I pit Apple. MotherFuckingAppleID, forcing a password change

[Bullitt]

I usually stay out of the pit. Not today. I need to rant a little. I pit Apple. MotherFuckingAppleID.

I just went to log in to my Apple ID. I enter user name and my standard password. uName and pwStd (password-standard, my shorthand for my notes).

Apple then does its two-factor authentication but, and get this, stupid Apple sends the 6-digit code to the very device I am using! It doesn’t send it to my email, or to my phone. It displays it right on this device. The fuckingIDIOTS! ==> Pit reason #1.

Yeah, fucking geniuses, I feel really confident you morons can protect my account and data. Stupid.

I enter the 6 digits, and the next form that displays is requiring me to change my password. But I don’t want to change my password. I like my password!

So I cancel out and I try it again. Sure enough, 2-factor auth does the same stupid thing, and then I still land at the same required password change form.

I don’t change it. I do a quick search, and from some brief reading it looks like I must change it, there’s no way around this. I’ve been an Apple user for 15+ years. Never had to do this before. Now, realize that my current pwStd is a good one. It has upper and lower cases, numbers, and special characters. And it is 15 characters long. I have it committed to memory, I like it, and I Don’t Want To Change It.

But Apple says Dear Bullitt, you are fucked, you are forced to change it. ==> Pit reason #2.

So I change my password, and I do so by taking my standard password and appending to the end of it a helpful and descriptive phrase. I choose to append this — fuckingAppleIsPissingMeOff! Including the “!”.

Yeah, I can remember that. Easily. So where my prior password was , my new password is now fuckingAppleIsPissingMeOff! (emphasis mine) In my notes (electronic of course), I never write the entire password. I only wrote “pwStdfuckingAppleIsPissingMeOff! “ Without the quotes. I figure I’m pretty safe that way. I can remember pwStd. And fuckingAppleIsPissingMeOff! is easy to remember.

So. Password changed. I should be good, right? Noooooo…

I log in with my new password. IT FAILS. I cannot get into my account. I think I’m royally fucked. I try it again. And again. I’m fucked. Apple fucked me. ==> Pit reason #3.

So yeah. I pit Apple. MotherFuckingAppleID!

[Bullitt]

But this story ends well, because while I was writing this OP I went over to my Apple ID logon again. Lo and behold, it now works! Apparently Apple’s system needed a little time to update.

I am in. (Whew!)

But still I pit Apple. MotherFuckingAppleID.

[Senegoid]

The next time I don’t buy any Apple product or service, I’ll be sure to let them know that Bullitt offered me this insightful advice!

Thanks, @Bullitt for the heads-up. (As if I was ever going to buy anything from Apple anyway.)

[nightshadea]

didn’t some apple service has a huge data breach recently? I don’t remember since I don’t pay much attention to apple anything,

But yeah a few years ago bank of america made me change atm cards 3 different times because of a data steal and I had to change a lot of things to the point I started using autofill so I only had to change it once …

[Ike_Witt]

You’re upset that you’ve been forced to change your password once in 15 years?

[naita]

He was probably a bit on edge due to some kids being on his lawn earlier.

[Dewey_Finn]

Bullitt:

Apple then does its two-factor authentication but, and get this, stupid Apple sends the 6-digit code to the very device I am using! It doesn’t send it to my email, or to my phone. It displays it right on this device. The fuckingIDIOTS! ==> Pit reason #1.

As for that, I think it’s up to you what number or email address they use for the two-factor authentication and you can certainly choose a different phone.

[AHunter3]

They are the most annoying out of a whole parcel of “you must change your password” vendors.

for presumably obvious reasons I’m not giving out my Apple ID password here, but I will tell you that it is something along the lines of %$&2334etg9q3wetg is still my motherfucking password

because I’d memorized an arcane string of characters and didn’t feel like dustbinning that and starting over. But they accept entire sentences as passwords.

[Spice_Weasel]

I can’t endorse this Pitting hard enough.

Did you know that if you don’t own a second Apple device you have to wait two goddamn weeks to reset your password?

Did you know that the worst possible time to have that happen is when you’re trying to schedule a service appointment?

[FordPrefect]

That happened to a co-worker… with his work phone.

Never send a kid’s toy to do a grown-up’s job.

[Bullitt]

Dewey_Finn:

Bullitt:

Apple then does its two-factor authentication but, and get this, stupid Apple sends the 6-digit code to the very device I am using! It doesn’t send it to my email, or to my phone. It displays it right on this device. The fuckingIDIOTS! ==> Pit reason #1.

As for that, I think it’s up to you what number or email address they use for the two-factor authentication and you can certainly choose a different phone.

They have my email. Instead of sending the verification code there, they pop it on the very device being used.

Bad form.

[Richard_Pearse]

Bullitt:

They have my email. Instead of sending the verification code there, they pop it on the very device being used.

Can you access email on your phone?

[Bullitt]

Richard_Pearse:

Bullitt:

They have my email. Instead of sending the verification code there, they pop it on the very device being used.

Can you access email on your phone?

Good point.

[wguy123]

A lot of MFA factors pop-up on the device you are using. There are good ways to do MFA and less good ways. They are all better than no MFA.

[DorkVader]

as a new apphell clone myself, I’ve discovered the phones at least do not have a learning curve, it goes straight up. One thing I did discover though is that you can have “trusted numbers” and that whilst password wrangling you can have the tfa sent to one of those as an alternate. apphell really likes it when it’s another apphell device.

“Trust me,I know”

[BigT]

wguy123:

A lot of MFA factors pop-up on the device you are using. There are good ways to do MFA and less good ways. They are all better than no MFA.

There are some cases where I would say same-device MFA is useful. These would be when it’s being used to verify that you have access to that device. However, such isn’t really necessary with an Apple device, since it can tell if you’re using the same iPhone.

In this case, it seems it’s more of a one-size-fits-all approach. They use the same MFA no matter how you access your account. It would mainly be useful if you try to manage your AppleID account on a computer.

It would be better if it just forced you to use the fingerprint system to access the account. Then, even though it send the request to the same device, you still have to have something extra (your fingers) to use it. Of course, they could just use the biometric settings as the password to begin with, and keep it encrypted well enough that a breach isn’t a problem.

[nightshadea]

it could be worse … your bank’s idea of fixing a data breach is sending you a new atm card with a new number and a new pin… the first time I was merely annoyed …

When it was the 3rd time in 8 weeks i was homicidal and I just use PayPal or my bank account number on everything that accepts it so I don’t have to change it on 30 accounts …

[Broomstick]

Dewey_Finn:

As for that, I think it’s up to you what number or email address they use for the two-factor authentication and you can certainly choose a different phone.

“Choosing a different phone” only works if you actually have another phone.

BigT:

It would be better if it just forced you to use the fingerprint system to access the account. Then, even though it send the request to the same device, you still have to have something extra (your fingers) to use it.

Just don’t injure your fingers, ever.

[Bullitt]

nightshadea:

it could be worse … your bank’s idea of fixing a data breach is sending you a new atm card with a new number and a new pin… the first time I was merely annoyed …

When it was the 3rd time in 8 weeks i was homicidal and I just use PayPal or my bank account number on everything that accepts it so I don’t have to change it on 30 accounts …

I have two CCs because of this. One I use for daily purchases, and the other I use only for recurring charge accounts. #1 often gets fraud alerts, as you would expect. It is often changed / replaced by my bank. #2 is stable and changes every 3-5 years.

Because of the fraud alerts on #1, I have a backup, so I really have #1a and #1b.

ETA — and this topic now connects to another thread,

‘Cash is king.’ Oh really? Is it? Do you carry cash? Are you plastic always, all the time? Miscellaneous and Personal Stuff I Must Share

I’m same as OP, other than not having a special stash of $2s. Cash is for emergencies only. There’s a bigger stash at home for a zombie apocalypse (post-hurricane widespread long-term power outage really), a smaller stash in the car for buying emergency car repairs on the interstate, and a hundred-ish worth in my wallet for CC problems while traveling/working. And I carry multiple CCs to further reduce that latter risk.

[TheCuse]

Broomstick:

Dewey_Finn:

As for that, I think it’s up to you what number or email address they use for the two-factor authentication and you can certainly choose a different phone.

“Choosing a different phone” only works if you actually have another phone.

Well, why would someone choose a different phone if they didn’t have one?