Click to Skip Ad
Closing in...

Apple’s two-factor authentication on iTunes can easily turn into your worst nightmare

Published Dec 9th, 2014 10:25AM EST
iTunes Two-Factor iTunes Authentication

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Apple this year has worked to improve the privacy and security features that protect iOS, OS X and iCloud users, particularly following the embarrassing nude celebrity hacks from September, which were possible thanks to phishing attacks that managed to steal the Apple IDs and passwords of the victims. Apple insisted at the time that users enable its two-factor authentication iTunes security feature to better protect their accounts, but The Next Web reveals that the feature is so secure that it can turn into your worst nightmare in an instant.

FROM EARLIER: The iPhone 6 might be low-res, but Apple’s highest-resolution device ever is coming soon

As TNW’s Owen Williams discovered, as soon as a third-party tried to log into his iTunes account, the system blocked the attempt, as that person did not have access to the second authentication method. But in the processes, the security system also left Williams out of his account with only one option available to him to unlock it, a two-factor recover key.

This is where things can take a turn for the worse for many users who likely don’t keep track of where they left the copy of their two-factor recovery key, something that also happened to Williams.

“I began nervously scouring the entire house for the code, before giving up after a few frustrating hours and began searching my computer for any trace of it,” he said. “I found countless ‘recovery keys’ but they weren’t for the right things; for my Mac’s hard-drive encryption, Twitter, Facebook and other accounts, but not for my Apple ID.”

He tried looking for help from Apple support, but he consistently hit a wall. Without a recovery key, he would have to ditch that Apple ID forever, as the company could not restore access to him, support staff repeatedly told him, emphasizing the fact that Apple takes security very seriously.

“This is when it began to sink in that this single ID held the keys to much of my digital life; everything from iTunes purchases going back seven years, app purchases and even the ability to get my iPhone out of the grips of Find my iPhone’s lock,” Williams added.

After many futile attempts to convince Apple support to help out, the writer finally found a picture of an iPhone screen showing the recovery key he needed, in the “depths” of his time machine backups.

“What’s perplexing is it wasn’t even technically my fault. Someone tried to guess their way into my account and it was locked as a result; I didn’t do anything wrong, yet I was entirely locked out because I couldn’t find the key,” he added, looking back at the incident.

“This isn’t the case when your account is locked; what Appledoesn’t tell you is that when your account is locked (because of too many attempts) your password is not a valid recovery option and you’ll need your recovery key.”

“From now on, I’ll know exactly where each recovery key is. I urge you to do the same,” he said.

The full story detailing this particularly annoying security incident is available at the source link below.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.