Apple ID password reset request received — What to do?

staines · September 9, 2019, 2:28pm

Over night I received an e-mail from the appleid email address called “How to reset your Apple ID password”. The message seems to be legitimate, and all the links seem to lead to pages on the Apple site, and not some obvious spam site. The message was not sent to my Apple ID, but rather to my rescue e-mail address.

The message said:

You recently made a request to reset your Apple ID. Please click the link below to complete the process.

Reset now >

If you did not make this change or you believe an unauthorised person has accessed your account, go to iforgot.apple.com to reset your password without delay. Following this, sign into your Apple ID account page at https://appleid.apple.com to review and update your security settings.

Sincerely,
Apple Support

Obviously, I had not made a request to change my Apple ID password.

My question is, should I reset my password without delay, as suggested? Is my Apple ID account in danger as the result of some kind of attack? If I do reset my password, should I use the “iforgot” page, even if I know my password perfectly well? I actually logged into my account page appleid.apple.com, and I see that I could change my password there.

Thanks for your help!

jcenters · September 9, 2019, 3:25pm

It sounds like someone is trying to reset your password, either for nefarious reasons or possibly because they have a similar Apple ID and typed yours by mistake. I recommend changing your Apple ID password and the password of the email account connected to your Apple ID (in case you are being targeted). When you change your Apple ID password, don’t follow the links in the email, but type them directly into the browser (just in case that is a sneaky phishing email).

fogcitynative · September 9, 2019, 3:29pm

There is no harm in changing your password.

My recommendation is you do so without following any links in the e-mail you received.

If you don’t have and use a password manager I strongly recommend you start.

I use 1Password as a password manager, which allows me to have different strong passwords for every site. where I maintain an account. 1Password makes it very easy to retrieve my passwords to log in and I only need to memorize one password to access hundreds of strong passwords to my other accounts.

On iOS Apple makes is super easy for anyone with your 6 digit unlock code to change your AppleID password. Iforgot .apple.com will let you recover your account quickly if you have a way to receive the 2FA code and still have a valid credit card on file with Apple.

Otherwise, you need to use the Apple Account Recovery System. It took me 32 days to get back into my AppleID account after a catastrophic loss due to a robbery.

I would also recommend having a number of verified phone numbers where you can receive the Apple 2FA code. Don’t rely on just phones in your possession to receive the code. Add a relative or friend’s phone number not living in your household.

They will never get the 2FA code unless you tell ifogot.apple.com to use that emergency number to send the code. But you cannot add new phone numbers unless you can get into your account.

So do it before you need it.

staines · September 9, 2019, 3:39pm

Thanks for the advice! I think that I would use the appleid.apple.com page to do this.

staines · September 9, 2019, 3:40pm

Thanks for the advice. I am also a big fan of 1Password which I use and recommend to others.

jcenters · September 9, 2019, 3:46pm

I just had to reset a bank password this morning and 1Password has gotten very good at helping you generate a new password and updating your existing login entry with it.

fogcitynative · September 9, 2019, 4:00pm

True that, since he didn’t forget. At the main site he just needs to 2FA.

neil1 · September 9, 2019, 4:05pm

I get these periodically…my guess is that it was somebody fat fingering their AppleID when trying to log in and when it failed they hit the reset password button. You’re probably not in danger…but resetting the password can’t hurt.

MMTalker · September 9, 2019, 5:46pm

Something similar happened to me a few years ago. I called Apple help, and they said it was not. I suggest giving them a call to check.

schwartz · September 9, 2019, 8:32pm

Yeah, I know. I’m always typing “Laubenthal“ by mistake when entering my AppleID!

fogcitynative · September 9, 2019, 9:05pm

Ergonis Software Typinator can fix that easily. If you’re a member here you get a discount.

I have the same problem. As you can see.

Want to have easy macros for stuff you type all the time? Like your e-mail or home address?

And it gets way more powerful. Say you need to write replies to customers with variables, like:

Thanks for your [e-mail/text] about our [Product A/Product B]

You can compose very personalized letters very quickly. But I don’t use it for that. I’m retired.

The developer has been at this for years and is in Germany or Austria and his programs are precise.

Ergonis also makes KeyCue which make this very easy.

™

duanewilliams · September 16, 2019, 3:27pm

If someone else was trying to reset Geoffrey’s password (by accident or for whatever reason), they obviously failed. Apple’s security system worked! His Apple ID password is still secure. It is no less secure after someone tried to reset it and failed. Why should he change it?

As far as I know, there is only one good reason to ever change one’s password: they have reason to believe it has been compromised and someone else may know it who shouldn’t know it. (I presume the password is a strong one, of course.)

If the password is appropriately strong, it’s not going to be guessed, even if someone is trying very hard to guess it. If the password is not strong, then he should change it for that reason, not because he got an email.