide the information required to recover that Apple ID.
This person's situation is indistinguishable from a stolen device, by a thief who cannot prove ownership of the Apple ID. I say: "working as intended".
You appear to know what you're talking about, but I don't think you've factored this part into your theory:
> The other day, Apple locked her out of her iCloud account and her iPad. We don’t know why. The Apple support people don’t know why. I think it may have to do with when I modernized my AppleID to use an email address, which is what the iTunes account on the iPad is registered to.
I think you're implying that Erica (the OP) needs to use iTunes linked to her own Apple ID to recover this device?
And that the daughter's Apple ID may not be needed at all here?
> This is a good thing - you want this to happen if your device is stolen
How does the device know it's been stolen? It can't possibly tell the difference between "snatched on the bus and in the black market tech's lab" and "oh lol whups I forgot how to used my fingers".
Provide a "my device was stolen" service for the user to initiate lockouts instead (and report the theft to the relevant authorities with location tracking data) imo.
I feel like Apple did nothing wrong here. If they parent/daughter chose to go around every recovery mechanism Apple provided it's their own fault.
Physical possesion of a device should never equal direct access to all its data.
[+] [-] cannam|7 years ago|reply
A couple of years ago my son forgot the (3-digit!) PIN for his iPod touch. He tried various possibilities, with the device responding with increasingly long lockouts between attempts, until it locked him out permanently. I'm not an iOS user and I had no idea it would do that. I am still angry that it did. It wasn't associated with a Mac, so we couldn't unlock it that way.
He eventually shrugged and we ended up resetting the device, but he lost various pictures and videos. He had iCloud backups of some things, but it turned out he had been dismissing "your storage is full" warnings for some time.
Then the next day he came home from school, plonked himself down on the sofa, and without a moment's thought typed in the PIN he had forgotten. Of course it didn't work, as we had reset the device by then.
It still makes me wince but at least, unlike in this story, the device could be reset and reused and we didn't lose access to the iCloud backups that did exist. And ours was just operator error, facilitated by an uncaring machine.
[+] [-] pdkl95|7 years ago|reply
Schneier on passwords[1]:
>> Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.
Maybe not the wallet for a portable device's PIN; the wallet could easily be included with the theft of the phone/pad/portable. However, it's still a good idea to write down passwords (and maybe print out your private key in an OCR-friendly font) and store them in the fire-safe or safe deposit box or whatever you probably already use for important documents.
[1] https://www.schneier.com/blog/archives/2005/06/write_down_yo...
[+] [-] csomar|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] gambiting|7 years ago|reply
[+] [-] Nition|7 years ago|reply
[+] [-] watwut|7 years ago|reply
Which sounds like a good reason not to password protect the device.
[+] [-] jasonkostempski|7 years ago|reply
[+] [-] TekMol|7 years ago|reply
I had Laptops with me since the 90s. For over 20 years. If my iPad Pro gets stolen now, that's $1000 over 20 years = $50/year. I don't mind.
I really would love if a Linux distribution would support the iPad so I know I can do with it whatever I like forever.
[+] [-] raverbashing|7 years ago|reply
From a security point of view, they're absolutely doing the correct thing, though account lock-outs also allow for denial-of-service attacks
Maybe we need to not lock people out of their personal iPads forever (just make the person wait 30s between attempts) and if you want stronger security then you actually enable it (because people who want that are "smart enough" to set it)
[+] [-] xHopen|7 years ago|reply
[+] [-] dawnerd|7 years ago|reply
Thing that I just noticed a few hours ago, their password change form has a max of 32 characters and my last apple pass was 64. Wonder if they made a change that broke something?
[+] [-] rorso|7 years ago|reply
[+] [-] gempir|7 years ago|reply
[+] [-] isomorphic|7 years ago|reply
[+] [-] t_fatus|7 years ago|reply
[+] [-] mratzloff|7 years ago|reply
I disable iCloud on all of my Apple devices. Instead, I just make regular backups myself and tolerate different recent content on each device until synced with my Mac, which is backed up as well.
[+] [-] abalone|7 years ago|reply
[+] [-] zingmars|7 years ago|reply
[+] [-] sgillen|7 years ago|reply
[+] [-] panic|7 years ago|reply
[+] [-] ajaygupta2790|7 years ago|reply
[+] [-] dmurray|7 years ago|reply
https://webcache.googleusercontent.com/search?q=cache:2DyY_x...
[+] [-] askmike|7 years ago|reply
[+] [-] abalone|7 years ago|reply
> Apple will not unlock her iCloud account... even though she has never forgotten her password.
This is news to me. Why on earth is she not able to get back in if she knows the password? Did she perhaps enable 2FA when "modernizing" her AppleID and lose access to the 2nd factor? That's the only thing that the Apple support document on this mentions as a reason for requiring more than your password.[1]
[1] https://support.apple.com/en-us/HT204106
[+] [-] mrkstu|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] madaxe_again|7 years ago|reply
I hope he gets this resolved - otherwise his daughter will have one hell of a digital time capsule to open in her late 50’s - assuming apple or anything else still exists.
[+] [-] dbaupp|7 years ago|reply
[+] [-] b3lvedere|7 years ago|reply
However i agree any electronic device should have the ability to factory reset. Software lock ins are terrible.
[+] [-] pacificmint|7 years ago|reply
As told by whom? It certainly wasn't told to lock up by it's rightful owners.
It's not even clear if Apple actually intended this, or if it was some weird side effect.
[+] [-] mantas|7 years ago|reply
[+] [-] Crontab|7 years ago|reply
[+] [-] rootlocus|7 years ago|reply
Sure seems like an Apple problem. I don't randomly get locked out of my Windows / Linux laptop or Android tablet without reason from the hardware / OS vendor.
[+] [-] jageen|7 years ago|reply
^ For more info.
[+] [-] yoz-y|7 years ago|reply
This issue is actually quite old and I am very surprised (and sad) that is has re-surfaced.
[+] [-] acire|7 years ago|reply
[+] [-] a_rahmanshah|7 years ago|reply
[+] [-] acire|7 years ago|reply
[+] [-] developer2|7 years ago|reply
I chalk this up to the child not wanting to admit they entered the wrong passcode too many times. iOS devices "disable" themselves after enough failed attempts. This is a good thing - you want this to happen if your device is stolen. "Disabled" only means you need to prove ownership by either:
a) Connecting the iPad (via USB) to iTunes on a Mac or PC that is logged into the same Apple ID account. This is the original method, from the era when desktop iTunes was mandatory to setup and sync iOS devices.
b) Using "Find my iPad" to reset the device via the iCloud web interface. This was added as an alternative when cloud sync/backup was added (ie: when owning a second device running iTunes became optional).
Two critical points from the OP:
1. Inability to provide the birth date and answers to security questions.
2. Inability to access the email account associated with the Apple ID ("her email provider deleted the account about 3-4 years ago").
These are only needed to perform password reset / account recovery for an Apple ID - which tells me they do not even know the Apple ID's password, and cannot provide the information required to recover that Apple ID.
This person's situation is indistinguishable from a stolen device, by a thief who cannot prove ownership of the Apple ID. I say: "working as intended".
[+] [-] Spare_account|7 years ago|reply
> The other day, Apple locked her out of her iCloud account and her iPad. We don’t know why. The Apple support people don’t know why. I think it may have to do with when I modernized my AppleID to use an email address, which is what the iTunes account on the iPad is registered to.
I think you're implying that Erica (the OP) needs to use iTunes linked to her own Apple ID to recover this device?
And that the daughter's Apple ID may not be needed at all here?
[+] [-] falsedan|7 years ago|reply
How does the device know it's been stolen? It can't possibly tell the difference between "snatched on the bus and in the black market tech's lab" and "oh lol whups I forgot how to used my fingers".
Provide a "my device was stolen" service for the user to initiate lockouts instead (and report the theft to the relevant authorities with location tracking data) imo.
[+] [-] keepmesmall|7 years ago|reply
https://web.archive.org/web/20180523090007/https://ericasadu...
[+] [-] gaius|7 years ago|reply
Well that sucks, but the vendor did provide an account recovery mechanism which they chose to circumvent.
[+] [-] gempir|7 years ago|reply
[+] [-] KayL|7 years ago|reply