TWO-FACTOR AUTHENTICATION question - every day somebody tries logging in as me?

[j-a-x]

Since I turned on "two-factor authentication" I get a few messages per day saying people are trying to log in as me, usually from the Los Angeles area (I live in Texas). I assumed that meant somebody had my password because I don't think it gets to the point of asking you for the verification code until you get the password right. So I changed my password a few days ago, but I still keep getting these messages. Sometimes 3 or 4 times per day it asks me to validate a login attempt in California and I say no.

I am wondering what's going on here. Is somebody trying to hack me? Does somebody know my new password? Am I correct that they have to get the password right before the notice pops up on my iPhone asking me to validate a new login with a security code?

Is there anything else that could be generating these odd login attempts?

 

[mikzn]

maybe they have a similar email or phone number?

 

[j-a-x]

maybe they have a similar email or phone number?

But wouldn't they need my password to make that screen appear? Am I correct that it only shows AFTER a correct password is entered?

 

[mikzn]

But wouldn't they need my password to make that screen appear? Am I correct that it only shows AFTER a correct password is entered?

I was just guessing - maybe they thought they have your email and are trying to start the recovery of the password?

Although if they have done it multiple times and days that does not sound good

 

[Ritsuka]

Yes, change the password as soon as possible.

 

[j-a-x]

I was just guessing - maybe they thought they have your email and are trying to start the recovery of the password?

Although if they have done it multiple times and days that does not sound good

I don't think it has anything to do with password recovery. Two factor means that after logging into my Apple ID on new hardware with a correct password, Apple sends a notification to another device that I own with a PIN which also needs to be entered to validate that hardware is allowed to use my Apple ID.

 

[j-a-x]

Yes, change the password as soon as possible.

I did and I got the same thing with he new password. And the new password is complex and has lots of letters / numbers / symbols as the old one did.

 

[Mike Boreham]

I would call Apple about it.

 

[theshoehorn]

I've seen this pop up when my 3rd gen Apple TV reboots... But it still shouldn't show that far away...

 

[Stalyn]

I would call Apple about it.

I would do this too.

 

[mikzn]

I don't think it has anything to do with password recovery. Two factor means that after logging into my Apple ID on new hardware with a correct password, Apple sends a notification to another device that I own with a PIN which also needs to be entered to validate that hardware is allowed to use my Apple ID.

I agree with all the above cautions - if in doubt change your password & call apple - FYI have also seen friends who offered old gear and devices that had auto logins etc - and that can be even more disastrous - ie a spare iphone to a relative or kid that can unknowingly delete stuff or lock you out of your own account.

Probably not the case - but just throwing that out there . . .

 

[cswifx]

I hope your password is a secure one. Try changing both your email and password, it's worth the hassle to secure your important accounts.

 

[j-a-x]

I hope your password is a secure one. Try changing both your email and password, it's worth the hassle to secure your important accounts.

The password itself is incredibly secure. No worries there. Maybe I'll try changing my email as a last resort. I wish I could change it to my iCloud address but Apple won't let me for some reason.

 

[IowaLynn]

Apple ID Support
https://support.apple.com/en-us/HT202667

This is probably better place to start
https://support.apple.com/en-us/HT204915

If you've already read and followed those and reset your trusted devices (not password)

I had trouble when changing phone numbers and no longer had access to it (my trusted device) but was easy enough.

Each time I added a new device to add as trusted it said (I) someone in area of (city 250 miles away) was accessing device. But I have not had to use 2FA since nor have I seen any msgs.

Good luck

 

[j-a-x]

Apple ID Support
https://support.apple.com/en-us/HT202667

This is probably better place to start
https://support.apple.com/en-us/HT204915

If you've already read and followed those and reset your trusted devices (not password)

I had trouble when changing phone numbers and no longer had access to it (my trusted device) but was easy enough.

Each time I added a new device to add as trusted it said (I) someone in area of (city 250 miles away) was accessing device. But I have not had to use 2FA since nor have I seen any msgs.

Good luck

Thanks for your advice but yes, I already read this and reset my password.

I have 5 trusted devices. My Mac, iPhone, iPad, Apple TV, and my Windows laptop at work. No need to add or delete any trusted devices.

It's strange that the request comes from California. It definitely means my password was typed successfully somewhere. Changing my password doesn't stop the requests as I just changed it 2 days ago to a whacked out over 10 character password with letters and numbers and symbols etc. So another password change doesn't make sense.

The only thing I can think of is either somebody intercepted/hacked/cracked my new password somewhere somehow (unlikely) or maybe iTunes Connect or some other service that knows my Apple ID and password is somehow generating these requests. Hmmmm.....

 

[jetsam]

A truly wacky thought: Could that "person in Los Angeles" be you?

When I use LTE data on my iPhone, and do something to trigger 2FA, I get notified that someone in New York is trying to log in as me. I'm in Massachusetts, but a traceroute on the IP address that AT&T gave my iPhone goes back to New York.

 

[j-a-x]

A truly wacky thought: Could that "person in Los Angeles" be you?

When I use LTE data on my iPhone, and do something to trigger 2FA, I get notified that someone in New York is trying to to log in as me. I'm in Massachusetts, but a traceroute on the IP address that AT&T gave my iPhone goes back to New York.

Interesting idea but when I get the notification it's in no way correlated with me entering my iCloud password and when I do enter my password on a new device it always locates me correctly.

 

[IowaLynn]

Ever own and sold an Apple device?

One reason to remove trusted devices is to start over. And not just change pswd but maybe Apple ID. Different email. My sis had her aol broken into and all her 100s of contacts got Spam'd so I had to stop using my email acct as did she.

An easy password for you to remember but long phrase that is easier to type? I use password manager plus keychain. And 20+ characters.

iCloud has had its issues. Calendar invites lately.

 

[j-a-x]

Ever own and sold an Apple device?

One reason to remove trusted devices is to start over. And not just change pswd but maybe Apple ID. Different email. My sis had her aol broken into and all her 100s of contacts got Spam'd so I had to stop using my email acct as did she.

An easy password for you to remember but long phrase that is easier to type? I use password manager plus keychain. And 20+ characters.

iCloud has had its issues. Calendar invites lately.

Yes I've sold many apple devices but I always do a factory reset and as I said in my earlier post I can see a list of all approved devices and none of the ones I sold are in there. My password is very strong. That's not the issue.

 

[Apple_Robert]

Yes I've sold many apple devices but I always do a factory reset and as I said in my earlier post I can see a list of all approved devices and none of the ones I sold are in there. My password is very strong. That's not the issue.

Did you contact Apple? If so, what did they say?

Have you checked your Windows computer to make sure it is clean and free of keyloggers etc? If your computers are clean and you have only entered your password on authenticated Apple server sites, what you are describing sounds more like some kind of system glitch on Apple's end, rather than some hacker. There is no way a hacker can figure out your password as quickly as you change it, if you are in fact using secure passwords.

 

[CobraPA]

Well, if you changed your password, and don't have any sneaky kids around the house, then it sounds more like an Apple bug to me. They've had more than one issue with iCloud and authentication in the past...

 

[j-a-x]

I haven't called Apple yet but I might try it in the near future. I always sort of assume apple phone support reps were useless but who knows.

 

[gigapocket1]

When all else fails.. Just turn off two factor authentication.. And then turn it back on.. Kinda reset it just in case theirs a bug somewhere...

to turn it off, you have to hit the edit button btw on the appleid webpage

 

[bopajuice]

Log into your Apple ID on a desktop browser and see what devices are still associated with the ID. I too have bought and sold several Apple devices, but sometimes I forget to disassociate them with my Apple ID account. Worth a try.

 

[cswifx]

This may be a very farfetched possiblity, but have you checked the receipient of the Apple ID alerts? There may be a postfix in the email (i.e. youremail+postfix@emailprovider.com), which means someone else may have an Apple ID that also uses your email. That may be the case, but it's a bit impossible to achieve unless you've accidentally verified someone else's Apple ID using your email.