Has anyone had 2fa on and given the correct numbers, answered security question correctly, given your correct phone number and apple email and still have Apple refuse to give you access to your account ICloud?
iMac 24″, macOS 26.1
cozyhomelife wrote:
I used comma's to make a distinction between the optional security responses.
The use of the “comma’s” there also unfortunately obfuscated the intended question.
Verification codes are what some major and minor companies send you through email as a security feature to give you access to your Bank account or credit card account.
Verification codes are a second factor used as an authenticator, usually used in addition to a password.
You just described an identifier. You answered your statement without asking for it.
Identifiers identify a person or account or other resource. Phone numbers, email addresses, and US social security numbers are all examples of identifiers, not of authenticators. They are intentionally known to others or intentionally fully public, and are accordingly not (reliably) useful as authenticators.
While the telephone number itself is not an authenticator, possessing access to the phone configured for a trusted telephone number is used as an authenticator by Apple for many two-factor authentication configurations, the security problems known with that approach aside.
When enabled, two-factor authentication support on Apple platforms does not include security questions. At all. When two-factor authentication is enabled, the security questions previously when configured are purged after two weeks.
As for your (rejected) account recovery request, one detail that has triggered the denial of a recovery request is the continued use of the equipment during the account recovery. Only the device that requested the recovery can continue to be used. Use of all other equipment associated with the Apple Account must cease for the duration of the account recovery processing.
Whatever authentication you could provide for account recovery was clearly deemed insufficient by Apple. Why that recovery was denied, we do not know.
cozyhomelife wrote:
I used comma's to make a distinction between the optional security responses.
The use of the “comma’s” there also unfortunately obfuscated the intended question.
Verification codes are what some major and minor companies send you through email as a security feature to give you access to your Bank account or credit card account.
Verification codes are a second factor used as an authenticator, usually used in addition to a password.
You just described an identifier. You answered your statement without asking for it.
Identifiers identify a person or account or other resource. Phone numbers, email addresses, and US social security numbers are all examples of identifiers, not of authenticators. They are intentionally known to others or intentionally fully public, and are accordingly not (reliably) useful as authenticators.
While the telephone number itself is not an authenticator, possessing access to the phone configured for a trusted telephone number is used as an authenticator by Apple for many two-factor authentication configurations, the security problems known with that approach aside.
When enabled, two-factor authentication support on Apple platforms does not include security questions. At all. When two-factor authentication is enabled, the security questions previously when configured are purged after two weeks.
As for your (rejected) account recovery request, one detail that has triggered the denial of a recovery request is the continued use of the equipment during the account recovery. Only the device that requested the recovery can continue to be used. Use of all other equipment associated with the Apple Account must cease for the duration of the account recovery processing.
Whatever authentication you could provide for account recovery was clearly deemed insufficient by Apple. Why that recovery was denied, we do not know.
Forgetful account holder, or a miscreant attempting malicious access? Problematic password practices possibly involving password re-use, or is this a scam account take-over request? We can’t tell which.
Apple has more context certainly, but also goes to so e effort to maintain account privacy. Apple has policies that try to allow legitimate account owners to regain account access, while also blocking social-engineering attempts seeking to perform account take-over. Making recovery too easy means we all inevitably get taken over, too.
Two-factor authentication does not have security questions, which can mean that two-factor authentication was not enabled here. Among the unfortunately-common outcomes is password compromise or password re-use and without two-factor authentication enabled (or the two-factor gets phished), and the results of that account compromise are commonly complete account loss — the account take-over is complete and irrecoverable.
Knowing somebody’s a phone number and email is common.
If you can’t demonstrate your case for account recovery sufficient to meet Apple policy, nobody here can assist.
I am confused about what kind of security you are using. 2fa does not use security questions.
Knowing an email address is not proof of anything. The email address is the very definition of an account identifier.
It is still tough to follow what point you are trying to make. If you just want to know if it is possible that you will not be able to access your account if it has been locked, absolutely and you will then have to create a new Apple Account. You can see that here:
When you request access to your locked Apple Account, you might get an alert that says, “This Apple Account is locked and can’t be used” or your request might be denied.
If you can’t regain access to your Apple Account, you can either:
If your Apple Account is locked, not active, or disabled - Apple Support
If you can’t regain access to your Apple Account, you can either:
• Create a new Apple Account
If you need help removing Activation Lock and have proof of purchase documentation, you can start an Activation Lock support request• .
I just provided Apple feedback about that since it is more an "and" and not an "either" list of actions. If you lose access to the old account you can create a new account so that you can use it with the old device after having Apple reset it to remove Activation Lock. Do both, not one or the other.
Limnos wrote:
I just provided Apple feedback about that since it is more an "and" and not an "either" list of actions. If you lose access to the old account you can create a new account so that you can use it with the old device after having Apple reset it to remove Activation Lock. Do both, not one or the other.
That is correct for any account that is signed into a device, you would have to remove the account with the Activation Lock request AND also create a new account to sign into that device.
I suppose it is possible to have a Locked account when attempting web access where it is not signed into a device, but that is not the case for most that have their account locked and the screenshot in the Support Article shows an iPhone where you see the message.
Good catch and I also think Apple could make that Support Article clearer.
I used comma's to make a distinction between the optional security responses. Verification codes are what some major and minor companies send you through email as a security feature to give you access to your Bank account or credit card account. You just described an identifier. You answered your statement without asking for it.
You: The use of the “comma’s” there also unfortunately obfuscated the intended question.
Merriam - Webster dictionary: " Comma a punctuation mark, used especially as a mark of separation within the sentence."
I used the word "Distinction" when replying to another person reply to me. Obviously you read the post.
All replies will be taken into consideration. Thank you
cozyhomelife wrote:
Has anyone had 2fa on and given the correct numbers, answered security question correctly, given your correct phone number and apple email and still have Apple refuse to give you access to your account ICloud?
You omitted an "or" and and at least one additional comma. Even then the sentence is confusing.
"Has anyone had 2fa on and given the correct numbers, or answered security question correctly [the part about the email address is irrelevant since it is not a secure identification method], and still have Apple refuse to give you access to your account ICloud?"
This isn't English composition lesson at school but if your questions are not clear then we struggle to make sense of them. That in turn makes it hard to provide concise replies.
What more security does Apple need?
