On Monday, July 22nd 2019 we experienced a major problem with our iPhone & iPad (both running iOS 12.3.x). A message appeared on the screen of our iPad Air II prompting us we would need to change our passcode within the next 59 minutes. We proceeded to act on the message to our peril. End result? We had to wipe the OS off of both the iPhone and the iPad Air II before we could fix the issue. Even worse, any/all encrypted data we had stored on iCloud was lost forever.
Not good and completely avoidable, in our opinion.
Unfortunately, prior to the release of iOS 12.4 (which magically popped up on the very same day we were going through this tech hell) we were not able to check the box to delete encrypted data on iCloud and, thereby, correct the problem
I should note our problem boiled down to having used an eight character passcode. Once we followed any/all steps to fix the problem we kept hitting a six character limitation on existing and/or new passcodes. Since we maintain Apple Care for the iPad Air II we were in constant touch with Apple Support. Unfortunately they were not familiar with the issue we were experiencing and, therefore, even at Tier II support levels were unable to solve it.
We also use a third party security solution — Symantec End Point Protection (SEP). The set up process for SEP required us to select a complex passcode. Discussions with Apple Support resulted in a conclusion the issue had resulted from the mismatch between our eight character passcode and the six character limitation burned into Apple’s set up program. But the tech we worked with at Symantec found a post on an Apple user discussion board on the very same issue we had experienced. From the post it’s clear there was a bug in some push code Apple had implemented since the person posting the issue claimed to be receiving the “change in 59 minutes” every 2 weeks. We tried ignoring the message, but when the time was up we were forced to change the passcode.
I should also note we ended up having to wipe the OS off of an Apple Watch before the whole issue was resolved.
What’s the big deal about this? Apple’s reputation is badly tarnished for a segment of customers.
As Eric Reiss points out in “The Lean Startup”, decisions to allocate and, subsequently, to manage development resources are critically important to a business. Apple’s original decision (sometime long ago) to tightly couple an encrypted passcode with access not only to the hardware device associated with a specific users, but also with a user’s cloud data repository was not smart especially given a set up program lacking a flexible method of inputting existing and targeted passcodes (in terms of the number of digits users can choose for their selection). For a company Apple’s size to skip the important UAT & operational risk management steps required to ensure satisfactory reception on the part of customers is, at a minimum, highly disappointing.
Apple has a reputation for sloppy code. The forgiving segment of its user community usually laughs off the bugs. But we don’t want to go through a tech hell again and are sorry we have no alternative to iOS for our mobile computing needs. We value our data and require data access control and security settings beyond what Android provides today. An opportunity for some big tech company to step up and fill the void certainly exists. Hope someone seizes it (how do they say? carpe diem?)