Big tech companies locking you out of your own stuff is an underrated threat vector.
I recently had a similar debacle with my Google account when I was travelling out of state and lost my phone. I needed to access my account quickly and fortunately knew my password and had added my partner's phone number as a 2fa method for exactly this kind of scenario.
Well when I went to log in Google took it upon themselves to disable that 2fa method, because it thought there were more secure options available. Except there weren't because I was far from home and all of my other devices!
I was pretty shocked that Google would change my security settings without any notice to me and confirmation on my part.
I've lost 2 different gmail accounts, apparently due to Google deciding to change or not respect my security settings. It's hard to say for sure. Meanwhile I still have a Hotmail email address. (This isn't me saying Microsoft couldn't cause similar issues, but I've at least been able to get things fixed through support in the past.)
I'm of the same mind that providers can be underrated risks, because it doesn't always cross people's minds that the provider could be that seemingly incompetent. It's certainly a potential situation to consider when dealing with companies that have poor support. And unfortunately, not all of them have great support or self-service tools like account recovery codes.
Lockdown mode is used to protect journalists or other people against malware like Pegasus. It doesn't get activated by being in an unusual location, it has to be manually activated in settings.
If you have FaceID enabled, it will require that to disable lockdown mode (and I already explained the loop about how lockdown mode disables biometric auth like Face ID). I can get into the phone with my pin just fine, but the phone is still locked down. When lockdown mode disables biometric auth, I couldn’t get into bank, brokerage or any app requiring that auth.
Maybe I’m just crazy because it seems like a ridiculous oversight.
> I can get into the phone with my pin just fine, but the phone is still locked down. When lockdown mode disables biometric auth, I couldn’t get into bank, brokerage or any app requiring that auth.
Never heard of this behavior, but it's not associated with the Apple feature called "Lockdown Mode", which does not constrain use of secure enclaves for Touch ID or Face ID authentication, https://support.apple.com/en-us/105120
no, it doesn't? It changes your publicly visible IP. Your GPS data still shows you in the original location. Your wifi localisation and 5g antennas would still be in the original location. It'd also be _trivially easy_ for the OS to know that the user is behind a VPN, given the only way to do so is through APIs dedicated to VPN use.
My iOS devices are in lockdown mode 99% of the time. To disable lockdown mode, go into Settings > Privacy > Lockdown Mode, it offers the option to "Turn Off and Restart", then asks for a passcode.
The behavior being described sounds a bit like malware. If it happens again, the best option is to Force Restart (VolUp, VolDown, hold side button until the device reboots), which cannot be intercepted by any apps which might be trying to simulate iOS system prompts.
It moves your IP address to an unusual location. I highly doubt that it changes your GPS coordinates, nearby wifi, cell towers, etc that can be used in location detection.
1.iPhone detects I’m in an unusual location (I’m not, vpn). It just decided this all of a sudden, and I’ve used vpns in the past without issue.
2. Goes into lockdown mode
3. You need Face ID to disable lockdown mode
4. Face ID cannot be used in lockdown mode. Go back to step 3
Step wtf: We’re now trapped out.
5. I have to reset my phone. I forgot that I have eSIM, so resetting deletes my phone number too.
Step holy shit: Apple let me delete my entire sim card in about a one click warning lol.
——-
These people don’t dog food their own shit at all. Had to disable Face ID after an event like that.