Apple's Activation Lock

PRECISELY! It is very easy to recover your Apple ID account and change your password, provided you are the email account holder. This would be the simplest way to resolve the situation for an honest transfer of device!

I am in my 60s and rely HEAVILY on the ability of Apple Keychain to remember ALL my passwords, across all my devices (iMac, iPad and iPhone). Thus I hardly ever remember most of them, unless used very frequently on other platforms. The only two passwords I must remember are my Apple ID and my system login. These are used frequently, and are also written down and filed away safely.

Yes it would, but in our case this didn’t work and had the Apple techs perplexed to why it didn’t. Even so, they won’t unlock the activation lock unless one can prove ownership…which I outlined above is not possible in this case. The system is only as good as the weakest link, and appears that we have found it in our (and the previous owner’s) case. I believe that we should not be responsible for Apples weakest link (namely a transfer system which failed us in this case).

It appears that the iPod and Apple account in this case there is some sort of fault or system error which sits with Apple…an unfortunately their policies are inflexible (they don’t accept responsibility) and we are left with an iPod brick.

Its great when it remembers the pass, but not so much when it doesnt record it. This has happened a few times, for me, which is why I also use Wallet which does not require signup, or ongoing subscriptions. Its kept my passwords safe for years. I keep the database in an online storage service, and update it as required. Device sync does not need more purchases either.

Identity theft is a serious issue and one that no-one wants to experience. Mobile phones now carry much personal information and this information needs to be securely protected. Apple has been good in its approach and techniques to protect the personal information held on the phone including removing its staff from accessing its phones.

I like it that way and do not want the protection provided by being diluted to cater for those who forget their passwords whatever the circumstances. This post is just another example of shifting the blame onto someone else or something else.

I am not aware there is blaming, just discussing a deficiency in being able to establish one’s bona fides as the rightful owner. Humans are imperfect but it reads as if the Apple policy is unwilling to take that into account under any circumstances.

As a counterpoint I needed some help from my US bank recently, and they established my bona fides as being me and the account holder through a series of questions about my history, including remembering a car I owned in 1983, knowing a person sharing my surname who is no relation, a question about airplane ownership, one about a relative in the US, as well as all the normal things.

Bottom line is if anyone tried to impersonate me they would have to be very, very good to get through those hurdles. No blame on the bank for taking care of me, and over the years I have never encountered any company that did not have ‘a way’ regardless of how difficult.

In the topic we have a statement that Apple’s ‘solution’ did not work in a case although it should have, and that was too bad for their customer. Blame shifting?

Just by the way and apropos of nothing, what car did you own in 1983?

FWIW Losing my phone is still a sore point with me and I vented about being glad it was securely locked.

In @phb case there’s a completely different scenario: there is a way to reactivate the IPod, but in this case it doesn’t work. If this is a fault at Apple’s end I agree with Peter that it should be solved by Apple.

Nice try

I am in a similar situation. After my husband of 25 years passed away 6 months ago, I tried to use his iPad he had purchased 7 years ago from Myer store paying cash. I got the Activation lock message, and now I can not use my own property, as naturally I am unable to ask my late husband’s about his password (asking a clairvoyant perhaps?).
Apple overrides its authority over the devices they sell to us. They should add a clear warning on every device they are currently selling about the Activation lock, and unlock the devices that have been sold without such a warning. I believe there are thousands of unhappy owners of Apple devices in the same situation, as me and phb.

I share your sympathies as looking online, we are not alone. There is a post online that someone in the US in a similar situation to your own was told by Apple to get a court order/letter requiring Apple to provide access to the estate to the deceased persons device. This is also unacceptable as the cost to obtain a court order (assuming it is granted) will far exceed the value of any of Apple’s devices and Apple is overriding potentially the wishes granted through legally binding will.

I think this should be adopted by Apple. It is too late after the event (e.g. accepting use of their product and Activation Lock) to find out later they have ultimate control over the devices you own. If I had purchased an Apple device and was provided with such a warning (including risk that activation lock may not be removed), I would not use it and would seek out some third party software. While it may not have the same level of security as Apple Activation Lock (namely turning a Apple device into a brick), at least most still give the function of remote deleting and factory resetting the device.

We use third party security software on non-Apple products we own and are happy with the risks in the event we forget the password (means we will have to factory reset the device and lose all data if locked out), it gets stolen or lost.

You never give the truth in answers to secret questions. You only give make up answers. The reason is blindingly obvious - the scammer might have the means to find out what car you owned in 1983, your mother’s maiden name, your first school and so for the usual secret questions.

The American companies don’t ask you for questions, they obtain information from public sources and ask random questions. The public sources are not always obvious. The security systems in place are far more sophisticated than you seem aware of. The car question could have come from historic registration for example. No questions are so simple as one’s mother’s maiden name or where you attended school, if that makes any point for you. You know about your past or you don’t, in a simple sense. Once I got asked which of the following airplanes I owned, if any, and which of the following cars I owned, if any.

Another from the past is ‘how is this person related to you?’ (the person could be related or not); followed by ‘what city and state do they live in? (if related)’

Not so straightforward nor so easy to fake it.

I’d start to worry that they know more about me than I do. Are sure it was really your bank you were talking to?

P.S.
I’m with team Apple in respect of devices being locked absolutely. Once Apple build into a device a method or system to enable it to be ‘unlocked’ other than by using the original security code and account details the protection is at risk. Should Apple have that access there is a reliance as an Australian on US law protecting access to your data. I don’t believe that needs further clarification.

Wisdom would be to not rely on Apple. If you feel the need there are options for local and secure repository for your account PW and device access code/s. Something that makes sense for more than just any Apple product.

I think this is one of many coming storms of the digital era. Everything is so complex these days. There are bound to be problems like this.

If a person uses some kind of password repository then perhaps the password for it should be in that person’s will (for the benefit of the executor). How many people are thinking about that though (before it is too late)?

As I wrote above … if you have a Microsoft Word password-protected document and the password is (lost along with the deceased or otherwise) lost, Microsoft can’t save you. It isn’t down to the manufacturer.

At the end of the day though there are obvious weaknesses.

1. Public sources.
2. If one company is compromised, they are all compromised.
3. You can never change your ‘password’.

You could rightly point out that it may not be as bad as that - and you would be right - but this is theoretically not a good approach and the extent to which theory and practice coincide is not something that I would be comfortable relying on.

I wonder what percentage of questions the would-be intruder (or the legitimate owner) is allowed to pass on. Does everyone remember what car they had in 1983?

Right on that anyone who knows about them and knows how to get information, free or for fee, from them can build quite a dossier on one. In 2020 correctly answering a random sampling of questions about ones life is arguably improbable for a pretender to get a ‘pass’.

I’ll add that all of the questions are atop my sending the proper caller-ID. Another financial institution does voice prints, not q&a.

For a few dollars one can buy a persons credit-related history in the US, no questions asked except how you will pay.

If the question could not be answered outright, one got a multiple choice list including a none of the above option.

On the general question of being deceased, the more adventurous might want to look into the idea of a “dead man’s switch”. That is, so long as you are alive, you can activate something every X time period. If you die, you will obviously stop activating whatever it is that you need to activate and after Y failures to do so, your password will automatically be released (to a trusted individual, such as your executor).

The need to avoid a false positive of your demise means that there will be a delay for your executor but at least your devices won’t need to be thrown out.

The software or the personal data may not be salvageable but the hardware itself regardless if the current system is encrypted should be. If I use as an example VeraCrypt and forget my passphrase I understand that my data is lost until quantum computers of sufficient ability are made (so for the moment taken as lost). But I can wipe the system and restart anew. With Apple you don’t get this choice it seems because if you don’t meet their limited way of proving your ID they will not accept other legal proof that a Court would uphold so a very poor customer based outcome.

The problem might be that for current mobile based Apple product designs there is no practical way to reset the device without potentially also exposing any stored content.

Could an OEM protected reset pin unique to each device based on Serial No of the device enable a secure erase of the hardware prior to restarting as new? A suspicion is any such routine may still be subject to being defeated by more sophisticated resources. Some may suggest this is a low risk, others that it threatens Apples business model?