Apple iCloud shenanigans - has my dad's Apple ID been hacked?
March 28, 2017 1:03 PM Subscribe
My Dad (75, moderately computer literate) has an iPhone, iPad and a Mac. Tonight I tried to change his Apple ID password for him, but couldn't because 2-factor authentication is switched on; he says not by him. Has his account been hacked, and if so, what should I do?
Dad told me that the Mac wasn't connecting to his iCloud account, and tonight when I started the Mac up and entered his iCloud password, he got a pop up on his iPhone to say that a device near London was trying to use his Apple ID. We are in the UK but not near London so, feeling worried, I clicked the 'Don't Allow' option. Then, to be safe, I decided to change his Apple ID password, but when I tried to do so via Apple's website, I was prompted to enter the 6-digit 2-factor authentication code - however no code had been sent to his phone. Dad says he didn't switch on two-factor authentication, and I don't think he would be able to do it without help. However he did visit the local Apple store a couple of weeks ago, and it is certainly possible that the guys there turned on two-factor and that he has forgotten or didn't pick up on whatever they told him. But I don't know that for sure, and obviously I am well aware that fraudsters will turn on two-factor to get control of your account, so I'm worried.
The phone has subsequently displayed more messages to say that a device near London is trying to use Dad's Apple ID, but these messages have corresponded with me trying to change the password, and no messages have popped up randomly. Additionally, Dad's Broadband provider is BT, and my husband says that back when he used to use BT, his location would often show up as being in south east England even though it wasn't.
Essentially, my goal is to reset Dad's Apple ID password, which I can't do right now because his account has two-factor authentication enabled and I don't know why. I have been looking on the support section of the Apple website and have requested a call for tomorrow morning, which is the soonest I can get one, although I am concerned they may not talk to me (because I am not my Dad and I'm a woman so I can't pretend to be him) but I can't leave my Dad to talk to them himself because he doesn't understand what he needs to ask. I can also go to the local Apple Store if I need to.
I am also wondering if the two-factor authentication code is not getting to my Dad's iPhone because I have clicked 'don't allow' when it asks to allow the log in. If there's nothing sinister going on, maybe I just need to allow the log in to get the code. But if there is something sinister going on, I can't risk doing that.
My questions are: 1. How likely is it that the account has been hacked or that someone is trying to hack the account? 2. How do I reset Dad's Apple ID password / turn off two-factor authentication? (Needless to say, since Dad doesn't know how it got turned on, he doesn't have the backup emergency codes that you receive when you set it up.)
Dad told me that the Mac wasn't connecting to his iCloud account, and tonight when I started the Mac up and entered his iCloud password, he got a pop up on his iPhone to say that a device near London was trying to use his Apple ID. We are in the UK but not near London so, feeling worried, I clicked the 'Don't Allow' option. Then, to be safe, I decided to change his Apple ID password, but when I tried to do so via Apple's website, I was prompted to enter the 6-digit 2-factor authentication code - however no code had been sent to his phone. Dad says he didn't switch on two-factor authentication, and I don't think he would be able to do it without help. However he did visit the local Apple store a couple of weeks ago, and it is certainly possible that the guys there turned on two-factor and that he has forgotten or didn't pick up on whatever they told him. But I don't know that for sure, and obviously I am well aware that fraudsters will turn on two-factor to get control of your account, so I'm worried.
The phone has subsequently displayed more messages to say that a device near London is trying to use Dad's Apple ID, but these messages have corresponded with me trying to change the password, and no messages have popped up randomly. Additionally, Dad's Broadband provider is BT, and my husband says that back when he used to use BT, his location would often show up as being in south east England even though it wasn't.
Essentially, my goal is to reset Dad's Apple ID password, which I can't do right now because his account has two-factor authentication enabled and I don't know why. I have been looking on the support section of the Apple website and have requested a call for tomorrow morning, which is the soonest I can get one, although I am concerned they may not talk to me (because I am not my Dad and I'm a woman so I can't pretend to be him) but I can't leave my Dad to talk to them himself because he doesn't understand what he needs to ask. I can also go to the local Apple Store if I need to.
I am also wondering if the two-factor authentication code is not getting to my Dad's iPhone because I have clicked 'don't allow' when it asks to allow the log in. If there's nothing sinister going on, maybe I just need to allow the log in to get the code. But if there is something sinister going on, I can't risk doing that.
My questions are: 1. How likely is it that the account has been hacked or that someone is trying to hack the account? 2. How do I reset Dad's Apple ID password / turn off two-factor authentication? (Needless to say, since Dad doesn't know how it got turned on, he doesn't have the backup emergency codes that you receive when you set it up.)
It sounds like someone at the Apple store set up 2FA, and your father may not have been aware that that happened. Your attempts to login to the account are being flagged.
Ideally your father would have some recovery codes saved someplace. Maybe you can go back to the Apple store to get some help.
posted by My Dad at 1:35 PM on March 28, 2017 [1 favorite]
Ideally your father would have some recovery codes saved someplace. Maybe you can go back to the Apple store to get some help.
posted by My Dad at 1:35 PM on March 28, 2017 [1 favorite]
1. Not likely. As far as I know, people don't generally turn on two-factor authentication as a way to hack someone's account. It would make getting access more difficult, not less.
Two-factor authentication almost certainly got turned on by your dad at some point -- maybe at the Apple Store and he forgot, or maybe he did it while tinkering in settings and forgot.
Especially if every pop-up about a device in London coincides with your trying to log in. That really indicates those pop-ups come from your log-in attempts, not from a third party trying to access the account.
2. Try clicking "allow" next time you try to log in and see a pop-up. I just tried it with my iPhone (attempting to sign into iCloud from my work computer), and as soon as I click "allow", the code pops up. You can then sign in and either turn off two-factor, or get backup codes, and change the password if you're worried.
(Incidentally, the pop-up was wrong about my location as well. Don't put a lot of weight on that.)
posted by snowmentality at 1:45 PM on March 28, 2017 [3 favorites]
Two-factor authentication almost certainly got turned on by your dad at some point -- maybe at the Apple Store and he forgot, or maybe he did it while tinkering in settings and forgot.
Especially if every pop-up about a device in London coincides with your trying to log in. That really indicates those pop-ups come from your log-in attempts, not from a third party trying to access the account.
2. Try clicking "allow" next time you try to log in and see a pop-up. I just tried it with my iPhone (attempting to sign into iCloud from my work computer), and as soon as I click "allow", the code pops up. You can then sign in and either turn off two-factor, or get backup codes, and change the password if you're worried.
(Incidentally, the pop-up was wrong about my location as well. Don't put a lot of weight on that.)
posted by snowmentality at 1:45 PM on March 28, 2017 [3 favorites]
So recently Apple has included the switch for Two Factor in the Setup Assistant after updates, etc. Most people just click through this and it's very easy to turn it on without realizing it; this is almost 100% what your father did. The location is based on IP location and can vary wildly; as long as it's coming up when you're attempting to sign in, you're fine.
Ideally your father would have some recovery codes saved someplace. Maybe you can go back to the Apple store to get some help. This is for 2 Step Verification, not Two Factor, so he won't have any.
Also, if you do have trouble with Apple Support and they need to speak to your father, ask for a Senior Advisor. They should be well-trained in dealing with this super common scenario and as long as you're receiving the codes on his iPhone when trying to sign into his Mac, you're not actually locked out and you're in good shape anyway. MeMail me if you have specific questions, I do this for a living.
posted by sixfootaxolotl at 2:16 PM on March 28, 2017 [3 favorites]
Ideally your father would have some recovery codes saved someplace. Maybe you can go back to the Apple store to get some help. This is for 2 Step Verification, not Two Factor, so he won't have any.
Also, if you do have trouble with Apple Support and they need to speak to your father, ask for a Senior Advisor. They should be well-trained in dealing with this super common scenario and as long as you're receiving the codes on his iPhone when trying to sign into his Mac, you're not actually locked out and you're in good shape anyway. MeMail me if you have specific questions, I do this for a living.
posted by sixfootaxolotl at 2:16 PM on March 28, 2017 [3 favorites]
Oh and as for changing the password; this should be doable from any Trusted Device; which his iPhone is because it's receiving the Allow prompts. This page is a great resource for you to read over.
To update the password (likely actually unnecessary but I'd never say don't unless you think it'll confuse your father more): Go into Settings on his iPhone. IF it's updated to 10.3 (dropped yesterday) tap on his name at the top of the Settings page and then to Password & Security. It'll allow you to change the password there. You may or may not need to enter the current iCloud password depending on whether or not his iPhone has a passcode unlock set.
If he's not on iOS 10.3 you'll go to Settings > iCloud > tap on his name at the top > Password & Security. Just a different path to the same page.
posted by sixfootaxolotl at 2:26 PM on March 28, 2017 [1 favorite]
To update the password (likely actually unnecessary but I'd never say don't unless you think it'll confuse your father more): Go into Settings on his iPhone. IF it's updated to 10.3 (dropped yesterday) tap on his name at the top of the Settings page and then to Password & Security. It'll allow you to change the password there. You may or may not need to enter the current iCloud password depending on whether or not his iPhone has a passcode unlock set.
If he's not on iOS 10.3 you'll go to Settings > iCloud > tap on his name at the top > Password & Security. Just a different path to the same page.
posted by sixfootaxolotl at 2:26 PM on March 28, 2017 [1 favorite]
This thread is closed to new comments.
Is there anything of value in the iCloud storage? Because changing the password and removing any devices you don't recognize from the account is not too onerous, if in fact you're not sure about what happened.
posted by wnissen at 1:32 PM on March 28, 2017 [1 favorite]