46 1 1020KB
EBOOK EXTRAS: v1.1
Downloads, Updates, Feedback
YOUR APPLE ID TAKE CONTROL OF
by GLENN FLEISHMAN $7.99
Table of Contents Read Me First ............................................................... 4
Updates and More ............................................................. 4
Basics .............................................................................. 5
What’s New in Version 1.1 .................................................. 5
Introduction ................................................................ 6
Apple ID Quick Start .................................................... 7
Where to Log In with Your Apple ID ............................ 8
Understand Your Apple ID ......................................... 10
What’s an Apple ID? ........................................................ 10
From a Murky Past, Apple ID Emerged ............................... 11
How Apple Uses the Apple ID ............................................ 13
Prevent Apple ID Problems ........................................ 19
Make Sure You Can Self-Recover ....................................... 19
Avoid Losing Access ......................................................... 21
Use Two-Factor Authentication .................................. 23
How 2FA Works ............................................................... 23
Enable Apple’s 2FA .......................................................... 25
Log In with 2FA ............................................................... 28
Work with 2FA ................................................................. 32
Troubleshoot 2FA Problems ............................................... 36
Manage Multiple Apple IDs ........................................ 41
Use Separate Accounts for Purchases and iCloud ................. 41
Work with Apple ID Across Countries .................................. 43
Manage Two iCloud Accounts ............................................. 46
Split or Migrate Apple IDs .......................................... 49
Split an Apple ID Between Two People ................................ 49
Migrate from One Apple ID to Another ................................ 57
2
Cope with a Hack of Your Apple ID Account ............... 59
Recognize an Attack in Progress ........................................ 59
Stop an Attack in Progress ................................................ 60
Solve Common Problems ........................................... 63
Set Up 2FA Without a Device ............................................. 63
Reset Your Password ........................................................ 64
Deal with a Locked Account .............................................. 66
Update a Credit Card for Purchases .................................... 67
Manage an Unavailable Email Address ................................ 68
Cope with an Account Lost Forever .................................... 69
Appendix A: Legacy Apple ID Issues .......................... 71
Deal with Accounts Without Email Addresses ....................... 71
Handle Two-Step Verification ............................................. 71
About This Book ........................................................ 75
Ebook Extras .................................................................. 75
About the Author ............................................................. 76
About the Publisher ......................................................... 77
Copyright and Fine Print ............................................ 78
3
Read Me First Welcome to Take Control of Your Apple ID, version 1.1, published in February 2019 by alt concepts inc. This book was written by Glenn Fleishman and edited by Scholle Sawyer McFarland. This book offers all the information you need to manage your Apple ID, from setting up two-factor authentication to using it with Apple’s various services and stores, including troubleshooting access to your account if (or, perhaps, when) something goes wrong. If you want to share this ebook with a friend, we ask that you do so as you would with a physical book: “lend” it for a quick look, but ask your friend to buy a copy for careful reading or reference. Discounted classroom and Mac user group copies are available. Copyright © 2019, Glenn Fleishman. All rights reserved.
Updates and More
You can access extras related to this ebook on the web (use the link in Ebook Extras, near the end; it’s available only to purchasers). On the ebook’s Take Control Extras page, you can: • Download any available new version of the ebook for free, or buy any subsequent edition at a discount. • Download various formats, including PDF, EPUB, and Mobipocket. (Learn about reading on mobile devices on our Device Advice page.) • Read the ebook’s blog. You may find new tips or information, as well as a link to an author interview. If you bought this ebook from the Take Control website, it has been added to your account, where you can download it in other formats and access any future updates. However, if you bought this ebook elsewhere, you can add it to your account manually; see Ebook Extras. 4
Basics
To review background information that might help you understand this book better, such as finding System Preferences and working with files in the Finder, I recommend reading Tonya Engst’s ebook Take Control of Mac Basics.
What’s New in Version 1.1
In version 1.0, I didn’t cover comprehensively enough how to enable two-factor authentication (2FA) for an Apple ID when you don’t use that Apple ID for iCloud with any current device under your control. This is now more fully documented in case you have such an Apple ID. See Set Up 2FA Without a Device. This is particularly helpful for people in the Apple Developer program who have an Apple ID devoted to development but not iCloud, as Apple announced in early February 2019 that all Apple IDs used for development must have 2FA enabled. I also explained more fully how to trigger sending a 2FA verification code via SMS or an automated voice call if you don’t have access to a trusted iOS or macOS device. See Log In with 2FA by SMS or Voice Call.
5
Introduction Your Apple ID is the center of your identity when it comes to managing Apple accounts and gear. It’s your iCloud login. It lets you prove you own hardware devices. It’s associated with purchases and subscriptions you make at Apple’s various stores. It can also be used to lock a stolen or lost iOS device or Mac, protecting your data and turning the device into little more than an expensive doorstop. It can be used to track missing hardware, too. But Apple’s security for this important ID is so robust that it can sometimes trip you up. You may run into trouble if you forget a password or your password seemingly stops working; when you lose trusted devices or phone numbers; when a credit-card number expires or a card number is stolen and deactivated; when you can no longer receive email at the main address registered to your Apple ID; or when you move or travel from one country to another. Additionally, Apple engages in strong automated account security monitoring that alerts it when people try to access your account without proper credentials, like your password. That means that even if you never have a problem entering a password yourself, someone else trying to hijack your account could lock you out. Unfortunately, when something goes wrong with an Apple ID, you’re often left to flounder. Apple’s online and phone support may provide conflicting or incorrect information, or you may be told there is nothing they can do to help. That’s where this book comes in. This book covers how to manage an Apple ID on the Apple ID website, and in iOS, macOS, Windows (iCloud and iTunes), and Android (Apple Music). I’ll help you navigate account security, especially enabling and managing two-factor authentication to reduce the potential that even a stolen password could offer up access to your account. I’ll explain how to manage multiple Apple IDs (and why you might intentionally set more than one up). And you’ll learn a lot about getting out of trouble if any of that lengthy list of issues above ever happens to you. 6
Apple ID Quick Start Because an Apple ID gets used in so many different ways, you likely want to jump to specific chapters that address your immediate needs, and then read background information as appropriate. Learn the basics: • You can manage and modify your Apple ID settings from a number of places. Learn Where to Log In with Your Apple ID. • From iTunes to iCloud, your Apple ID is the key. Explore the many ways Apple uses it in Understand Your Apple ID. Take action to keep control of your account: • Take a few precautions up front to Prevent Apple ID Problems. • Make your account more secure by requiring a token to complete the Apple ID login process. Read Use Two-Factor Authentication. Work with multiple Apple IDs: • Many of us wound up with two (or more Apple IDs). I cover how to deal with that in Manage Multiple Apple IDs. • If you’re ready to stop sharing an Apple ID or need to create a new one, I walk you through the steps in Split or Migrate Apple IDs. • Spend a lot of time abroad? Discover winning strategies for when you need to Work with Apple ID Across Countries. Solve problems: • It can be particularly unnerving when hackers attack. I talk you through how to Cope with a Hack of Your Apple ID Account. • From resetting your password to updating a credit card, learn how to Solve Common Problems. • Used Apple products for ages? Your Apple ID may have some eccentricities. That’s covered in Appendix A: Legacy Apple ID Issues. 7
Where to Log In with Your Apple ID You can manage and modify your Apple ID settings, such as passwords and associated personal information, from a number of places. I’ll refer to these throughout the book, but here’s a summary of how to reach each one: • The Apple ID website: Some Apple ID settings can only be dealt with at appleid.apple.com, like generating app-specific passwords with two-factor authentication, while most account details can be changed either at the site or in iOS or macOS (Figure 1).
Figure 1: Use the Apple ID website for many account-related modifications and updates.
• Apple’s iForgot website: Visit iforgot.apple.com when you need to reset a password or recover other lost account details. • Account settings in iOS: Open Settings, tap your account name, and tap Password & Security for authentication-related stuff. The 8
iCloud and iTunes & App Store sections control which account is registered for those purposes. You can also change which Apple ID you use for a particular service by going to, for example, Settings > Messages > Send & Receive or FaceTime > Settings. • iCloud preference pane in macOS: Manage all iCloud settings for an associated Apple ID at Apple > System Preferences > iCloud. • iCloud app in Windows: Windows users will find everything for iCloud in this app. • iTunes in macOS and Windows: Manage which Apple ID you use in the iTunes Store to purchase and download media by going to Account > View My Account. • Books in iOS and macOS: The Apple Books Store has its own Apple ID login. Find it in the app at Store > Sign In. • App Store in macOS: The Mac App Store also manages its own Apple ID login at Store > Sign In. • Apple Music: The Apple Music app in iOS and Android and Apple Music within iTunes for macOS and Windows all relies on an Apple ID. • Find My iPhone/iPad in iOS: This app can help you find a lost or stolen device as well as recover a lost account password. I discuss how in Reset Your Password.
9
Understand Your Apple ID Your Apple ID acts as a sort of informational and financial clearinghouse for all the ways in which you interact with Apple’s hardware, apps, and services. As a result, it sometimes feels like 20 pounds of flour crammed into a 5-pound sack. Fundamentally, Apple IDs are usernames with passwords attached, but because they’re used in so many different ways, they’ve accrued a lot of disparate data and responsibilities. You see this as a user in the Apple ecosystem. You have to enter your Apple ID and password over and over (and over) again, because Apple oddly decided to not use some kind of centralized credential control systems for many of its different services. Every service seems to have its own login dialog and procedure. In this chapter, I introduce how the Apple ID evolved, what the credentials are used for, and all the many places in which you might be called upon to enter one.
What’s an Apple ID?
An Apple ID account always comprises two parts: a username that’s in the form of an email address, which is also the primary way for Apple to reach you; and something that authenticates you—a way to prove you’re the valid holder of the account. While an Apple ID can have multiple email addresses associated with it, for backup communications and rescue purposes, it only has a single password associated with it. Depending on the way your account is set up, authentication may be through a password or a password plus a login token. I explain how login tokens work in Use Two-Factor Authentication.
10
From a Murky Past, Apple ID Emerged Long-time Mac users will remember that Apple started offering cloudbased services many years ago, before the term cloud began to mean “a bunch of servers that appear like one entity and I don’t know where any of the hardware is.” Apple started its internet-based offerings under the name iTools in 2000, not long after Steve Jobs resumed control of his company (Figure 2). It included some online storage and let you host a website.
Figure 2: The original Apple cloud service: iTools.
iTools also let users claim a unique account name—one that for many of us persists as at least one of our Apple IDs! A friend registered my
11
iTools name in Seattle while I was at the Apple keynote in San Francisco listening to Jobs introduce the system. (Thanks, Geoff!) iTools morphed into .Mac in 2002. This service increased storage and added email and other features. It expanded to become MobileMe in 2008, with email, contacts, and calendar updates and syncing friendlier to the iPhone (Figure 3).
Figure 3: MobileMe replaced .Mac, which replaced iTools.
Apple settled on the name iCloud in 2011. This service became a superset of everything that a user stores or syncs across devices or exclusively in the cloud: events, contacts, email, photos, and music. It’s also regular old cloud storage in the form of iCloud Drive. Third-party apps can use iCloud for sync and storage as well. While Apple expanded and renamed its cloud services, it also added iTunes purchase, starting in 2003. However, you couldn’t buy stuff in iTunes using your preexisting .Mac account. You had to set up an iTunes account to make purchases—and if you didn’t use your .Mac email address to set up your iTunes account, now you had two different Apple accounts. The iTunes-based account eventually became the way to identify yourself in Apple’s online stores, including its hardware and software store, and in Apple apps in Android and Windows. 12
Note: This history is why many of us who have been in the Apple world for a long while have two Apple IDs: Apple effectively migrated all its cloud-services accounts and its store accounts to the same Apple ID system. However, if you used an email address other than your mac.com address, you wound up with two Apple IDs. Apple never gave us an opportunity to merge information. That continues to haunt them (and us), and is part of the reason this book exists.
Where does Apple ID fit into this? An Apple ID has never managed anything in the cloud, but it evolved from both a cloud services account and a purchasing account to be your key to everything you sync or store with Apple and purchase from Apple. An Apple ID is really just a username with a password attached. Note: I’m not even including AppleLink in this historical review, the company’s dial-up service for dealers and employees to get technical support that expanded to software developers and, as AppleLink Personal Edition, individual users. It evolved into…AOL. I kid you not. Nor shall I mention eWorld, an AOL-like service that was expensive and not very interesting.
How Apple Uses the Apple ID
Apple uses Apple IDs as the ownership credentials for a host of different kinds of data, behavior, and commerce. The notion of the Apple ID gets commingled with iCloud, because that single ID is also used to link up most of your iCloud behavior. Let’s look first at how Apple uses Apple ID, and then at the difference between an Apple ID and its iCloud ecosystem.
13
What Does Apple Mean by an “iCloud Account”? Apple uses the term “iCloud account” on its support site, but an
“iCloud account” is just a subset of an Apple ID account. You can’t
use iCloud without an Apple ID.
Apple wants to distinguish between features that rely on iCloud storage, sync services, and website, and those that relate more broadly to an Apple ID’s usage for purchasing items, developers, and other purposes.
One Account, Many Uses My goodness, but Apple relies on the Apple ID for a lot of different purposes, only some iCloud related. This is complete a list as I’ve come up with, but I wouldn’t be surprised if I missed nooks and crannies: • iCloud sync: iCloud syncs contacts, calendar, photos, and music— whether personally recorded, ripped locally, or purchased in unlocked form from another store (Figure 4). Some kinds of sync require a separate subscription or may require the purchase of additional iCloud storage beyond the 5 GB included free with an iCloud account.
14
Figure 4: The iCloud preference pane in macOS is one of many locations where you can manage aspects associated with an Apple ID. (My account name blurred out in figure.)
• Email: If you have a mac.com, me.com, or icloud.com domain name, your Apple ID effectively doubles as an email address accessible from iCloud.com (the website and associated mail services). • Storage: iCloud Drive as well as Apple and third-party apps that use iCloud storage are associated with your Apple ID, too. You can manage storage and make payments for storage using details stored in an Apple ID account. • Purchases: Your Apple ID records purchases at the iTunes Store, iOS App Store, Mac App Store, and Apple.com. You also use your Apple ID to make purchases on devices, such as in-app purchases in iOS and movie/TV purchases and rentals on an Apple TV. • Subscriptions: Your iTunes Match, Apple Music (in iOS, macOS, Android, and Windows), and iCloud storage subscriptions are all linked to your Apple ID. • macOS FileVault: Apple optionally lets you store a macOS FileVault recovery key in iCloud, locked with your Apple ID. 15
• macOS login: You can link a macOS account with iCloud using an Apple ID so you can log in even if you’ve forgotten your password in macOS. • iOS Backups: Access to iOS backups stored at iCloud rely on an Apple ID login. • Apple business relationships: If you’re an app developer, post podcasts, connect your site with Apple News, or engage in other business arrangements with Apple, an Apple ID is your account key for them, too. • Legacy: At one point, mac.com and me.com addresses (thus Apple IDs during some of that time) were used with AOL Instant Messenger (AIM), which has been discontinued. Never (Almost Never) Share an Apple ID with Someone It’s generally inadvisable to share an Apple ID with another person,
because you will up intermingling everything: contacts, purchases,
messages, and the like.
The main reason to share an account is when you set one up that’s
designed to be shared and which you set as a secondary account
marked only for contacts. I explain how to do that in Manage Two
iCloud Accounts.
If you want to share purchases and iCloud storage with someone
else, Family Sharing May Offer a Solution.
How iCloud Services Fit Inside an Apple ID You may naturally be confused about how the email address associated with your Apple ID (the address you use to login) differs both from what Apple calls an “iCloud account” and from an icloud.com email address, which you can use to send and receive mail.
An Apple ID Can Use Any Email Address You can use any email address as the login for an Apple ID, and all Apple IDs may be used for iCloud services. However! Only an icloud.com address (and legacy mac.com and me.com addresses) can send 16
and receive email via iCloud. (That may be obvious, but I still find it confusing as I write these words.) At one point, when it was more difficult to obtain an unfettered email address, Apple pushed the availability of mac.com, me.com, and icloud.com addresses for .Mac, MobileMe, and iCloud in succession. That’s far less of an issue these days. Different Times, Different Apple Email Addresses There’s one very confusing thing about mac.com, me.com, and icloud.com addresses used for email. Depending on when you registered an account with Apple, you may be able to use all three, two, or just one of those domains for receiving email and logging into your Apple ID account: ✦
✦
✦
If you’re an old duffer like me and had a mac.com address before July 9, 2008, and kept it active through the iCloud transition, you can use [email protected], [email protected], and [email protected] interchangeably for your Apple ID account. If you signed up as a MobileMe user through 2012, more or less, you can use [email protected] and [email protected]. If you signed up for an iCloud account on or after Sept. 19, 2012, a [email protected] address was your only option.
You can read even more detail at an Apple support note.
New users or those trying to create a new Apple ID can still get an icloud.com address so long as the account is created using macOS or iOS. During Apple ID setup, you’re asked for an email address. At that point, you can opt to use an existing address or have Apple create one for you at icloud.com. That address then becomes both an Apple ID and an iCloud email address. Tip: If you’re using an ancient Apple ID that is just a username without an @ and a domain name, see Appendix A: Legacy Apple ID Issues on how to proceed.
17
Apple Limits Changes to Apple IDs Using iCloud Addresses Apple has a particular policy about using icloud.com (and preceding mac.com and me.com) addresses as an Apple ID: • If your Apple ID’s username ends in icloud.com, me.com, or mac.com, you can only change the account to another icloud.com, me.com, or mac.com address. That address has to already be associated with your Apple ID account as an additional address. • If you use a non-Apple cloud-service email address: ‣ You can change the username to any other non-Apple address. ‣ You can also change it to one that ends in icloud.com, me.com, or mac.com. However, if you make that change you can never return to a non-Apple address! Apple offers excruciating detail about this at a support note.
18
Prevent Apple ID Problems It’s likely you acquired this book to solve problems, but I want to start off by telling you how to prevent common ones. These issues mostly affect account access when you lose a device, forget or lose a password, experience a hacking attempt that leads Apple to lock your account, or otherwise need to regain access. These options vary by how your Apple ID is protected. In advice below, I note in parentheses which account types you can use each bullet point with: • (password) for accounts only protected with a password • (2SV) for accounts relying on the older two-step verification method • (2FA) for Apple IDs that use the newer two-factor authentication For more information about two-factor and two-step logins, read Use Two-Factor Authentication.
Make Sure You Can Self-Recover
Apple offers a fairly large number of methods that let you regain access to your account without having to convince someone at Apple that you’re the legitimate owner of your Apple ID account. You can ease self-recovery by ensuring your account has extra recovery information in it before something goes wrong, like you losing a device, losing access to a phone number, or having to reset a password. Here are several simple actions you can take: • Add rescue email addresses (password): These addresses provide an alternative if you can’t receive email at your main Apple ID address. Add addresses to your password-only account on the 19
Apple ID site (Figure 5). (See this Apple support page for more details.)
Figure 5: Use the Apple ID site to manage rescue addresses.
• Include “reachable at” addresses (2SV, 2FA): Apple lets you list other addresses that you’re “reachable at,” but these are only used by Apple in assisted account recovery, not in normal efforts to regain access. (Add these addresses via the Apple ID website, iOS, or macOS.) • Add trusted phone numbers (2FA): With two-factor authentication accounts, you can receive a verification token on an iOS device or macOS device associated with the same Apple ID, or via a phone number as a text message or automated voice message. It may be difficult to add trusted devices, because they can only be associated with a single account. Trusted phone numbers, however, can be reused across Apple ID accounts. You could employ a VoIP number, like Google Voice, or that of your partner, spouse, sibling, or other trusted person as a backup. (Add numbers using the Apple ID site or in iCloud settings in iOS and macOS. See Work with 2FA.) • Make sure you have your Recovery Key (2SV): Only used with accounts that use the older two-step verification method, the Recovery Key is a 14-character code that you use to restore access. If you can’t immediately find yours, you can regenerate it. Do that now! Read more in Handle Two-Step Verification.
20
Avoid Losing Access
If you need to get help from Apple to recover access, having taken these precautions can dramatically improve the odds that the company’s customer service representatives will restore your account: • Only use email addresses that you control (password, 2SV, 2FA): I routinely hear from people who registered an Apple ID to an address at what is now a former workplace or a former mail host. Don’t get stuck in a situation like that. Change to an email you control on the Apple ID site. • Ensure personal information is up to date (password, 2SV, 2FA): Use the Apple ID site to update your information, including your name, address, billing information, phone number, and more. Your name should match what appears on official identification, such as a driver’s license, national ID, or passport, if you want the chance that Apple could recover your account later. It will require those documents to match your account name. • Update or find security questions (password): You’re likely to hit a roadblock when you need help from Apple if you’ve forgotten what answers you gave to the three security questions they ask you for a password-only account (Figure 6). If you can’t remember yours, visit the Apple ID site, or use iCloud settings in iOS or MacOS, to update your questions and answers.
21
Figure 6: I swear these are my legitimate answers. Tip: Your security questions don’t need legitimate answers, just ones you remember—or, better, store in a password manager like 1Password or LastPass. If you use real answers, someone who obtains details about your past may be able to answer these questions.
22
Use Two-Factor Authentication If someone acquires the password to your Apple ID account, it can be game over. With a password in hand, a malicious party can log in to see your contacts and calendar entries, read your email and send email as if it came from you, access private photos (yes, people have stolen and distributed nude pictures), lock you out of your devices, and make purchases that they can download. If you use your iCloud email as a login or a backup email for other services, the password lets an attacker reset your accounts elsewhere because they can receive password-reset emails. But what if there were a way to keep your password from being the key to the castle? There is! It’s called two-factor authentication (2FA). In this chapter, I’ll convince you to use it. Note: I’ll generally use 2FA as an abbreviation for this approach,
because it gets tedious to read two-factor authentication over and
over again!
How 2FA Works
In the security world, something that proves your identity is called a factor. We typically sort factors into three kinds of elements: something you know, something you have, and something you are: • Know: A password, PIN, or other piece of knowledge you possess. • Have: A device like an iPhone; an authentication app installed on a smartphone, tablet, or computer (Figure 7); or a dongle that generates codes in an LCD screen. This factor is something you physically possess or to which you have access. 23
Figure 7: An authentication app, like Authy (seen here), generates tokens needed for secure login.
• Are: Your fingerprint, retina, handprint, and other biometric markers that are unique and are part of you. (These can be spoofed in some cases, but not casually.) With 2FA, you combine two factors—typically a password plus a confirmation step that requires possession of a device. You “prove” you have that device because something appears on its screen or in an app registered on the device. For instance, Facebook and Google let you validate a login by opening their apps on an iPhone and confirming you are trying to log in to your account. Note: Technically, a Touch ID or Face ID protected iOS device adds another layer of protection. Not only do you have to possess the device, but you also have to use a biometric marker to unlock it. This doesn’t quite count as a factor because it’s tied in with possession. However, it’s yet another hurdle for attackers to jump. They might steal your hardware, but without a fingerprint or your passcode, they can’t unlock it and obtain or confirm the second factor.
With two factors, someone who obtains your password is out of luck when they try to log in. They enter it, and then have to provide a code or use another method connected with a trusted device or trusted phone number. Without that, your account remains protected. While you can enable 2FA for an increasing number of online services and accounts, Apple has its own system for Apple ID that’s tied strongly to its hardware ecosystem. 24
Note: Okay, look: Some people will claim that Apple’s two-factor authentication doesn’t really involve two factors, because the second one isn’t tied directly to hardware. This is true. For purists, a subsequent factor has to have a hardware component that, once registered, can’t be moved or copied. Apple’s is more like 1.75 factor authentication.
Apple No Longer Allows Disabling 2FA Once you add 2FA to your Apple ID, you have a two-week grace period in which you can disable it. After that, it's permanent. You will always be required to use two factors to log in. At one point—according to my memory and that of some colleagues— you could disable 2FA at any point after you’d enabled it. However, Apple now states on its 2FA support page, "If you already use two-factor authentication, you can no longer turn it off," besides that two-week window of rescission.
Enable Apple’s 2FA
Starting on the path to 2FA in any recent version of iOS or macOS is neat and simple. (It can’t be enabled in the iCloud app in Windows.) Once you enable 2FA for an Apple ID on any device, it’s enabled on every device that uses the same Apple ID in iCloud settings. Tip: If you have an Apple ID that you don’t use for iCloud with an existing iOS device or Mac, see Set Up 2FA Without a Device in the Solve Common Problems chapter for details on how to set up 2FA on that account.
Note: These directions were written for iOS 12 and macOS 10.14 Mojave, but work nearly identically with the last few releases of both systems.
25
Enable 2FA in iOS To turn on 2FA on your iPhone or iPad, follow these steps: 1. Tap Settings > your name > Password & Security. 2. Tap Turn On Two-Factor Authentication (Figure 8).
Figure 8: It only takes a few taps to enable 2FA in iOS.
3. Tap Continue. 4. Apple prompts you to provide a trusted phone number. You can opt to either receive an SMS (text) message, or an automated call, in which a code is spoken by an artificial voice. 5. Tap Next. 6. Enter the verification code that arrives via SMS or by voice. Two-factor authentication is now active.
Enable 2FA in macOS The steps are quite similar in macOS, with one difference when it comes to the phone number: 1. Go to Apple > System Preferences > iCloud.
26
2. Click Account Details. 3. Click the Security tab. You may be prompted to enter your iCloud password. 4. Click Turn on Two-Factor Authentication. 5. You must confirm that an already-provided phone number is accurate. As with iOS, you can opt to receive a code as an SMS or automated voice call. 6. Enter the verification code that arrives. And, voilà! You’ve turned on two-factor authentication. Before Two-Factor, There Was Two-Step Before 2FA, Apple offered two-step verification. This was a stopgap
measure after public embarrassment when celebrity and other accounts were “hacked” when ne’er-do-wells guessed passwords or
used phishing.
With two-step verification, Apple offered a short numeric code sent via the Find My iPhone system in iOS and through text messaging (SMS) to other devices. Macs couldn’t receive the codes. It was clunky. And it relied on a third item, a recovery code: if your account became locked, and you lost the recovery code, you might never regain access. Apple hasn’t disabled two-step verification, and some users may still rely on it. However, Apple switched any account with two-step enabled when it was used to connect to iCloud in iOS 11 or macOS 10.13 High Sierra. (Read about the transition in this article I wrote
for Macworld.)
Some people (including me) had Apple ID accounts that used twostep because we relied on them for purchasing and never connected with them to iCloud. I address legacy two-step verified accounts in Handle Two-Step Verification. To switch from two-step to two-factor, visit the Apple ID site, follow the steps to disable two-step, and then follow the steps in this chapter for enabling two-factor authentication.
27
Log In with 2FA
Once you’ve enabled 2FA, the login process is a little different. It works in a seamless and integrated fashion with more recent versions of iOS and macOS, but for hardware running older operating system versions, you’ll have to use a slightly different method, as described below in Log In from a Legacy Mac or iOS Device.
Log In with 2FA via iOS or macOS The process of logging in with 2FA starts the same no matter where you begin: you enter your Apple ID (if it’s not already pre-filled for you) and the account’s password, and click or tap whatever button lets you proceed. Next, all macOS and iOS devices logged in to iCloud services with that Apple ID display a dialog showing your rough location (Figure 9). Click or tap Allow to proceed. That dialog disappears on all devices other than the one with which you just interacted.
Figure 9: A dialog appears on all your associated devices showing your rough location. I don’t live in the forest (or anywhere nearby).
28
Note: The location shown can be quite far off. Apple relies entirely on a database of where internet protocol (IP) addresses appear to be located geographically for this display to protect privacy. I typically appear to be about 100 miles away from my home.
On the device you agreed to allow access to the account, macOS or iOS shows a six-digit code (Figure 10). Enter that code in the software, website, or device prompt to which you’re gaining access. If you’re logging in through iCloud.com, you can also agree to trust the browser for 30 days.
Figure 10: Enter the code that appears.
Why Can I Approve a Web Login from the Same Device? There’s something that many readers have told me baffles them with Apple’s 2FA. When they try to login to iCloud.com via a web browser, the 2FA prompt to allow access and provide a code appears on the same device as the browser (if it’s also logged into the same iCloud account). Doesn’t that violate the separate-factors principle? Not really! Because you’ve trusted the hardware device on which you’re logging in—whether a Mac, iPhone, or iPad—the trust lies in that device, and its physical nature. You know the password, but you still have to have the hardware.
Log In with 2FA by SMS or Voice Call Sometimes you might be trying to log in to an Apple site or service and not have a trusted device for that Apple ID nearby. Or, as I explain in 29
Set Up 2FA Without a Device, you may have an Apple ID that you upgraded to 2FA but don’t have that account ever logged into iCloud on a device you use. In that case, Apple lets you choose a fallback path, which works like this: 1. Enter your Apple ID and password at the site or service. 2. When prompted to enter the six-digit verification code, click or tap “Didn’t get a verification code.” 3. A dialog appears that should offer you choices that include Text Me (Figure 11). Click or tap that.
Figure 11: Apple presents an alternative method of receiving a verification code.
4. If you have multiple trusted numbers for SMS codes or automated voice calls, you will be given a choice which shows just part of the number. If there’s just a single choice, Apple automatically texts you or calls you. 5. Enter the code. With an SMS in Mojave or iOS 12 (or later), Messages offers to autofill the code.
Log In from a Legacy Mac or iOS Device You may be using older hardware—or hardware you chose not to upgrade—that can’t support 2FA logins in the way that newer versions 30
of the operating systems can. That includes systems running iOS 8 and older and macOS 10.10 Yosemite and older, as well as the 2nd and 3rd generation Apple TV models. Tip: You’ll know if your device uses an OS too old to manage the 2FA code entry, because the password-based login fails and no code-entry display or page appears.
On those devices, Apple has a way to use the 2FA code that’s not immediately obvious: 1. Try to log in using your Apple ID and password. 2. The login attempt will not be successful, but this will trigger the 2FA sequence on any modern iOS or macOS device associated with the Apple ID. Allow the login and view the code. 3. Back on your original device, re-enter the password and add, at the end, the six-digit code. Do not insert a space between the password and code. The login should now be accepted. If you want to skip step 2, you can generate a 2FA code within iOS and or MacOS. In iOS, go to Settings > your name > Password & Security and tap “Get Verification Code” (Figure 12).
Figure 12: It’s possible to manually generate a verification code.
31
In macOS, go to Apple > System Preferences > iCloud, click the Account Details button, click the Security tab, and then click Get Verification Code. Phone-Number Factors Aren’t Strictly Safe Phone numbers can be hijacked, especially for mobile phones, because the number can be shifted from the identity module on one phone to that on another by simply calling a cellular operator and convincing them you’re the legitimate account owner. Identity thieves use readily available personal details made public in waves of database breaches in recent years. With your phone number, someone can receive a second factor from Apple, but they would have to know your password. Apple doesn’t allow password resets via a trusted phone number, but other services do—including email hosts. There’s nothing you can do yourself about this, and using 2FA with SMS (as a main method or a backup, as with Apple) is better than not using it. However, security experts recommend that companies move away from phone numbers for second factors, and we will likely see a way in the future to disable SMS/voice fallback for Apple IDs. You can read more about this issue in my article at TidBITS, SMS Text Message Login Codes Autofill in iOS 12 and Mojave, But Remain Insecure.
Work with 2FA
When it comes to managing which devices function as your second factors for an Apple ID, Apple relies on a variety of not-always-consistent methods. Basically, the gist is: • Your trusted devices include all iOS and macOS hardware logged in via iCloud using the Apple ID. • You can change trusted phone numbers from any logged-in device or on the Apple ID site.
32
• When you can’t use an Apple-controlled login with a second factor, you can generate a password for third-party email, contacts, and calendar software from the Apple ID site. Let’s walk through at how you do each of those.
Change or Add Trusted Devices You can add a trusted device by using that device to log in to your Apple ID account via iCloud. In iOS, you do that by going to Settings > your name. In macOS, go to Apple > System Preferences > iCloud. Similarly, to remove a trusted device from the set, log out of iCloud on that device. Because 2FA maps one-to-one to a logged-in iCloud account, your set of associated iCloud devices and your set of 2FA trusted devices are always identical. Note: I occasionally find that even though I’m logged into iCloud on an iOS device, that device doesn’t show up in the trusted set. To fix this, I must log out and back in again. This is annoying not only because of the tapping required, but also because of the time consumed by re-syncing.
With iOS, that one-to-one relationship ties up the entire device. However, with macOS, each person with a macOS user account can log in using a different Apple ID in their respective iCloud preference pane. This can be helpful even if you don’t routinely log in to that macOS account, as it provides another trusted device as a backup in case something goes wrong and you lose access to other trusted devices or phone numbers.
Change or Add Trusted Phone Numbers Apple lets you add additional trusted phone numbers to your Apple ID. Unlike trusted devices, you can associate the same phone number with multiple Apple IDs.
33
You can add or delete a trusted phone number at the Apple ID site, in iOS (Settings > your name > Password & Security), and in macOS (Apple > System Preferences > iCloud > Account Details > Security).
Use App-Specific Passwords Apple relies on 2FA for all account access with three exceptions. To allow third-party apps to work with contacts, calendar entries, and email, Apple allows setting an app-specific password that can work only with those three kinds of data. Note: If you don’t use third-party apps for contacts, calendars, or
email, you don’t need to generate app-specific passwords.
To generate one of these passwords, you have to visit the Apple ID site and log in. I suggest never reusing them: generate a new one for every piece of software on each computer or iOS device that requires a password using these steps: 1. Go to the Apple ID site and log in to your account. 2. To the right of the Security section, click Edit. 3. Under “App-Specific Passwords,” click “Generate Password” (Figure 13).
Figure 13: At the Apple ID site, you can generate an app-specific password.
4. Enter a label that will help you remember what it’s used for. For example, “Glenn MacBook Fantastical.” This is for later reference
34
for yourself, and doesn’t appear anywhere else but in this area. Click Create. 5. Copy or write down the password that appears (Figure 14). It will not be displayed again and it cannot be retrieved. (If you use a password manager, store it there, too, just in case.)
Figure 14: This password appears once. I’ve already revoked it, so even showing it doesn’t risk that you might break into my account. Anyway, I trust you.
6. Click Done. 7. In a third-party app, like Thunderbird for email, Fantastical for calendars, or BusyContacts for contacts, enter your account information as prompted, but for a password use the app-specific one you generated in these steps. If you’re later concerned about the security of one of these passwords, or even of all of them, you can revoke them, and they immediately stop working everywhere. Here’s how: 1. In that same Security area in step 3 above, click View History under the App-Specific Passwords header. 2. Either: Click an X next to an appropriate password you want to revoke and confirm by clicking Revoke Or: Click Revoke All and confirm revoking all app-specific passwords. 35
3. Generate new passwords and enter them in your various third-party apps. 4. Click Done. App-Specific Passwords Are a (Minor) Security Risk Apple generates these passwords for you, so they’re always strong. And you can’t recover one of them: it’s displayed once and then gone forever. Apple also sends email to the address associated with your Apple ID letting you know a new app-specific password was generated for your account. However, third-party software may be set up in such a way that an attacker could extract an app-specific password, and if you use iCloud for email, gain access to that email account.
Troubleshoot 2FA Problems
The advantage of 2FA is that it restricts account access to people who have the requisite information. But what if you lose access to the necessary elements to log in? For instance, what if you forget your password or lose your phone? Not to fear—or at least, not to fear too much. You typically have a way back.
You Forget Your Password You may feel self-conscious, but it happens to the best of us. You’re particularly at risk of forgetting a password if you don’t need to log in to your account regularly and you memorize your password without writing it down or storing it digitally. With 2FA, Apple offers four ways to reset your password. Tip: Use a password manager. Seriously. These apps let you create
unique, strong passwords for every log in, and store them securely
on multiple devices. Read Joe Kissell’s Take Control of Your Passwords and Take Control of 1Password for help.
36
Reset a Password in iOS with 2FA Enabled Follow these steps: 1. Go to Settings > your name > Password & Security. 2. Tap Change Password. 3. You’re next prompted for your iPhone or iPad passcode. (This isn’t a code transmitted by Apple. It’s the one you use to unlock your iOS device.) Note: If you’re not logged into iCloud with this account on this
device, you may be walked through a different sequence of steps
than these. But it’s exceedingly unlikely you’re reading this book if
that’s the case!
4. On the “Change Password” screen that appears, you must enter a new password and verify it. 5. Tap Change. Your Apple ID password is now changed. Your other devices will ask you to enter the new password when you use them.
Reset a Password in macOS with 2FA Enabled In macOS, you start with the iCloud preference pane: 1. Go to Apple > System Preferences > iCloud. 2. Click Account Details. 3. Click the Security tab. 4. Click the Change Password button. 5. You may be prompted to enter a password for an administrative account, and you should do so and click OK. 6. A Change Password dialog appears. Enter your new password and enter it again in the Verify field. 7. Click Change.
37
Your password is now changed. Your other devices will ask you to enter the new password when you use them.
Reset a 2FA Password on the Apple ID Website You can also use the Apple ID iForgot website to change an account password, but it requires hopping through a few hoops, and switching to one of your devices to complete the process. Here’s how to proceed: 1. Visit the Apple ID iForgot website. 2. Enter your Apple ID email address and click Continue. 3. Apple displays phone numbers associated with the Apple ID with all but the last two digits replaced with bullets, like (•••) •••-••12. Enter the full phone number for any of those and click Continue. 4. As with a 2FA login, a dialog appears on all your trusted devices, which Apple helpfully displays on the website view (Figure 15). Find any of those devices and click or tap Allow in the Reset Password message.
Figure 15: Apple lists all your trusted devices. You must use one of these to reset your password.
5. Enter your device passcode or macOS account password and click Continue. 38
6. Enter a new password and then re-enter it in the Verify field, and tap Next or click Change. Your password is now changed and may need to be re-entered in a number of locations.
Reset a 2FA Password via Find My iPhone in iOS There’s one final method if none of the above is available or works! According to Apple, you can use Find My iPhone (which also works with iPads and the iPod touch) on an iOS device that isn’t associated with your account. That could be a device belonging to a friend, family member, or friendly stranger. Here’s how you use Find My iPhone to reset your 2FA password: 1. Open Find My iPhone on somebody else’s iOS device. 2. Click or tap Sign Out (to sign the owner of the device out) and then enter your own Apple ID. This leaves that device logged into the Find My iPhone service; it just logs out the finding app. 3. Tap Forgot Apple ID or Password? 4. Follow the instructions, which may vary by account details and what devices you have available, but will generally follow the steps as if you were using the Apple ID website. Your password is now changed and may need to be re-entered in a number of locations.
You Lose a Trusted Device All is not lost, even if your hardware goes missing, so long as you have a trusted phone number available. As soon as you can, gain access to an iOS device or to an account in macOS, and log in to iCloud using your Apple ID. You can verify the log in via a trusted phone number.
39
Note: Make sure to revoke the lost device on the Apple ID website if someone stole your hardware or you believe you’ll never get it back. Visit the site and log in to your account, then in the Devices section, select a device, click Remove from Account, and then confirm.
You Lose a Trusted Phone Number As long as you have a trusted device or another trusted phone number, you can use the methods described above in Change or Add Trusted Phone Numbers to add a new number and revoke one that you know you’ll never get back.
You Lose Access to Everything The worst-case scenario happens when you have a catastrophic loss, such as in an accident, a major theft, or natural disaster, or even have to leave a country of which you’re a resident suddenly. Apple offers an account recovery option it describes in detail on its website. This process can take some time and you will need personal details—including credit card numbers associated with purchases used on the account—to proceed. The company makes this process tough—putting a delay in place and requiring documentation—to deter or block thiefs’ attempts to use stolen identities to gain access to users’ account. However, I have heard from people who have been unable—even with scans of passports, mail sent to their addresses, and other information in hand—to convince Apple they were the legitimate owner, and have lost access to their accounts for good.
40
Manage Multiple Apple IDs Working with iCloud, Apple devices, and Apple’s various stores and subscription offerings is easiest when you have a single Apple ID. But I’m not alone in having two for historical reasons, and many people have even more! In this chapter, I talk about how to manage multiple Apple IDs in an efficient and consistent way.
Use Separate Accounts for Purchases and iCloud Many of us who are long-time Apple ecosystem participants wound up with two Apple IDs, because at one point, Apple managed purchases separately from iCloud’s predecessors (like MobileMe). When Apple fully embraced the Apple ID approach, all our legacy accounts converted. Apple didn’t offer an opportunity to merge those accounts then and still hasn’t many years later. Dealing with the duplication wasn’t as easy as shutting down one of the accounts. Purchases of permanently licensed digital goods—movies you bought (not rented), any apps, and non-subscription in-app purchases—are associated with an account. We couldn’t just abandon an account without also losing all that. Likewise, because the other account was often associated with a mac.com or me.com address we’d used for data or as an incoming address, we couldn’t abandon that one, either. Apple originally didn’t design iOS to manage that split of accounts well. Fortunately, that improved many releases ago, and Apple now lets you easily log in to iCloud with one account and the iTunes and App Store with another. In macOS, these services and features were always split across the MobileMe or iCloud preference pane and iTunes. 41
Use Two Apple IDs in iOS When setting up an iOS device from scratch with two accounts: 1. Tap Settings > “Sign in to your device name.” 2. Enter the Apple ID and password you want to use for iCloud synchronization and other features. Confirm with a second factor if necessary. 3. Tap Settings > iTunes & App Stores. 4. The “Apple ID: account email” label at the top likely shows the same account name as in step 2. Tap it. 5. Tap Sign Out. 6. Log in with the Apple ID you associate with purchases, as in step 2. If you’re not starting with a fresh device, first sign out from all the places you may be signed into an Apple ID on your iOS hardware using instructions you can find in Migrate from One Apple ID to Another. Use A Different Apple ID with Messages or FaceTime In this setup, Messages and FaceTime will also be logged into your iCloud-focused Apple ID from step 2. Go to Settings > FaceTime or Settings > Messages > Send & Receive, tap on the “Apple ID: account email” link, tap Sign Out, and sign in with your preferred Apple ID.
Use Two Apple IDs in macOS It’s easy to use multiple Apple IDs in macOS without much fuss. Here’s how to do so with the most common apps and services: • iCloud: Go to Apple > System Preferences > iCloud, type in your iCloud-oriented Apple ID, click Next, and follow steps to complete the login process. • iTunes: Choose Account > Sign In, and enter your purchaseoriented Apple ID, and follow steps to finish. 42
• iMessage: Open Messages and choose Messages > Preferences > iMessage. Enter the Apple ID you want to associate with messages and click Next. • FaceTime: Open FaceTime and, when prompted, type in the Apple ID you want to associate. If you’re already signed in with another account, go to FaceTime > Preferences > Settings, click Sign Out, and enter the information for the account you want to use. • App Store and the Books app: Go to Store > Sign In and enter the information for the account you want to use. If you’re already signed in with another account, choose Store > Sign Out first.
Work with Apple ID Across Countries Apple and other companies can’t obtain uniform licensing for media or software across every country in which they do business. That means that some songs, movies, TV shows, apps, books, and subscriptions may not be available everywhere you live or in all the countries you visit. As a result, the country associated with an Apple ID can limit access to media or apps you’ve purchased or rented depending on what country you’re in when you try to access it. This can also come up if you want to make new purchases while abroad. If you’re moving permanently from one country to another (or moving for an extended period), you can change the country associated with your Apple ID. However, some people—especially within Europe and among other closely located nations—may work in one country and live in another, or even own homes or routinely travel among two or more countries. In that case, you may need to maintain separate Apple IDs, each associated with a billing address and account in each country.
43
Change the Country for Your Apple ID Apple offers an excellent support page for users who want to switch the country associated with their Apple ID, and I don’t want to recapitulate all that. Let me just highlight critical points: • You have to have a payment method that’s billed within the country you’re changing your account to. • Everything associated with your current account has to be wound up: subscriptions must be canceled and outstanding credit received. • Everything has to wind down, too. So movie rentals have to reach the end of the rental period or watching period, all subscriptions have to reach their natural end (tricky with yearly subscriptions if the end is far away), pre-orders must be fulfilled (though they may be canceled), and everything in Season Pass delivered. If you’ve got that in the bag, you’re ready to follow Apple’s instructions, which work in iOS, macOS, and on the Apple ID website. If you don’t have a payment method associated with the country you’re moving to, Apple recommends waiting until you set that up before creating a new Apple ID to use there. Follow advice in the next section.
44
Does Apple Delete Your Content When You Move? In 2018, a viral story claimed that Apple deleted movies from a user’s account after the movies stopped being available in the country where the purchaser lived. As more details came available (see this CNET article), it became clear that the story was more complex than it originally seemed. The person in question had moved from Australia to Canada, switched their Apple ID to Canadian billing, and ran afoul of Apple’s rights management (which is enforced by rights owners, like studios and record labels.). Although the films the user had purchased in Australia were also available in Canada, Apple couldn’t let him download the identical digital content in Canada because of licensing issues. (Yes, I think it’s ridiculous, too.) This is why Apple suggests on its country-migration page that you download all purchased digital content in full before switching accounts, just in case something isn’t available. You can also switch billing on a single account back to your old country—but only if you still have a valid billing method in that country. Because the person above didn’t have such financial information, Apple apparently helped make it right for them.
Maintain Apple IDs for Different Countries One way to avoid some of the Apple ID problems with switching countries is to create a separate purchasing account for every country in which you routinely spend time if you typically do so for more than three months. (I go into the reasons later.) For each account, you will need a valid billing method that has an address in that country. That could be difficult (or impossible) if you don’t reside for reasonably long periods of time in a country and have a fixed address there you can use. (Banks and credit cards require some assurance you’re not trying to pull a fast one.) If you can meet this requirement, however, having country-specific accounts makes it possible for you to switch the iTunes, App Store, and other purchase or subscription logins in iOS and macOS to the account 45
corresponding to the country you’re in. When you switch, you can view content and use subscriptions purchased with that account, as well as make new purchases or downloads. There’s one big proviso: Apple may restrict a given device from switching among Apple IDs for 90 days after you use certain iTunes features on that device, which includes downloading and playing movies, music, and TV shows, logging into Apple Music, or downloading past purchases in any store. All media-related software and playback on a given device gets locked. Devices include anything running iOS and macOS, as well as a Windows PC or Android device using Apple software for media playback or subscriptions. Apple offers more details about associations and the 90-day limit on a support page. Apple TV appears exempt from this, perhaps because Apple expects people may travel with them, and because they’re a piece of hardware with a dedicated purpose. Note: Apple doesn’t seem to check which country you’re in, but relies on the Apple ID’s registered location and billing information. Apple doesn’t yet offer an extensive streaming video service, however. Netflix and others have country-specific locks and try to defeat VPN workarounds that make it appear as if you’re located in another country.
Manage Two iCloud Accounts
Apple supports a little-known feature in iOS and macOS: a primary and secondary account for iCloud services. You have to log in to these Apple IDs in sequence, with the primary first and then using a method to add the secondary. This can be useful when you want to share contact and other information with someone, but also want to maintain a separate Apple ID with 46
your own iCloud and other information associated. For example, spouses who each have their own set of contacts, but who share many contacts in common, might use a separate Apple ID solely for the purpose of sharing mutual contacts. This allows them to ensure that any changes either person makes are visible to both. Tip: Read more about managing iCloud accounts and resources in Joe Kissell’s Take Control of iCloud.
Manage Two iCloud Accounts in iOS With two iCloud accounts in iOS, the second account can sync only email, contacts, calendars, reminders, and notes. After making sure you’re signed in to your primary iCloud account in Settings, add a secondary account with these steps: 1. Open Settings > Passwords & Accounts. 2. Tap Add Account. 3. Tap iCloud and follow the prompts.
Manage Two iCloud Accounts in macOS While you can always set up a separate iCloud account within each macOS account, Apple also lets you have additional iCloud accounts associated with each Mac user. You can have a secondary and subsequent accounts that work only for email, contacts, calendars, reminders, and notes. Note: Only one iCloud account at a time can be used for Find My
Mac, regardless of how many user accounts you’ve set up. If you
want to enable Find My Mac under a different user’s account, first
disable it under the user account where it’s active.
First, make sure you’re signed into your primary account in the iCloud preference pane.
47
Next, follow these steps: 1. Open Apple > System Preferences > Internet Accounts. 2. Click the iCloud logo at top right. (If the iCloud account is select at left, Command-click to de-select it and the logos of various services.) 3. Enter your secondary (or tertiary or beyond) Apple ID and click Next. 4. Follow the remaining prompts, and pick which features to sync or access.
48
Split or Migrate Apple IDs The two scenarios I hear about the most from readers and friends are when two (sometimes more) people have opted to share an Apple ID to sync data and purchases, or when someone finally gives up on having multiple Apple IDs and wants to migrate as much as they can to a single Apple ID—sometimes a new one. This chapter provides advice for both those tasks, although I want to warn you upfront that the results can be disappointing. Apple doesn’t provide help for either process, which means any split or migration will be by necessity incomplete.
Split an Apple ID Between Two People As the writer of a how-to column about Mac and iOS issues, I never expected to hear a lot about people’s relationships, but that was apparently naïve. Our digital devices are, after all, part of our sometimes complicated lives. I frequently receive emails from people with a shared Apple ID who no longer want to share it. The cause can be a breakup, a sibling or child leaving home for school, or just the realization that an individual account will work better for them. This section offers advice that helps in these cases: • Permanently separating data (as with a breakup or divorce) • Creating a second personal account that will continue to share some data, such as recurring calendar events or photos • Sharing a single Mac currently (with one or more iOS devices shared or each), but with a plan to use separate Macs or have separate accounts in macOS that use different Apple IDs • Using different Macs (or accounts on a single Mac) that are currently signed into the same Apple ID, but which will be signed into separate ones 49
The point of view of the instructions below is the person setting up or transitioning to a new Apple ID, thus “taking” data from the current Apple ID. If you use your Apple ID only for purchases or free downloads, this section won’t help you. Apple has never offered any way to transfer ownership of digital assets purchased by an account, nor a way to mark data in an account that could be used to split it. Read the sidebar just below for one potential strategy. Family Sharing May Offer a Solution Apple’s Family Sharing option can be a solution for sharing Apple ID
purchases and subscriptions among a group of people while letting
them maintain separate Apple IDs. When enabled, a family
“organizer” can add up to five family members.
This allows everyone in a family grouping—Apple doesn’t check your relationships—to share apps, music, TV shows, books, and movies. Family Sharing automatically creates a shared calendar, reminder list, and photo album. It also allows members to access a subscription to pooled iCloud storage. (The files you store aren’t shared; everyone just gets access to a block of storage at a lower cost than if they’d subscribed separately.) There’s a proviso: Not all apps can be shared, as it depends on whether the developer allows it. Apps reveal in their App Store pages under the support section whether Family Sharing is included. Learn more about Family Sharing, including how to set it up, in Take Control of iCloud or Take Control of Mojave.
Manage Local Copies of Shared Data Start by figuring out where you want all shared data to reside after a split. In all of the cases below, you already have synced copies. What actions you take depend on what you want to keep sharing and whether you’re using a single account on a single Mac or not.
50
Note: There’s no way to bulk export contacts, calendar entries, email, photos, or music from iOS or the iCloud website. You need to use macOS for all those tasks. Some third-party apps can access various data storage in iOS, but I haven’t tested those extensively enough to recommend them.
In the instructions below, you can find most iCloud settings at Apple > System Preferences > iCloud. Disable individual sync services by unchecking a box in the preference pane. When you do, you’re prompted about retaining or deleting information, among other choices.
Contacts If you currently store all your contacts in a single account on a Mac, use the Contacts app to select the entries you want to retain, and then choose File > Export > Contacts Archive to create a file that you can move to another user account that uses a new Apple ID. You can also delete the selected contacts after exporting them to remove them from the shared Apple ID. If you already have separate Apple ID accounts set up, you can use a simpler technique. On your new computer or account, go to the iCloud preference pane, uncheck Contacts, and choose the option “Keep on My device.” That way you keep a full copy of the contacts list with the new computer or account, but the list is no longer shared.
Calendar If you’ve both relied on a single calendar, it’s harder to separate these entries, because many of them may have occurred in the past. You may want to start fresh with a new calendar or set of calendars. Annual events like holidays, anniversaries, and birthdays can be generated from contacts and special calendars, and can thus be repopulated in a calendar if you start from scratch. If you want to have a full copy of previously shared calendars: • In Calendar in macOS, you can export each locally stored calendar one at a time by selecting it in the list at left and the choosing File > Export > Export and choosing where to save the export file. 51
• Go to Apple > System Preferences > iCloud, uncheck Calendar in preference pane, and choose the option “Keep on My device” to retain existing events and reminders. In both cases, you will have to go through the calendar manually to find and remove old, current, and upcoming events. Apple used to offer a way to shed events past a certain point, but that’s long gone. Tip: If you’re splitting accounts but remaining connected, shift recurring events you used to track with a single calendar associated with a shared Apple ID account over to a shared calendar to which you both subscribe. If you use Family Sharing, a shared family calendar is created automatically.
Email Apple relies on the same email protocols used by any email service to manage iCloud email. The macOS Mail app shows mailboxes in a left navigation bar that reflects all the messages stored on a mail server (or multiple mail servers), as well as an item (typically at the bottom) labeled “On My Mac.” That last entry reflects any messages stored locally on the Mac, and no longer stored on a server. Splitting up email can be complicated if you’ve intermingled it, but it’s possible for you both to keep copies of your old messages when you start fresh. Here’s a way to untangle it: 1. Move all of your messages from mailboxes on servers and from On My Mac folders you’re leaving behind into one or more folders in the On My Mac section. 2. Select each of those folders and choose Mailbox > Export Mailbox. Save the export in a place you have easy access to. 3. Copy the export to the new account or Mac first, to avoid accidentally deleting mail. 4. Delete the mailboxes on the copy of Mail from which you exported them. Right-click (or Control-click) a mailbox and choose Delete Mailbox, and then confirm. 52
Photos Splitting up photos is hard enough, but iCloud Photo Library can make it trickier. That’s because when you use this syncing and cloud-storage option, you likely aren’t storing the full-resolution images and movies on all your devices. By default, Apple stores only thumbnails on iOS devices and loads them on demand. In macOS, it’s more likely you have full-resolution media downloaded, because that’s the default there—but you may have switched to what Apple labels “optimized” storage if you didn’t have enough disk space remaining for your library. To split up an iCloud Photo Library, you need to start by checking your local storage settings. In Photos in macOS, choose Photos > Preferences > iCloud, and look at the setting for iCloud Photos. If it’s set to “Download Originals to this Mac,” you’re all set: • If you’re moving to a new account or Mac, just copy the Photos Library. (It’s usually in your home directory’s Photos folder. You can also choose Photos > Preference > General and click Show in Finder.) • If you’re using a separate account or Mac which already has all the photos and videos downloaded, go to Photos > Preferences > iCloud and uncheck iCloud Photos. You may be prompted to download your media or delete it; choose download, even if you think you’ve already downloaded everything. In both cases, you can then delete media that you don’t want to leave behind on the old machine and photos you don’t want to keep on the new one. If the preference is set to Optimize Mac Storage, you need to make a change to ensure all images and videos are downloaded locally at full resolution. Warning! Make sure you have enough local storage to download the entire photo library before proceeding.
53
If you share a macOS user account and want to migrate your photos to a new user account on the same or another Mac, follow these steps: 1. Select the Download Originals to this Mac radio button. After you make that change, the download process may take a while—possibly a long while. 2. When complete, copy the Photos Library to the new account or computer. The file contains all the original images and other data. Tip: You can replace a Photos Library in your home directory’s Photos folder with one you copy over. Or you can save the Photos Library you’re copying under a name you choose or in a different location. To select an alternate library and even make it your primary one, hold down Option when launching Photos and use the library selection dialog to pick and set.
3. Back in Photos on the original machine, delete the images that you no longer want in the shared set. However, if you already have a separate user account or another Mac that’s syncing this library: 1. Select the Download Originals to this Mac radio button. The download process may take a while. 2. When complete, go to Photos > Preferences > iCloud and uncheck iCloud Photos. 3. You can now delete media from both the old and new Photos library without affecting the other.
Music Apple lets you sync music files in your library across devices in a bunch of ways. For the purposes of splitting up an Apple ID, the most salient is iTunes Match. If you subscribe to this service, it syncs both music that you purchased from Apple and anything you’ve purchased or ripped from a CD and added to iTunes directly. You can use this iMore tutorial to use iTunes Match and iTunes in macOS to download a full copy of all music synced across any devices. 54
If you’re using a single account on a Mac currently, you can then copy that music to the new account or Mac with which you’ll be using a new Apple ID. Note: Apple stopped using digital rights management encryption and restrictions on music files several years ago. However, when you purchase music from iTunes, it comes with certain rules. If you share music with someone no longer part of the same household, you’re likely engaged in piracy. While most of us no longer split up LP and CD collections, you may need to split up your iTunes music if you want to be fully legal.
Set a New Apple ID and Import After you have all the copies you need of everything, it’s time to set up a new Apple ID on a new macOS account or new Mac. If you were already logged into the old shared Apple ID on a separate account or Mac or into any of your iOS, Android, or Windows hardware, first follow these steps to log out of the old ID: • In macOS: ‣ Go to Apple > System Preferences > iCloud, click Sign Out, and follow prompts. I didn’t cover every form of data in the discussion above, so you may want to keep data from more services than I mentioned. ‣ Open Messages. Choose Messages > Preferences > iMessage and then click Sign Out. ‣ Open FaceTime. Choose FaceTime > Preferences > Settings and then click Sign Out. ‣ Open Mail. Choose Mail > Preferences > Accounts, select iCloud, click the minus button, and confirm removal. ‣ Open iTunes. Choose Account > Sign Out. ‣ Open the App Store and choose Store > Sign Out.
55
‣ Open the Books app and choose Store > Sign Out. ‣ Go to Apple > System Preferences > Internet Accounts, select secondary iCloud accounts one by one and remove them by clicking the minus button. • In iOS: ‣ Go to Settings > your name, swipe up and tap Sign Out. ‣ Go to Settings > your name, tap iTunes & App Store, tap “Apple ID: account email”, and tap Sign Out. ‣ Go to Settings > Messages > Send & Receive, tap “Apple ID: account email”, and tap Sign Out. ‣ Go to Settings > FaceTime, tap “Apple ID: account email”, and tap Sign Out. • In Windows: ‣ Open the iCloud app and click Sign Out. ‣ In iTunes, choose Account > Sign Out. • In Android: ‣ Open the Apple Music app and sign out. • If you’re using third-party contact, calendar, or email software, you may also need to sign out of or delete your Apple ID from those locations. If you don’t have another Apple ID you’re already using with iCloud, create a new Apple ID by going to the Create Your Apple ID page. Then, log in using Settings in iOS or by going to Apple > System Preferences > iCloud in macOS. If you exported data in sections above instead of turning off sync, you can now import that data: • Contacts, Calendar, and Mail: Import the respective data files within those apps. 56
• Photos: Hold down Option before launching Photos and select the copied Photos Library. • Music: Check your settings in iTunes > Preferences > Advanced. Do you want to “Copy files to iTunes Media folder when adding to library”? Or keep the files in the same location as they are now and have iTunes reference them? Check the box accordingly. Then use File > “Add to Library” to select your imports.
Migrate from One Apple ID to Another Sometimes, there are too many memories—or too many problems and spam messages and account errors—associated with an Apple ID. Rather than try to fix it, some people choose to start fresh, and create a new Apple ID with none of the old problems. The provisos about purchases aside, migrating from one account to another can be substantially easier than trying to split up an account. It’s possible to accomplish this within iOS, but I find it more nervewracking, as it’s harder to know and see exactly what’s going on. I prefer to use a Mac, partly for more granular control and partly because it’s easier for me to back up files. Tip: To be absolutely certain you won’t lose data, make sure you have a recent clone of your startup drive or a recent Time Machine backup. You may also want to go through the export or copying steps noted in the previous section.
You can opt to switch off iCloud services individually in the iCloud preference pane, by unchecking each setting; or you can click Sign Out. Whichever choice you make, always choose to keep all data when prompted for each service or for iCloud as a whole. If you’ve gone the checkbox-at-a-time route, finish with clicking Sign Out. Now individually log out of Messages, FaceTime, iTunes, Books, and the App Store (as described in Set a New Apple ID and Import).
57
You can remove an iCloud email account from the Internet Accounts preference pane or within Mail (Mail > Preferences > Accounts), but it’s not critical if you want to still receive messages from that account. Tip: if you have Apple Music subscription that is syncing music via iCloud Music Library and you have more than one Mac, it’s possible that a song or album you own might be downloaded in a form that’s locked to the Apple Music subscription. This column by Kirk McElhearn can help make sense of that.
In Photos, if you’re using iCloud Photo Library, first make sure that you have full-resolution data fully downloaded to your Mac. (See the Photos portion of the previous section.) Then uncheck iCloud Photos in Photos > Preferences > iCloud. If you’re prompted to download media, agree just in case. Now, use your new Apple ID to log back in to all the places where you want to use it, starting at Apple > System Preferences > iCloud.
58
Cope with a Hack of Your Apple ID Account It’s no fun when someone manages to hijack your account. That can be especially unnerving with an Apple ID, because of how it’s used widely among Apple’s devices, iCloud services, and purchases. However, Apple has some built-in safeguards to protect your account. Even if someone obtains your password (when 2FA isn’t enabled), you’ll be notified of many kinds of activities, the hacker may be blocked (even if they have the password), and you should be able to reassert control.
Recognize an Attack in Progress
Be prepared to recognize the signs of an attack before someone manages to hijack your account. Here are some things to look out for: • Apple alerts you when certain changes take place to your Apple ID account information. You’ll be pinged, for example, when a new trusted phone number is added or an app-specific password is generated at the Apple ID website for a 2FA account. If you start seeing messages and you haven’t made the changes or requests, something’s afoot. • You receive emails to an iCloud address that appear to relate to actions you’re taking at other sites, but that you haven’t done. • Your email or other iCloud services stop working on any device or in any program. • You start to receive two-factor alerts about logins that you didn’t initiate. • The phone company that manages your iPhone’s account calls or texts you with a change in service you didn’t initiate. 59
• You receive text messages, like authentication codes for non-Apple services, that you didn’t request. • One of your devices was put into Lost Mode or locked, which can only be accomplished using Find My iPhone/Mac. • You start seeing charges on cards you own via apps that alert you to charges or email warnings, or you receive a call from a credit card company about suspicious charges. Tell the Difference Between a Hack and Phishing It’s critical to tell the difference between emails coming from an
attack in progress and phishing, where people attempt to fool you
into providing your login information or financial details.
With phishing, an email message, a text message, or even a phone
call originates from dubious sources. Look at the actual return address or Caller ID-provided number. Links are suspicious if, for
example, they don’t lead to a company’s main site. For example, a
link to Apple leads to something like apple.euiw098sf08.90809808adsf8a0d.net instead of to apple.com.
You can also usually tell something’s off when the message includes
misspellings, weird logos, odd grammar, or strange requests you’d
never expect of the sending company or service.
In a hijack, you’ll receive emails that typically alert you of a problem without providing a link, because real companies know that a link may have you thinking that the email is a phishing attack!
If any of the above are true, it’s time to take immediate action to see if you can stop a hacking from gaining control.
Stop an Attack in Progress
You may be able to stop an attack in progress. However, if you can’t follow the steps in the first section below, I advise in the second section how to disable your account with Apple’s help.
60
Try to Halt the Attack If you believe someone is trying to gain access to your Apple ID account or may have already have gained access, take action: • Take all your devices off the network. Use Airplane Mode on iOS devices and turn off Wi-Fi or unplug Ethernet on Macs. • Log in to the Apple ID website and change your password from another computer or device. If you cannot log in, see below. Type in the address https://appleid.apple.com or follow this link to avoid phishing attacks (see Tell the Difference Between a Hack and Phishing). • If you don’t have two-factor authentication enabled, follow the instructions in Enable Apple’s 2FA to turn it on after you change your password. • If you’ve already enabled 2FA, revoke all your app-specific passwords (see Work with 2FA). Create new ones as needed. • Log in to your cellular account or call your cellular carrier and ensure that no changes have been made to your phone account recently. • If you use an email provider other than iCloud, log in to your account using your provider’s web interface and confirm that nothing has been modified there. (Enable 2FA while there, if you haven’t already.)
If You Can’t Log In to Stop the Attack If Apple doesn’t let you log in with your Apple ID in any of the usual places, including the Apple ID website, it can mean one of two things: Either someone has hijacked your account, or Apple has disabled your account temporarily because of attempts to hijack it. (You should have received an email message or some other sort of message from Apple if your account was disabled.) If your account is locked, you can follow Apple’s steps to unlock it. I detail these in Deal with a Locked Account. 61
Failing that, contact Apple. You will need to provide proof of identity— Apple has to resist being phished as well! But the support staff can lock your account and help you regain access.
62
Solve Common Problems You might encounter a few more tight spots with your Apple ID that you’ll need help solving. This chapter rounds up the rest.
Set Up 2FA Without a Device
Apple requires the use of iCloud in macOS or iOS to convert an Apple ID from a regular password-only login into an account protected with two-factor authentication (2FA). But what I’ve heard from many people with multiple Apple ID accounts is that they only use one across all their iOS devices and Macs, and yet want to enable enhanced security on one or more accounts without messing up their current systems. (For more on 2FA, see Use Two-Factor Authentication.) This is particularly nettlesome for software developers in the Apple ecosystem, who received notice in mid-February 2019 that after February 27, they could no longer use an Apple ID without 2FA enabled to access developer resources, including the Apple Developer website and the system that manages security certificates. Many developers posted on Twitter that they never use their developer ID with iCloud on any device. There’s a way around this that will work for as long as Apple allows users to opt to send a 2FA verification code to a phone, either as a text message or an automated voice call: set up a macOS account on your own computer or on a trusted Mac. It can even be temporary. Follow these steps: 1. Set up a new macOS user account on the target machine (in System Preferences > Users & Groups). 2. Log in to that account. 3. In System Preferences > iCloud, sign in with the Apple ID that you want to upgrade to 2FA. Follow the steps in Enable 2FA in macOS 63
to complete the setup. Make sure and include at least two phone numbers at which you can receive codes, and read the Avoid Losing Access section carefully, too. 4. Optionally delete the macOS user account when complete. The next time you want to log in to any Apple service or site, click “Didn’t receive a verification code” in the dialog, click Text Me, and choose one of your trusted numbers. You can then use the code provided. (See a more detailed step-by-step for this method in Log In with 2FA by SMS or Voice Call.)
Reset Your Password
What happens when your password stops working? You may have forgotten it—it can happen!—or you may have it stored in a password manager and can’t retrieve it. Whatever the reason, you’re not sunk. Apple lets you reset the password associated with your Apple ID, though how easy it is depends on how your account is set up: with just a password, with the older twostep verification, or with the newer two-factor authentication. Tip: You can also recover your Apple ID account name, although it’s less likely you’d need to, because Apple typically prefills the account name anywhere you’ve previously entered it.
After resetting your password, you will need to re-enter your password on various devices and for various services.
Reset Your Password-Only Account If your account is protected with only a password, follow these steps: 1. Visit Apple’s password recovery site, amusingly named “iforgot.” 2. Enter your Apple ID and click Continue. 3. Choose to reset your password. 64
4. You can opt to answer the security questions set on the account or receive an email with a reset link either to the primary address on the account or a rescue address. 5. Depending on what you chose above, enter the correct answers to your security questions or follow the link received in email. 6. When prompted, pick a new strong password, preferably using a password manager, and make sure to store the password securely, too. When you complete the process, you must sign in again with the new password.
Reset Your Two-Step Account Password To reset an Apple ID protected by Apple’s two-step verification system, you must have both a recovery key and a trusted device or phone number. If you’re missing either of those or both, read Handle TwoStep Verification (and my condolences). Here’s how to reset a password with two-step: 1. Visit Apple’s password recovery site. 2. Enter your Apple ID and click Continue. 3. Select the option to reset your password and click Continue. 4. Enter your recovery key at the prompt and click Continue. (Apple generated a recovery key for you when you set up two-step: It’s 14 characters long. Can’t find it? Visit this support page.) 5. The site prompts you to pick a trusted device to receive a confirmation code. Choose that. 6. Enter the confirmation code received. 7. When prompted, enter a new strong password, preferably using a password manager, and make sure to store the password securely, too. Click Reset Password. The site now asks you to log in again. 65
Reset Your Two-Factor Account Password With a 2FA account, it’s a bit more complicated to reset your password. You can’t perform the reset from the Apple ID or iForget website. Instead, you can use an iOS device or Mac signed into iCloud with that Apple ID or use Find My iPhone on an iOS device. I explain these steps in detail in the chapter on two-factor authentication. See Troubleshoot 2FA Problems.
Deal with a Locked Account
Apple automatically locks your Apple ID when it detects certain kind of suspicious behavior. That can include too many incorrect entries of information—such as wrong answers to your security questions or an incorrect password—during login attempts. Note: Account locking can also be a form of harassment. A harasser
may repeatedly try to access your account knowing that Apple will
lock it down when they don’t have the necessary information. When
you go through the unlock steps, the harasser does it again. Apple
uses some techniques to block repeated failed login attempts, but
their system is imperfect.
If Apple locks your Apple ID, you might see one of three messages in apps and on devices: • “This Apple ID has been disabled for security reasons” • “You can’t sign in because your account was disabled for security reasons” • “This Apple ID has been locked for security reasons” The process to unlock an account starts at Apple’s iForgot site, just as if you were resetting the password. You may be asked for your existing password, or you might have to reset your password. The site prompts you, so you don’t have to guess what’s needed.
66
If you try to complete the unlock process and fail, someone may have tried to hijack your account and managed to change the password. See Cope with a Hack of Your Apple ID Account for more details. Apple may keep your account locked and not allow more attempts until the following day. Once your account is unlocked, you may have to re-enter your password everywhere you use an Apple ID.
Update a Credit Card for Purchases
Apple lets you associate a credit card with your Apple ID account, which you can then use everywhere: the App Store, iTunes Store, Apple Developer website, Apple Books Store, Apple Music, and on and on. You can create or update your credit card information at the Apple ID website or in any of the store locations in iOS, macOS, Android, and Windows, depending on which apps are available on those platforms. Tip: Apple relies on your credit card’s billing address to figure out
which media and apps are available for purchase and use in the
country you’re in. Read Work with Apple ID Across Countries before
changing your credit card if you move between countries or have
multiple residences.
If your credit card or its number is stolen, you may receive warnings that you need to change the number even before attempting to make a purchase. Note: One reader told us of an oddball situation after his credit-card number was stolen: Despite Apple’s various apps and services telling him to update his card details, he wasn’t able to. In iTunes, he was redirected to a website that also didn’t accept changes. In the end, he had to call Apple’s support line, get transferred to accounting, and have them update the name on his account. (Oddly, they seemed to just re-enter his name with the same spelling, but it did the trick.)
67
Manage an Unavailable Email Address One of the most common requests I receive for help with an Apple ID has to do with an account that relies on an email address the writer can no longer access. Maybe someone hijacked their email address (a surprisingly common occurrence, especially with older services like Yahoo) and they can’t recover it or gave up using it. Maybe the email provider shut down entirely. Or, maybe they left a job, and either can’t convince a prior employer to help, or the employer deleted the email account and it can’t be recovered. Whatever the reason, it’s a problem, because Apple doesn’t always let you change your Apple ID email account address without access to the previous account. In examining messages from readers and looking through Apple’s support documents and forums, I can’t find anything that explains why Apple sometimes allows a simple reset, and sometimes requires a more complicated procedure: The company sends you a verification code to the current Apple ID address and that code must be entered in order to change the password. Avoid Losing Access to an Old Email Address Avoid this particular problem by taking these two steps: 1. Don’t use a work address or other email address you might lose
access to in the future. That includes addresses connected to a
membership group, or even one you share with another person.
2. Set up one or more rescue addresses for a password-only account, so Apple can reach you through an alternate mean than the address used as your Apple ID username. See Prevent Apple ID Problems for more details.
68
Cope with an Account Lost Forever
This book doesn’t have a therapy license, so I can only pat you on the back and say “there, there.” Joking aside, you may find yourself unable to regain access to an Apple ID. This is especially true if you’ve moved or if an old email address or phone number associated with the account becomes available. It’s also the case if someone hijacks your Apple ID and you can’t provide enough information to Apple to convince them that the account was stolen from you. I’ve gotten letters from people who’ve experienced all these scenarios—and more. Tip: Can it help to email Tim Cook? It might. If you make your case
briefly, politely, and firmly, the people who vet Cook’s email might
pass it on and they (or he) might assign you an executive support
team to help. It’s been known to happen.
Wondering what the damage will be if you permanently lose access to your Apple ID account? Here’s the list of what you’ll lose: • Any media and app purchases, with the exception of downloaded music from the iTunes Store or via iTunes Match. • Email access to an iCloud account. • iCloud.com and sync access to contacts, calendar entries, notes, and iCloud Drive files that aren’t downloaded. • Photos and videos stored at high resolution with iCloud Photo Library that weren’t downloaded to an iOS device or a Mac. (A Mac can, by default, download and retain all media at high resolution.) If this happens to you and you use iCloud email with this Apple ID, it’s critical that you alert your contacts as quickly as possible to tell them you no longer have access to that email address. You also need to remove the address as a backup email account or an account login at every service with which you’ve relied on it. (This is another Public
69
Service Announcement for password managers: The apps let you quickly find everywhere you’ve used an address as an account name.) Also make sure to sign out from any locations that remain logged into the account. While this may seem like a bad idea if someone hijacked your account—as you’re retaining some access to the account as long as you’re logged in—they could obtain more information about you, including your contacts, photos, and device locations. Finally, make a full clone or backup, and then follow the instructions in Migrate from One Apple ID to Another to shut down and move to a new account.
70
Appendix A: Legacy Apple ID Issues In this appendix, we address some legacy issues, including Apple IDs that don’t have email addresses and managing two-step verification for an account that hasn’t updated to newer versions of the operating system.
Deal with Accounts Without Email Addresses Apple once allowed Apple IDs using any unique name—no email address required. While the company no longer lets you register those, it didn’t disable old Apple ID accounts that relied on a name alone. This arises as a problem when you want to use an old Apple ID with iCloud, which requires an email address. But it’s easily solved. Log in at the Apple ID website using your existing Apple ID, and then change the username to an email address.
Handle Two-Step Verification
Before there was two-factor authentication (see Use Two-Factor Authentication), there was two-step verification. In practice, both these systems for protecting your Apple ID aren’t radically different: each involve an additional component after entering the password to prove you have physical possession of a registered device or phone. But where the original two-step verification was a bit wonky and hacked to work with existing versions of Apple’s OSes and services, two-factor authentication is fully integrated and better designed. Apple hasn’t eliminated two-step support; it’s just deprecated its use. As a result, it’s possible you may still have it active on an Apple ID. I 71
did for a long while, because one of my Apple IDs was used entirely for purchases. Because I never logged in via iCloud, I was never automatically shifted to two-factor authentication. (I eventually upgraded.) Note: You can even turn two-step verification on for an account that doesn’t have two-factor authentication enabled. Visit the Apple ID website, log in, and click the link under Security to enable two-step.
You likely know if an Apple ID has two-step verification enabled, but if you don’t, it’s easy to find out. Log in at the Apple ID site, and in the Security section it will show a label, “Two-Step Verification,” and have the word “On” beneath it. (Also, when you log in, you will have to use a code from an iOS device or via SMS, which is another hint!) At this point, you have three paths forward: • Leave it alone, and wait until Apple finally stops supporting it and forces you to change. • Disable it, and rely on your password. I do not recommend this. • Upgrade to two-factor authentication manually or automatically. I explain each of these in turn.
Stay with Two-Step You can continue to use two-step verification as long as you want. Apple hasn’t announced any plans to discontinue it, and it won’t automatically upgrade an account to two-factor authentication until it’s connected to an iCloud account in iOS 11 or later or macOS High Sierra or later. The downside with this is that you could wind up in a bind and lose access to your account if you lose the 14-character recovery key created when you set up two-step verification. You have to have your recovery key if you can’t remember your password or Apple locks your account for some reason, which can involve hacking attempts against your account. You also need it to log in if you lose access to all your trusted devices and phone numbers. 72
Apple says it typically can’t help you recover an account in those cases without the recovery key. In some extraordinary cases, I believe it has, but the company openly says it won’t. With two-factor authentication, Apple has no recovery key, but offers a recovery process that’s partly automated and partly involves customer-support humans. Tip: If you can’t find your account’s recovery key, you can generate a new one. Run, don’t walk, and make a new recovery key right now. (See this Apple Support document for details).
Disable Two-Step I recommend keeping either two-step verification or two-factor authentication active on your account. But if you want to turn two-step verification off, it’s simple: 1. Visit the Apple ID site and log in to your account. 2. In the Security section, click the Edit button. 3. Click the “Turn off two-step verification” link. 4. Apple requires that you create security questions that are used at the Apple ID site in the future in lieu of a second factor. You also have to verify your birthdate. Once complete, Apple sends an email to verify that two-step verification has been disabled.
Shift to Two-Factor Authentication The easiest way to upgrade to two-factor authentication is to find an iOS device with iOS 11 or later on it or a Mac with High Sierra or later installed. Use that device to log in to iCloud account with your Apple ID. Apple automatically shifts you from two-step verification to twofactor authentication. Tip: You can also manually switch over. Follow the steps above to
disable two-step, and then follow the steps in Enable Apple’s 2FA.
73
If you’re not using hardware you plan to access regularly, think about how you will confirm two-factor authentication access later. When I shifted my purchase-only account, I didn’t want to associate that Apple ID with any device for iCloud. I made sure to set up multiple trusted phone numbers and backup email addresses, so that once I’d used a qualifying device to upgrade to two-factor authentication, I could do all my confirmation without a trusted iOS or macOS device. Another easy option? Set up a user account in macOS and use the Apple ID with it in order to upgrade that Apple ID to two-factor authentication without dedicating an iOS device or your main account. Make sure to keep this account active in case you ever need a backup trusted device from which to confirm a login from that account. I explain this in greater depth in Set Up 2FA Without a Device.
74
About This Book Thank you for purchasing this Take Control book. We hope you find it both useful and enjoyable to read. We welcome your comments.
Ebook Extras
You can access extras related to this ebook on the web. Once you’re on the ebook’s Take Control Extras page, you can: • Download any available new version of the ebook for free, or buy a subsequent edition at a discount. • Download various formats, including PDF, EPUB, and Mobipocket. (Learn about reading on mobile devices on our Device Advice page.) • Read the ebook’s blog. You may find new tips or information, as well as a link to an author interview. • Find out if we have any update plans for the ebook. If you bought this ebook from the Take Control website, it has been automatically added to your account, where you can download it in other formats and access any future updates. However, if you bought this ebook elsewhere, you can add it to your account manually: • If you already have a Take Control account, log in to your account, and then click the “access extras…” link above. • If you don’t have a Take Control account, first make one by following the directions that appear when you click the “access extras…” link above. Then, once you are logged in to your new account, add your ebook by clicking the “access extras…” link a second time. Note: If you try these directions and find that your device is incompatible with the Take Control website, contact us.
75
About the Author
Glenn has written oodles of books over the last 25 years, first for Peachpit Press, and later for Take Control. Mostly recently, he did a complete update of Take Control of Wi-Fi Networking and Security for a world without AirPort hardware, and revised his self-published book A Practical Guide to Networking, Privacy, and Security for iOS 12. Glenn writes for the Economist, the Atlantic, Smithsonian magazine, Fortune, Macworld, and TidBITS on topics as varied as Bitcoin, the unique nature of sheriffs in America, buried time capsules, and 19th century printing and typographic history. (Photo credit: Lynn D. Warner)
Acknowledgments Thank you to Joe Kissell for his constant encouragement, technical support, and for being a delightful advocate of fellow authors.
Shameless Plug I wrote a book in early 2018 about the amazing typographic history of London told in two remarkable institutions there: the St. Bride Printing Library and The Type Archive. You can get a copy in print or as an ebook of London Kerning, a short and snappy book about London and type and printers directly from me at glog.glennf.com/london-kerning.
76
About the Publisher
alt concepts inc., publisher of Take Control Books, is operated by Joe Kissell and Morgen Jahnke, who acquired the ebook series from TidBITS Publishing Inc.’s owners, Adam and Tonya Engst, in May 2017. Joe brings his decades of experience as author of more than 60 books on tech topics (including many popular Take Control titles) to his role as Publisher. Morgen’s professional background is in development work for nonprofit organizations, and she employs those skills as Director of Marketing and Publicity. Joe and Morgen live in San Diego with their two children and their cat.
Credits • Publisher: Joe Kissell • Editor: Scholle Sawyer McFarland • Cover design: Sam Schick of Neversink • Logo design: Geoff Allen of FUN is OK More Take Control Books This is but one of many Take Control titles! Most of our books focus on the Mac, but we also publish titles that cover other Apple devices, along with general technology topics. You can buy Take Control books from the Take Control online catalog as well as from venues such as Amazon and the iBooks Store. But it’s a better user experience and our authors earn more when you buy directly from us. Just saying… Our ebooks are available in three popular formats: PDF, EPUB, and
the Kindle’s Mobipocket. All are DRM-free.
77
Copyright and Fine Print Take Control of Your Apple ID ISBN: 978-1-947282-32-2
Copyright © 2019, Glenn Fleishman. All rights reserved.
alt concepts inc. 4142 Adams Ave. #103-619, San Diego CA 92116, USA Why Take Control? We designed Take Control electronic books to help readers regain a measure of control in an oftentimes out-of-control universe. With Take Control, we also work to streamline the publication process so that information about quickly changing technical topics can be published while it’s still relevant and accurate. Our books are DRM-free: This ebook doesn’t use digital rights management in any way because DRM makes life harder for everyone. So we ask a favor of our readers. If you want to share your copy of this ebook with a friend, please do so as you would a physical book, meaning that if your friend uses it regularly, they should buy a copy. Your support makes it possible for future Take Control ebooks to hit the internet long before you’d find the same information in a printed book. Plus, if you buy the ebook, you’re entitled to any free updates that become available. Remember the trees! You have our permission to make a single print copy of this ebook for personal use, if you must. Please reference this page if a print service refuses to print the ebook for copyright reasons. Caveat lector: Although the author and alt concepts inc. have made a reasonable effort to ensure the accuracy of the information herein, they assume no responsibility for errors or omissions. The information in this book is distributed “As Is,” without warranty of any kind. Neither alt concepts inc. nor the author shall be liable to any person or entity for any special, indirect, incidental, or consequential damages, including without limitation lost revenues or lost profits, that may result (or that are alleged to result) from the use of these materials. In other words, use this information at your own risk. It’s just a name: Many of the designations in this ebook used to distinguish products and services are claimed as trademarks or service marks. Any trademarks, service marks, product names, or named features that appear in this title are assumed to be the property of their respective owners. All product names and services are used in an editorial fashion only, with no intention of infringement. No such use, or the use of any trade name, is meant to convey endorsement or other affiliation with this title. We aren’t Apple: This title is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple Inc. Because of the nature of this title, it uses terms that are registered trademarks or service marks of Apple Inc. If you’re into that sort of thing, you can view a complete list of Apple Inc.’s registered trademarks and service marks. 78