Saved by Apple’s Two-Factor Authentication: An Attempted Hacking Survival Story

Earlier today, I received a 2-factor authentication request for my Apple account from somewhere in China.  There’s one small problem with this: I AM NOT IN CHINA. 😳

What is happening?!!

This request meant that not only was someone in China trying to hack my Apple account but that they successfully logged in.  Holy moly!!  Mind blown!  The only thing that stopped the hacker from doing whatever they wanted with my Apple account was the two-factor authentication.  Talk about a save!

I quickly went to to see if my Apple login email was featured and lo-and-behold,  it was.  As it turns out, I used that email address for 8 different sites that had been breached.  This meant that the hacker could be trying my credentials on a ton of different sites and worse, could possibly be getting somewhere.  The site actually recommends using a password manager for handling passwords and I can’t agree more on this.  But, I digress.

What to do?  What to do?

So for the next hour, after the hack attempt, I went through my password manager (told you they come in handy) and located every site that used that password and changed it.  Then, for good measure, I went through every site that used that email and changed the passwords there too.

I have to say, this experience was a big eye opener for me and I am truly blessed that it didn’t turn into a complete disaster.   Hopefully this won’t ever be your experience and to help further that, I have listed a couple tips below.

Thank you for reading.

Some tips to avoid my experience

  1. Setup 2-factor authentication as often as possible.  Yes, it’s an inconvenience but it may save your account… like it did mine. 😊
  2. Change your passwords regularly.  Don’t argue, just do it.
  3. Don’t use the same password on multiple sites.
  4. Use complex passwords because “6h89(^Y%TG*23d” is more difficult to crack than “password”.
  5. Check your emails against to find out if they may have been a part of a breach.  If so, change the passwords for all the accounts that use that email.  It’s time consuming but also not worth the risk.

Side note: A password manager helps with almost all of these tips and also adds much convenience.  I recommend 1password cuz they make my life easier.  That said, please don’t use an easy password to access your password manager.  This defeats the purpose.

Be careful what you depend on… No seriously, BE CAREFUL!

I always try to be on the more secure side of things but there is a likely chance I would fall victim to this scenario too.

I use package managers when appropriate but I have seen first hand how a complete reliance on packages can cause some deep troubles.

I found this gem article on Medium that outlines a scenario where a very malicious code set is hidden in a seemingly well meaning npm package with virtually 0 traceability.

I just wanted to share it with you. Give it a read and see if you don’t have an “omg” moment like I did.

Happy Coding! 🤓