Apple repairs security flaw that caused it to disable iForgot
The good news is that Apple has reinstated iForgot which means that the flaw has been repaired. The flaw had allowed someone to use a modified URL while answering the date of birth question on the iForgot page. This tricked the service into thinking that you had logged in properly and allowed the hacker to reset your password to gain control of the account, just knowing your birthdate and email address. Since this account is used to make purchases on the App Store, iBookstore and iTunes, the potential to have expensive purchases sent to someone else using your credit card was very high.
With the extermination of the flaw that caused the problem with iForgot, late Friday, Apple even added a way for users to get an extra layer of security by offering users a two-step verification process that requires you to verify your identity using one of your devices before signing in to My Apple ID to manage your account, before making a purchase on iTunes, the Apple App Store, or iBookstore using a new device, or before getting Apple ID related support from Apple. The advantage to opting for the two-step verification is that it raises the degree of safety and makes it harder for someone to access your account to make Apple ID related changes or to make unauthorized purchases. If you've opted in for the two step verification process, when you log in with your Apple ID# and password to make a purchase on iTunes (as an example), a 4 digit verification number is sent to a trusted device you own. That number will have to be entered in order to complete the log in.
Despite the apparent corrections and fixes made by Apple, using the two step verification process will offer more security. Yes, it is more time consuming, but imagine if your identity had been lifted. And the only time you need to enter both your password and 4-digit verification number will be when signing on to your Apple ID account, or when logging in to iTunes, the App Store or iBookstore from a new device. Sounds like a good trade-off; more protection for just a little extra hassle.
source: Apple, TheVerge via Pocketlint
The two-step verification process adds another layer of safety
4. wendygarett (unregistered)
I wonder those governments department have these regret feels or not for choosing the iPhone 5 :)
5. Max_Boost (Posts: 50; Member since: 22 Sep 2012)
What was the password again? "Oh, iForgot", says Apple. Hahahahaha
6. tedkord (Posts: 4493; Member since: 17 Jun 2009)
People need to give credit where due. Apple acknowledged the issue, took temporary steps to halt it by shutting down the password recovery, and started working on a permanent fix.
You need to remember, there was a time, not very long ago, when Apple would have denied the issue, blamed the user, claimed that all cloud servers had the identical issue, quietly rolled out a fix without admitting anything needed fixing.
That's progress. Yes, they have some more growing up to do, but it's happening.
9. Aeires (unregistered)
Have to agree with that, Tim's Apple is much improved vs. Steve's when it comes to taking responsibility for problems.
Now if only they'd send the legal team on a long vacation....
10. GadgetsMcGoo (Posts: 163; Member since: 15 Mar 2013)
True but you can only say "I'm sorry" so many times till people realize that they can't rely on your product anymore.
11. quakan (Posts: 1156; Member since: 02 Mar 2011)
Apple has always fixed software bugs. You don't have to troll in reference to antenna-gate.
7. TROLL (banned) (Posts: 4851; Member since: 13 Apr 2012)
Apple's product are like Swiss cheese, so many holes in them! Apple should test there products befor they release them. There is no excuse for a service like this to ever get into production with a such a epic fail security! No shame on them!
12. dragonstkdgirl (Posts: 144; Member since: 07 Apr 2012)
Programming isn't always that easy. Sometimes one line of code will fix one thing and break ten other things. It's kinda like stopping up holes in the bottom of a boat where you plug one hole while three more spring up.
15. Droiddoes (unregistered)
well considering apple has used the exact same OS/UI for the last six years one would think they should have it figured out by now. Oh but people don't buy apple novelties for that so it's not important.
14. Droiddoes (unregistered)
It just works!