At Tom’s Guide, we’re big fans of two-factor authentication (2FA), but like any technology, the security-enhancing procedure offers its own set of risks. Users of Apple's iOS 10 beta may be learning this lesson firsthand, as a significant number of them with 2FA enabled on their Apple accounts have found themselves locked out of their iPhones.
A moderator called AppleBetas first pointed out the issue on Reddit's iOS 10 Beta forum, and quickly found that he was not the only person suffering from this odd affliction.
When AppleBetas attempted to log into his iDevices, they all requested that he reenter his password, then informed him that he’d been locked out of his account. When he tried to reset his password through the iForgot service, he received a server error. Apple informed him that there were no server issues, deepening the mystery.
Further investigating the issue, AppleBetas discovered that only those users with 2FA activated were unable to reset their passwords. The only points of commonality among them were that they had the iOS 10 beta installed and had protected their accounts with 2FA.
Over the course of the next few days, AppleBetas and his Reddit compatriots worked hard to document their issues and correspond with Apple, even though Apple did not seem to be especially helpful in resolving the issue. At one point, AppleBetas suggested a new motto for the company’s 2FA: "So secure, not even our users can get in."
The somewhat good news for iOS 10 beta users is that the iForgot issue, at least, has now been fixed. If you've been locked out of your account, you'll still need to reset your password (opens in new tab) at the iForgot site, but that's much less of a hassle than being kept out of your own account indefinitely.
It's still not exactly clear what the issue was, or why 2FA users still need to reset their existing passwords, but this is admittedly one of the risks of testing beta software. It's not going to work perfectly, and it may not be clear what went wrong until after the developer patches it.
While 2FA screws up every now and then, and even presents its own set of security risks (if you don't activate it, your life is going to get very difficult if a cybercriminal activates it on your account first), it's still generally a good idea to have it activated. Being locked out of your account is a pain, but it's a moderately mild complaint compared to having a phisher steal all of your Apple login information and financial data.