x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Apple repairs security flaw that caused it to disable iForgot

Apple repairs security flaw that caused it to disable iForgot

Posted: , by Alan F.

Tags:

Apple repairs security flaw that caused it to disable iForgot
With all of the problems that Apple has had with Passcode flaws, Thursday's revelation of another security issue on the Apple iPhone 4 and Apple iPhone 5 seemed to be frustrating for iPhone owners. But things went from bad to worse on Friday when Apple announced that it was temporarily disabling iForgot due to a major security problem. iForgot allows you to reset your password for your Apple ID account.

The good news is that Apple has reinstated iForgot which means that the flaw has been repaired. The flaw had allowed someone to use a modified URL while answering the date of birth question on the iForgot page. This tricked the service into thinking that you had logged in properly and allowed the hacker to reset your password to gain control of the account, just knowing your birthdate and email address. Since this account is used to make purchases on the App Store, iBookstore and iTunes, the potential to have expensive purchases sent to someone else using your credit card was very high.

With the extermination of the flaw that caused the problem with iForgot, late Friday, Apple even added a way for users to get an extra layer of security by offering users a two-step verification process that requires you to verify your identity using one of your devices before signing in to My Apple ID to manage your account, before making a purchase on iTunes, the Apple App Store, or iBookstore using a new device, or before getting Apple ID related support from Apple. The advantage to opting for the two-step verification is that it raises the degree of safety and makes it harder for someone to access your account to make Apple ID related changes or to make unauthorized purchases. If you've opted in for the two step verification process, when you log in with your Apple ID# and password to make a purchase on iTunes (as an example), a 4 digit verification number is sent to a trusted device you own. That number will have to be entered in order to complete the log in.

Apple has fixed the bugs on iForgot

Apple has fixed the bugs on iForgot


Despite the apparent corrections and fixes made by Apple, using the two step verification process will offer more security. Yes, it is more time consuming, but imagine if your identity had been lifted. And the only time you need to enter both your password and 4-digit verification number will be when signing on to your Apple ID account, or when logging in to iTunes, the App Store or iBookstore from a new device. Sounds like a good trade-off; more protection for just a little extra hassle.

source: Apple, TheVerge via Pocketlint

The two-step verification process adds another layer of safety

The two-step verification process adds another layer of safety


14 Comments
  • Options
    Close




posted on 23 Mar 2013, 00:51 13

1. menny07 (Posts: 89; Member since: 13 Dec 2012)


No dearest Apple, its called iFail.

posted on 23 Mar 2013, 01:16 11

2. Topcat488 (Posts: 1037; Member since: 29 Sep 2012)


Or maybe iGiveup.

posted on 23 Mar 2013, 01:30 13

3. xperiaDROID (Posts: 4812; Member since: 08 Mar 2013)


Apple is making me iSad!

posted on 23 Mar 2013, 01:33 12

4. wendygarett (unregistered)


I wonder those governments department have these regret feels or not for choosing the iPhone 5 :)

posted on 23 Mar 2013, 04:28 7

5. Max_Boost (Posts: 44; Member since: 22 Sep 2012)


What was the password again? "Oh, iForgot", says Apple. Hahahahaha

posted on 23 Mar 2013, 06:19 9

6. tedkord (Posts: 3908; Member since: 17 Jun 2009)


People need to give credit where due. Apple acknowledged the issue, took temporary steps to halt it by shutting down the password recovery, and started working on a permanent fix.

You need to remember, there was a time, not very long ago, when Apple would have denied the issue, blamed the user, claimed that all cloud servers had the identical issue, quietly rolled out a fix without admitting anything needed fixing.

That's progress. Yes, they have some more growing up to do, but it's happening.

posted on 23 Mar 2013, 11:25 6

9. Aeires (unregistered)


Have to agree with that, Tim's Apple is much improved vs. Steve's when it comes to taking responsibility for problems.

Now if only they'd send the legal team on a long vacation....

posted on 23 Mar 2013, 11:45 4

10. GadgetsMcGoo (Posts: 163; Member since: 15 Mar 2013)


True but you can only say "I'm sorry" so many times till people realize that they can't rely on your product anymore.

posted on 23 Mar 2013, 14:47

11. quakan (Posts: 1079; Member since: 02 Mar 2011)


Apple has always fixed software bugs. You don't have to troll in reference to antenna-gate.

posted on 23 Mar 2013, 07:17 6

7. TROLL (banned) (Posts: 4851; Member since: 13 Apr 2012)


Apple's product are like Swiss cheese, so many holes in them! Apple should test there products befor they release them. There is no excuse for a service like this to ever get into production with a such a epic fail security! No shame on them!

posted on 23 Mar 2013, 14:47 1

12. dragonstkdgirl (Posts: 144; Member since: 07 Apr 2012)


Programming isn't always that easy. Sometimes one line of code will fix one thing and break ten other things. It's kinda like stopping up holes in the bottom of a boat where you plug one hole while three more spring up.

posted on 24 Mar 2013, 13:39

15. Droiddoes (unregistered)


well considering apple has used the exact same OS/UI for the last six years one would think they should have it figured out by now. Oh but people don't buy apple novelties for that so it's not important.

posted on 23 Mar 2013, 08:51

8. JunkCreek (Posts: 379; Member since: 13 Jul 2012)


iSocomplicated

posted on 24 Mar 2013, 13:36

14. Droiddoes (unregistered)


It just works!

Want to comment? Please login or register.

Latest stories