When Apple security tries a little too hard

Apple designs its hardware and software to be safe and secure. It’s one of the benefits of using the company’s products. But, like just about anything else, sometimes a good thing can be too good at what it does.

I’ve been happy in Apple’s ecosystem for years now. I haven’t really had any issues. Sure, there have been some moments where I’ve run into issues. It’s only really popped up when setting up a new iPhone (when iCloud can’t be reached, for instance), or when I’ve had some issues setting up app-unique passwords. But, for the most part, it’s been all rainbows and butterflies.

And then Monday happened. Because of course it happened on a Monday.

I’ll just start with the acknowledgement that I screwed up. But that’s probably why this is annoying me so much — or more so than it might given any other circumstance. But, here’s what happened: on Monday morning, I decided it was about time for me to change my Apple ID password. So I did. The process itself was easy and convenient, and the password changed successfully. I used one of Apple’s randomly generated options, didn’t pay any attention to the new password because I knew Keychain would save it for me, and then I clicked the button to sign out of all my devices after the password changed successfully.

Apple ID Account Website Log In

Except, those things didn’t line up the way I thought they would. Yes, my password changed, and yes, I signed out of all my devices, but it didn’t matter if Keychain saved the password (which it might or might not have, I have no idea) — because I was logged out of iCloud immediately. Even before I had a chance to use Keychain to input the password, I lost the ability to use Keychain because I was logged out of iCloud.

Okay. So I just changed my password to something I have no idea what it is. That’s great on paper, but it doesn’t really help me much in the moment. I move on to the next stage of the process, letting Apple know I forgot my password and going through the process to recover it. And here’s where things fall off the rails.

Tutorial: What to do if you forgot your Apple ID or password

Apple asks me a couple of questions: what’s my phone number associated with my account and what’s the passcode for one of my other devices? I answer these questions correctly and then Apple tells me that, despite the correct information, it’s not quite enough to warrant the company to help me reset my password right then and there. I’ll have to wait a day to get an email or a text message letting me know when I can finish the account recovery process.

All right, so I’m locked out of iCloud for a day. Not the worst thing possible, I guess. Not great! But it’s not the worst.

Right on time, Apple sends me an email this morning, but it’s not an email telling me that I can now recover my account. No, instead it tells me that my phone number is attached to my account as it should be, but now I have to wait until Thursday, January 21, at 8:00 AM before I’ll be able to receive either a text message or phone call letting me know what happens next.

And that’s all I can do. This process is an automated system and there’s nothing Apple Support can do. I just have to wait. Which means I’m logged out of iCloud on all of my devices, so I can’t play a game on my phone that uses GameCenter. I can’t even watch the shows I was watching via Apple TV Channels now. Worse, I can’t use iMessage and I can’t use my iPad to respond to text messages. I can’t download new apps. I can’t update the apps that are on my phone already.

But worse, I can’t use Apple Music. I use this service every single day and it’s just… not possible right now. And that won’t change for a couple more days at least.

This all started because I was going through the process a little too quickly and didn’t think about what signing out would mean in the moment. It’s absolutely my doing and I get that. But the fact that Apple essentially takes a hands-off approach when it comes to the finer details, like account recovery, and just lets an automated system take over feels a little wonky to me.

Worse, the amount of time Apple is making me wait is egregious. By the time this finishes, and that’s saying that I can actually recover my account on January 21, I’ll have been locked out of iCloud and everything that entails for four days. That’s insane. It feels egregious and unnecessary.

One more thing. The fact that the questions Apple asked me and the passcode I needed to enter aren’t enough is strange. Why even go through the motions? I imagine it’s meant to authenticate my account to some extent, which is great. But if it’s not actually going to help me in the recovery process, again, what’s the point? And this is the first time I’ve had any issue(s) with my Apple ID. This feels like the response I should get if I’ve had multiple problems.

I still respect Apple’s attention to detail on this matter, generally speaking. And I still prefer Apple’s methodology to user privacy and security. But I’ve definitely run afoul of the company’s best intentions and it’s not great.

Have you every had any issues with Apple’s security policies? If so, what happened and how’d you get it resolved?