Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

j-a-x

macrumors 68000
Original poster
Apr 15, 2005
1,566
285
Houston, Texas
Since I turned on "two-factor authentication" I get a few messages per day saying people are trying to log in as me, usually from the Los Angeles area (I live in Texas). I assumed that meant somebody had my password because I don't think it gets to the point of asking you for the verification code until you get the password right. So I changed my password a few days ago, but I still keep getting these messages. Sometimes 3 or 4 times per day it asks me to validate a login attempt in California and I say no.

I am wondering what's going on here. Is somebody trying to hack me? Does somebody know my new password? Am I correct that they have to get the password right before the notice pops up on my iPhone asking me to validate a new login with a security code?

Is there anything else that could be generating these odd login attempts?
 

mikzn

macrumors 68040
Sep 2, 2013
3,005
2,293
North Vancouver
But wouldn't they need my password to make that screen appear? Am I correct that it only shows AFTER a correct password is entered?

I was just guessing - maybe they thought they have your email and are trying to start the recovery of the password?

Although if they have done it multiple times and days that does not sound good
 

j-a-x

macrumors 68000
Original poster
Apr 15, 2005
1,566
285
Houston, Texas
I was just guessing - maybe they thought they have your email and are trying to start the recovery of the password?

Although if they have done it multiple times and days that does not sound good

I don't think it has anything to do with password recovery. Two factor means that after logging into my Apple ID on new hardware with a correct password, Apple sends a notification to another device that I own with a PIN which also needs to be entered to validate that hardware is allowed to use my Apple ID.
 

theshoehorn

macrumors 6502a
Jul 6, 2010
505
490
I've seen this pop up when my 3rd gen Apple TV reboots... But it still shouldn't show that far away...
 

mikzn

macrumors 68040
Sep 2, 2013
3,005
2,293
North Vancouver
I don't think it has anything to do with password recovery. Two factor means that after logging into my Apple ID on new hardware with a correct password, Apple sends a notification to another device that I own with a PIN which also needs to be entered to validate that hardware is allowed to use my Apple ID.

I agree with all the above cautions - if in doubt change your password & call apple - FYI have also seen friends who offered old gear and devices that had auto logins etc - and that can be even more disastrous - ie a spare iphone to a relative or kid that can unknowingly delete stuff or lock you out of your own account.

Probably not the case - but just throwing that out there . . .
 
Last edited:

cswifx

Suspended
Dec 15, 2016
563
180
I hope your password is a secure one. Try changing both your email and password, it's worth the hassle to secure your important accounts.
 

j-a-x

macrumors 68000
Original poster
Apr 15, 2005
1,566
285
Houston, Texas
I hope your password is a secure one. Try changing both your email and password, it's worth the hassle to secure your important accounts.

The password itself is incredibly secure. No worries there. Maybe I'll try changing my email as a last resort. I wish I could change it to my iCloud address but Apple won't let me for some reason.
 

IowaLynn

macrumors 68020
Feb 22, 2015
2,145
589
Apple ID Support
https://support.apple.com/en-us/HT202667

This is probably better place to start
https://support.apple.com/en-us/HT204915

If you've already read and followed those and reset your trusted devices (not password)

I had trouble when changing phone numbers and no longer had access to it (my trusted device) but was easy enough.

Each time I added a new device to add as trusted it said (I) someone in area of (city 250 miles away) was accessing device. But I have not had to use 2FA since nor have I seen any msgs.

Good luck
 

j-a-x

macrumors 68000
Original poster
Apr 15, 2005
1,566
285
Houston, Texas
Apple ID Support
https://support.apple.com/en-us/HT202667

This is probably better place to start
https://support.apple.com/en-us/HT204915

If you've already read and followed those and reset your trusted devices (not password)

I had trouble when changing phone numbers and no longer had access to it (my trusted device) but was easy enough.

Each time I added a new device to add as trusted it said (I) someone in area of (city 250 miles away) was accessing device. But I have not had to use 2FA since nor have I seen any msgs.

Good luck

Thanks for your advice but yes, I already read this and reset my password.

I have 5 trusted devices. My Mac, iPhone, iPad, Apple TV, and my Windows laptop at work. No need to add or delete any trusted devices.

It's strange that the request comes from California. It definitely means my password was typed successfully somewhere. Changing my password doesn't stop the requests as I just changed it 2 days ago to a whacked out over 10 character password with letters and numbers and symbols etc. So another password change doesn't make sense.

The only thing I can think of is either somebody intercepted/hacked/cracked my new password somewhere somehow (unlikely) or maybe iTunes Connect or some other service that knows my Apple ID and password is somehow generating these requests. Hmmmm.....
 

jetsam

macrumors 6502a
Jul 28, 2015
980
759
A truly wacky thought: Could that "person in Los Angeles" be you?

When I use LTE data on my iPhone, and do something to trigger 2FA, I get notified that someone in New York is trying to log in as me. I'm in Massachusetts, but a traceroute on the IP address that AT&T gave my iPhone goes back to New York.
 

j-a-x

macrumors 68000
Original poster
Apr 15, 2005
1,566
285
Houston, Texas
A truly wacky thought: Could that "person in Los Angeles" be you?

When I use LTE data on my iPhone, and do something to trigger 2FA, I get notified that someone in New York is trying to to log in as me. I'm in Massachusetts, but a traceroute on the IP address that AT&T gave my iPhone goes back to New York.

Interesting idea but when I get the notification it's in no way correlated with me entering my iCloud password and when I do enter my password on a new device it always locates me correctly.
 

IowaLynn

macrumors 68020
Feb 22, 2015
2,145
589
Ever own and sold an Apple device?

One reason to remove trusted devices is to start over. And not just change pswd but maybe Apple ID. Different email. My sis had her aol broken into and all her 100s of contacts got Spam'd so I had to stop using my email acct as did she.

An easy password for you to remember but long phrase that is easier to type? I use password manager plus keychain. And 20+ characters.

iCloud has had its issues. Calendar invites lately.
 

j-a-x

macrumors 68000
Original poster
Apr 15, 2005
1,566
285
Houston, Texas
Ever own and sold an Apple device?

One reason to remove trusted devices is to start over. And not just change pswd but maybe Apple ID. Different email. My sis had her aol broken into and all her 100s of contacts got Spam'd so I had to stop using my email acct as did she.

An easy password for you to remember but long phrase that is easier to type? I use password manager plus keychain. And 20+ characters.

iCloud has had its issues. Calendar invites lately.

Yes I've sold many apple devices but I always do a factory reset and as I said in my earlier post I can see a list of all approved devices and none of the ones I sold are in there. My password is very strong. That's not the issue.
 

Apple_Robert

Contributor
Sep 21, 2012
35,573
52,306
In a van down by the river
Yes I've sold many apple devices but I always do a factory reset and as I said in my earlier post I can see a list of all approved devices and none of the ones I sold are in there. My password is very strong. That's not the issue.
Did you contact Apple? If so, what did they say?

Have you checked your Windows computer to make sure it is clean and free of keyloggers etc? If your computers are clean and you have only entered your password on authenticated Apple server sites, what you are describing sounds more like some kind of system glitch on Apple's end, rather than some hacker. There is no way a hacker can figure out your password as quickly as you change it, if you are in fact using secure passwords.
 
  • Like
Reactions: CobraPA

CobraPA

macrumors 6502a
Mar 12, 2011
733
175
Lansdale, PA, USA
Well, if you changed your password, and don't have any sneaky kids around the house, then it sounds more like an Apple bug to me. They've had more than one issue with iCloud and authentication in the past...
 

j-a-x

macrumors 68000
Original poster
Apr 15, 2005
1,566
285
Houston, Texas
I haven't called Apple yet but I might try it in the near future. I always sort of assume apple phone support reps were useless but who knows.
 

gigapocket1

macrumors 68020
Mar 15, 2009
2,406
1,911
When all else fails.. Just turn off two factor authentication.. And then turn it back on.. Kinda reset it just in case theirs a bug somewhere...

to turn it off, you have to hit the edit button btw on the appleid webpage
 
  • Like
Reactions: Glideslope

bopajuice

Suspended
Mar 22, 2016
1,571
4,348
Dark side of the moon
Log into your Apple ID on a desktop browser and see what devices are still associated with the ID. I too have bought and sold several Apple devices, but sometimes I forget to disassociate them with my Apple ID account. Worth a try.
 

cswifx

Suspended
Dec 15, 2016
563
180
This may be a very farfetched possiblity, but have you checked the receipient of the Apple ID alerts? There may be a postfix in the email (i.e. youremail+postfix@emailprovider.com), which means someone else may have an Apple ID that also uses your email. That may be the case, but it's a bit impossible to achieve unless you've accidentally verified someone else's Apple ID using your email.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.