Ask HN: How do you reset an AppleID?

13 points by OhMeadhbh ↗ HN
So I'm trying to submit a resume to Apple, but to do so, I need an AppleId. Okay. I try to sign up for one and discover my phone number has been used by someone else. I dropped into the local Apple Store (who supposedly have the ability to reset or create AppleIds) but, spoiler alert, after two hours they couldn't figure out why my phone number won't work.

Does anyone know if there's a way to create an AppleId w/o a phone number? Apple's public docs say it's impossible.

Maybe there's an email alias I can use to submit my resume instead of buying an iProduct?

I guess I could get a dirt cheap sim for my (non-apple) phone and use it for a day, just to sign up for a new AppleId. But somehow this seems... wrong. It also seems unreasonable for a company to force me to buy an $1000 device just for the privilege of submitting my resume.

[edit: Forgot to mention, I own precisely zero iProducts.]

15 comments

[ 2.9 ms ] story [ 37.1 ms ] thread
Try and deregister your phone number from imessage (there is a place on apple.com to do this)
Maybe I could sign in with someone else's AppleId, then submit the resume. It has my email and phone number on it, so hopefully they would send correspondence to that email address and not the one associated w/ the AppleId.

Maybe this is a test. Maybe everyone who tries to login to jobs.apple.com is told "oh yeah... that AppleId is invalid," and then they wait and see what people do. If they give up, then they're not Apple material. If they cheat and use someone else's AppleId, then they're morals are found lacking. If they post about their experience on a public forum, then they're a security risk.

I guess I could boot a Hackintosh in a VM and try to create an AppleId that way. But I think it will ask me for a phone number again.
you could do that, but you’ll want to serialize a hackintosh for it to register w. iMessage or iCloud

You can disregard the instructions for generating one [0] and just use the serial of your “Mac that hasn’t been booted since 2015.” I’ve been using one of of a long-dead long-gone G5 and prefer to use a real one from a computer I actually own (or owned).

Or use OpenCore Patcher to boot off of a usb stick and install a more recent version of macOS on your real mac. In this case. iMessage and iCloud should just work because it’ll pick up your genuine serial number.

[0] https://dortania.github.io/OpenCore-Post-Install/universal/i...

The likely issue you’re having on an older Mac and an older macOS is that it has an Apple root certificate that’s now expired and unable to register with either of those things. You’re SOL on anything prior to 10.10 Yosemite…. The apple root certs in 10.10 through 10.15 expired in 2019 and the installers for 10.10 through 10.15 were re-distributed by Apple with root certs expiring in 2029 [1] -

(internet recovery should download and reinstall the new updated version with updated root certs if yours shipped with at least 10.10 Yosemite. You have to use the hotkey for internet recovery - not the recovery partition on your HDD)

However….. OpenCore patcher will even let you install Tahoe, which doesn’t have this problem and will even get updates for another …(?) it’s the last Intel version , so whenever Apple says to hell with Intel I guess.

[1] https://tidbits.com/2019/10/28/redownload-archived-macos-ins...

I tried with a new email address and throw-away public one time use SMS numbers from textrapp.com, esimplus.me, receive-sms.io and 7sim.net. I think Apple knows those are fake numbers.
almost all of those are blacklisted from banks and email providers, yes.

btw there’s no restriction on creating new Apple accounts under a phone number that’s already associated with one. I’ve lost access to several Apple IDs over the last 20 years w the same phone number.

what there is a restriction on: after creating something like 4 or 5 Apple IDs from the same phone or computer. Apple goes that’s it , this device isn’t allowed to create any more IDs.

Well... I went through the iforgot.apple.com flow. If the past is any indication, I'll likely have to wait 30 or 90 days to get a response. This just seems... sub-optimal. It's a very strange set of hoops to have candidates jump through.

And sad, too. I think my cover letter was one of the best I've ever written. Now no one will be able to appreciate it but me.

This is not how things were in the old days. Back then we would just show up at a job site and after working for a few weeks go to HR and say "hey. I didn't get a check." And then when HR couldn't find your records, they just assumed they were lost somewhere and helpfully set you up as an employee with information you gave them.

How you have changed, outlaw sili valley.

[Edit] So when I say I have zero iProducts, that's not entirely true. I do have an old 2015 era iMac. But the first thing I did with it was put a new hard drive in it and boot up FreeBSD. And then I installed Linux and installed FreeBSD as a VM under Linux because I have nothing better to do with my time. And somewhere along the way L4 got wedged in there, because you're not a TRUE power user unless you have L4 running under bhyve under FreeBSD under KVM under linux on hardware the manufacturer would really prefer you just run Mach on. I am wild. I am the wind.

So I found the old macOS hard drive and installed it. It really did not want to boot. It told me so many horrible things when I tried to boot, mostly that I really should visit an apple support web site. The AppleID I'm trying to recover is the same one I used to create a macOS account with. I wonder if apple knows I've installed Linux, FreeBSD and L4/Linux on their hardware and have marked my AppleId as "unholy spawn of Satan" ? I guess if the roles were reversed I might think anyone who installed L4 on Apple Hardware is "not to be trusted."

Or more seriously... I wonder if you don't boot macOS or log into macOS with your AppleId every now and again, you go on the "naughty" or "potentially naughty" list. This whole affair really makes me miss my Atari 520ST. [/Edit]

(comment deleted)
Update... After a bit of work, I was able to boot the old hard drive with macOS and tried to log into apple services. Of course it rejected my existing AppleId password, but this time with a working iMac, I asked it to send a reset code to my iMac.

It seemed to think it sent one to my iMac, but nothing ever showed up. The internet says it should have showed up on my iMac's screen or in the upper right corner of the screen. No dice.

This is similar to what happened at the Apple Store when we tried the "use someone else's iProduct" to reset the password. The login page seemed to think it had sent a PIN, but it never showed up at the end device.

I suspect that because I'm in the iForgot 24 hour cool down period, nothing is going to work. They claim they will send instructions to my phone (I hope they realize my phone doesn't have iMessage) in 15 hours for what to do while waiting 30 or 90 days to try the reset again.

This sort of reminds me when we got bought out and we had problems with our dev certificate. We had released a couple versions of "iFoo" using our domain "foo.com". Then we got bought out by bar.com and wanted to release future versions of iFoo under bar.com branding. When we eventually got ahold of a human, they said we would have to re-release iFoo as iBar and re-submit it as a new app. We eventually did this, but they responded that iBar was confusingly similar to an existing app called iFoo and they wouldn't allow it to be released in the app store. Then they revoked the foo.com dev cert because of shinanigans. When we tried to explain to them that we were following the instructions they had given us (and sending them emails and screenshots where they told us what to do,) they closed the support ticket and revoked bar.com's dev cert as well.

I think Apple processes work very well for the usual case, but they don't think through some of the corner cases.

The irony is the role I was attempting to apply for was one that would (partially) oversee working out these corner cases and what Apple should be doing in those situations. I was invited to apply for this position explicitly because I had encountered similar problems in the past.

My suspicion is I'll have a 30 day wait at the end of the initial iForgot 24 hour cool down. If I'm still looking for a job in 30 days, I'll probably still submit my resume. It seems that Apple really needs some help in this area.

But I applied for a job in '93 and didn't get it and I've been told you're only allowed to apply to Apple once (despite having worked on the Qualcomm baseband processor in the original iPhone and as a contractor in the very early days of macontosh.) And I'm sure they wouldn't be happy about me talking publicly about identity management corner cases. I suspect the chance they would really care to hire me is fairly low.

But if anyone from Apple ever reads this, feel free to contact me if you need more details on what inputs I provided to your system and what the responses were.

Call Apple, in Canada the support number is 1-800-263-3394. In the US it’s 1-800-275-2273
Thank you. I'll give them a call Monday morning.
A couple of observations. My T-Mobile phone tries to tell me that (800) 275-2273 is the number for Anytime Fitness, but sure enough, it connects me to a service purporting to be Apple Support. I believe it is Apple because I'm able to select what kind of hold music to play. By pressing 3 I get a selection of non-offensive smooth jazz, which is in line with what I think a 70-something Apple customer would enjoy. A touch old fashioned for me to completely enjoy, but well executed, which I can appreciate. And it's probably better than dead air.

Okay... I was able to talk to Quill? Quinn? at Apple Support who stepped me through the process of recovering an AppleId from a gmail account I no longer use. The key here was to remember the security questions, which, thankfully, I did. I don't know if there would have been a way to recover it had I forgotten them. Once I proved to the system I was the "real" owner of the AppleId at that account, I was able to add my phone number and change the security questions. Not sure why I wanted to do that last step, but it seems like I should change them (and then write down the answers on a piece of paper I put in a safe deposit box.)

The weird thing is I think I did all these things before. I did identify myself to the Support Rep (Quill? Quinn?) -- did they put this one account back in a state where it would allow me to reset? The world is filled with mystery.

Next we're going to see if I can apply for the position I originally wanted to apply for using this AppleId.

Another Update... at the end of the iforgot process, Apple is supposed to send you an update within 24 hours as to what the disposition of your password reset request will be. In the past, if you opt not to receive a PIN via a registered iProduct, I've seen them say "we're going to wait 30 days and then allow you to reset your password." I imagine this is to discourage "bad actors" from launching massive efforts of password resetting. If a bad guy was able to convince Apple that they were the TRUE owner of an account, maybe that would give them an advantage in stealing services or user data. So sure, introducing a waiting time is not the worst idea in the world.

About 15 hours ago, I went through the process again and the response was (and I paraphrase) "tsk. tsk. do not annoy us with your password reset attempts. we're going to tell you more about how to recover in 15 hours." Again... annoying, but not horrible. If we're trying to make things difficult for bad actors, this isn't that big of an annoyance.

But at the end of the 24 hour waiting period, I still hadn't received an email from Apple at either of the email accounts I had used while trying to reset my AppleId. (The first is the one the AppleId was explicitly tied to and the second was an alt I use mostly for newsletters and subscribing to web site updates I'm halfway interested in. I used that because I couldn't remember if I had ever told Apple about that address.) And that seemed frustrating. You told me you were going to send me info about resetting my password, but you've welched on the deal.

And then I had a disturbing thought... Several years ago I created an AppleId with my work phone and a completely different throw-away gmail address. After digging up the password for that account, I logged in and sure enough... there's the email from Apple.

The only thing I can think is Apple tied my IP Address or location to all three email addresses involved and somehow conflated them together. I send a reset request from me@not-a-gmail-domain.com and get a response on havent_used_this_address_in_a_year@gmail.com. That is very, very weird.

But the good news is Apple says I only have to wait 7 days to reset the password on this account.

I've been thinking about getting back into writing code for the PinePhone I bought a few years ago. Maybe I will get a pre-paid t-mob or mint sim and try to create a new AppleId at a coffee shop on the far side of town.

I can't say this has filled me with a great deal of optimism. Obviously this isn't happening very often and I'm a corner case. Otherwise we would surely have heard from thousands of people saying "I can't log into my Apple account!" I'm also sure that when the Apple people were thinking through the process flows, they didn't assume I might try to reset my password while in the 24 hour iForgot wait state.

I had been a registered Apple Developer since the late 80s, though the email address in question was only attached to my dev account since around 2006. AppleIds as we know them have gone through changes... 2FA... removing questions... adding the ability to reset from an iProduct. My guess is my id was generated shortly after AppleIds became a thing. Then I stopped using it for a while and they changed the schema of the database holding AppleID details and maybe I didn't log in during some critical time frame. Then I tried to log in and got marked as a bad guy trying to attack the security of Apple's user credential integrity. I'm not... but of course, if I was I wouldn't admit it.

In any event, I'm sure my original AppleId is hopelessly horked. And that id was tied to the mobile number I've had since 1998. I suspect if I try to use that number again, apple will take a look at my IP geolocation, match it to previous attempts to recover the password and assume I'm again a bad guy trying to do bad things. ...