I gave my mother an iPad for Christmas. She had a Mac in the past, but after it died, she started using an old netbook running Windows XP that I had left lying around her house. The Asus 1000HE, dating from the first days of the Obama administration, was literally wheezing and I didn’t even want to imagine what security vulnerabilities its copy of the long-abandoned Windows XP had.
The iPad was her first iOS device, and she was thrilled, especially with Touch ID. But I failed to explain that Touch ID would require her to enter her passcode every few days. And when we had set up the iPad, she had insisted on an alphanumeric passcode. So when it prompted her for a passcode, she entered her Apple ID password. And again. And again.
Until finally, the tablet seized up, displaying this message: “iPad is disabled; connect to iTunes.”
After I ranted about this situation on Twitter and in our TidBITS Slack team, I discovered that most techies don’t even know that this is something that happens, because they don’t forget their passcodes!
Alas, I know this problem all too well because I have a tech-addled toddler who likes to use the iPad Lock screen as a drum, so he disables his iPad regularly. And before you ask, no, this feature is not related to the Erase Data feature in Settings > Touch ID & Passcode that erases the data on your iOS device after 10 incorrect passcode entries. This is a built-in security feature that cannot be disabled.
How many incorrect passcode entries it takes before the iPad locks is up for debate. Apple’s support document says six. In my testing, that isn’t true. It took only five tries with random passcodes to disable my iPad for 1 minute. However, Apple seems to have measures in places to prevent accidental disabling. I tried 1111 as a passcode over 20 times without disabling the iPad. I then entered 9874 another 20 times with no problems. But after that it took only three random passcodes, without entering the right passcode to reset the count, to disable the iPad.
Once you kick off the process, it works like this: the device is disabled for 1 minute. There is no way to bypass it being disabled — you just have to sit in time out like a naughty child. Once that time is up, you get one chance to get the passcode correct or your device is disabled for 5 minutes. Get it wrong again and it’s disabled for 15 minutes! The next failure disables it for another 15 minutes. After that, 1 hour. Get it wrong one more time, and you won’t be able to get in directly on the device ever again. Your only solution at that point is to erase all content and settings and restore from backup.
As I’ve worked on my test devices to replicate this behavior, I’m amazed at how persistent my mother was in entering the wrong passcode. But I think one of the design mistakes Apple made here was in not explaining why the iPad is disabled. The more technically adept will likely figure out what’s happening quickly, but it’s not necessarily obvious to a less experienced user what’s going on.
A more helpful message would be “iPad is disabled for five minutes for your security. Please verify that your passcode is correct and try again.” At the very least, that would ensure that the user had been told explicitly what they had done wrong.
How I Fixed It — If your iOS device is disabled, the main way to fix it is to use iTunes to erase it and restore from backup. So instead of this being a simple confusion I could clear up over the phone, I had to head to her house with my MacBook Pro in tow. To add insult to injury, since my MacBook Pro only has Thunderbolt 3 ports and her iPad only came with a Lightning to USB cable, I had to dig out an adapter.
(To those who would point out that I could have loaded iTunes on my old netbook, no, that wouldn’t have worked because the current version of iTunes requires at least Windows 7.)
If the device has been synced with iTunes, erasing and restoring is reportedly a relatively painless process. But since her iPad had never been synced to my MacBook Pro, I first had to enter recovery mode by connecting it to iTunes and holding the Sleep/Wake button and the Home button until I saw the Connect to iTunes screen. That technique works on all iPads, iPod touches, and older iPhones. If you have an iPhone 7 or later, the process is slightly different:
- iPhone 7 and iPhone 7 Plus: Press and hold the Side and Volume Down buttons until you see the Connect to iTunes screen.
- iPhone X, iPhone 8, and iPhone 8 Plus: Press and release the Volume Up button, press and release the Volume Down button, and then press and hold the Side button until you see the Connect to iTunes screen.
Once I connected to the iPad via iTunes, recovery was as simple as clicking the Restore iPad button. You may see a prompt that says there was a problem with your device that requires it to be updated or restored. If so, click the Restore button on that window.
Note that restoring your device requires iTunes to download the latest version of iOS, regardless of whether or not it’s installed on your device already. And also note that your iOS device will remain in restore mode for only 15 minutes, so if the download takes longer than that, you’ll have to enter that mode again. So having a fast Internet connection is key during the restore process. Unfortunately, my mother didn’t have a particularly good Internet connection at the time, so I had to go home to my fiber connection, restore the iPad, and then bring it back.
I later learned that there is another solution to this problem that’s easier, doesn’t require a Mac with iTunes, and can be initiated remotely: Find My iPhone, also known as Find My iPad (the name changes per device). You’ll need another computer or iOS device for this, but if you open the built-in Find My iPhone app, either in iOS or on iCloud, choose the disabled device, and tap Erase iPad, you can erase the device. However, if Find My iPad wasn’t enabled and you don’t have access to a Mac with iTunes, you’ll have to drive to an Apple Store to get it fixed. That’s right — the last-ditch solution is to take your disabled device to the Genius Bar and get Apple to reset it.
Note too that if Find My iPad is enabled, that turns on Activation Lock. So, when you’re setting the device up again, you’ll have to log in with the previous Apple ID credentials that were associated with the device to prove that it’s not stolen.
Thankfully, this story had a happy ending. I’d set up my mother’s iPad to back up to iCloud and restoring that backup brought back all of her apps, already logged in, so it didn’t take long to get back up to speed. I worked with her to set up a new numeric passcode and even turned on two-factor authentication for her Apple ID at her request. That was a few weeks ago, and so far, so good.
Further Thoughts — During this minor drama, I learned a few things about setting up iOS devices for others. Don’t set up an alphanumeric passcode, even if they request it. Make them come up with a numeric passcode. It’s just too easy to mix up the passcode and Apple ID password. Also, whatever security measures you set up, be sure to explain them thoroughly.
I also have a few suggestions for how Apple could improve this feature. First, let us turn it off! I don’t even see why it exists — iOS already has a feature that will wipe the device if the passcode is entered incorrectly enough times. I understand and appreciate Apple’s dedication to security, but some devices need less than others. My mom’s and son’s iPads have nothing on them that’s more sensitive than what kind of YouTube videos they like — a six-digit passcode is more than enough security on its own. And on top of that, I can wipe these devices remotely with Find My iPhone.
Worse, this feature can render a device completely useless and potentially cause a user to lose data, if the device wasn’t set to back up or its backups were failing for some reason. I’ve never seen a non-optional security feature that could brick a consumer-level device even if an authorized user could later authenticate themselves.
At least in theory, someone with access to your iPhone or iPad could lock it in this way just to be annoying. There should always be a way for an authorized user to gain access to a disabled device without having to turn to another device or computer, perhaps by entering your Apple ID credentials.