Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
The New and Insecure Apple ID: My Personal Experience
November 16, 2016
I finally got around to enabling two factor authentication (2FA) for my Apple ID. I know it's late in the game to enable 2FA, but I don't own any Apple devices other than several iPods so the dependency on the Apple ID is less than most others. I do use iTunes as an MP3 player on my home computer. Recently, we upgraded our home computers and I thought, "What the heck. Let's enable 2FA."
The first thing I did was login to manage my Apple ID at https://appleid.apple.com/. I was immediately advised that I had to update my Apple ID. Why? A long time ago, I created a user ID to be used as my Apple ID. Since this was the first time I tried to manage my ID for many years, Apple forced me to update it to my e-mail address. Seriously? The ID I had defined previously is not known to the common man and now Apple required me to use my e-mail address, which is all over the Internet. What genius (bad word choice) thought that was a good idea? Normal logins require two bits of information…your user ID and password. Now Apple forced me to change my Apple ID to a well-known value, therefore only leaving one piece of information private.
After being forced to something incredibly stupid and change my Apple ID to my e-mail address, I attempted to setup 2FA. Apple refused to let me move forward, requiring that I wait three days before configuring 2FA. That's actually a good thing since changing my ID is a major event. If there wasn't a three day restriction, someone could have cranked right though and gained access to my account. Three days later, I was able to configure 2FA, but not without a tremendous amount of pain. I logged on and went to select configuring 2FA. Each time I tried to set up 2FA, the site bounced me out with a message stating that I had to login again because of an inactivity timer. It took me four (4) shots to finally get to the configuration screen. Obviously, there was something wrong with system. At least I thought there was. The next day we went to configure Sharon's Apple ID for 2FA and experienced similar and different problems. Perhaps that experience can be a future post?
Bottom line…I was FINALLY able to configure 2FA, but boy was it painful. Hopefully, other Apple users can easily configure 2FA. Lord knows I would hate to go to some other Apple "genius" to get help.
E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com