Apple repairs security flaw that caused it to disable iForgot

Apple repairs security flaw that caused it to disable iForgot
With all of the problems that Apple has had with Passcode flaws, Thursday's revelation of another security issue on the Apple iPhone 4 and Apple iPhone 5 seemed to be frustrating for iPhone owners. But things went from bad to worse on Friday when Apple announced that it was temporarily disabling iForgot due to a major security problem. iForgot allows you to reset your password for your Apple ID account.

The good news is that Apple has reinstated iForgot which means that the flaw has been repaired. The flaw had allowed someone to use a modified URL while answering the date of birth question on the iForgot page. This tricked the service into thinking that you had logged in properly and allowed the hacker to reset your password to gain control of the account, just knowing your birthdate and email address. Since this account is used to make purchases on the App Store, iBookstore and iTunes, the potential to have expensive purchases sent to someone else using your credit card was very high.

With the extermination of the flaw that caused the problem with iForgot, late Friday, Apple even added a way for users to get an extra layer of security by offering users a two-step verification process that requires you to verify your identity using one of your devices before signing in to My Apple ID to manage your account, before making a purchase on iTunes, the Apple App Store, or iBookstore using a new device, or before getting Apple ID related support from Apple. The advantage to opting for the two-step verification is that it raises the degree of safety and makes it harder for someone to access your account to make Apple ID related changes or to make unauthorized purchases. If you've opted in for the two step verification process, when you log in with your Apple ID# and password to make a purchase on iTunes (as an example), a 4 digit verification number is sent to a trusted device you own. That number will have to be entered in order to complete the log in.


Despite the apparent corrections and fixes made by Apple, using the two step verification process will offer more security. Yes, it is more time consuming, but imagine if your identity had been lifted. And the only time you need to enter both your password and 4-digit verification number will be when signing on to your Apple ID account, or when logging in to iTunes, the App Store or iBookstore from a new device. Sounds like a good trade-off; more protection for just a little extra hassle.

source: Apple, TheVerge via Pocketlint


FEATURED VIDEO

14 Comments

1. menny07

Posts: 89; Member since: Dec 13, 2012

No dearest Apple, its called iFail.

2. Topcat488

Posts: 1415; Member since: Sep 29, 2012

Or maybe iGiveup.

3. xperiaDROID

Posts: 5629; Member since: Mar 08, 2013

Apple is making me iSad!

4. wendygarett unregistered

I wonder those governments department have these regret feels or not for choosing the iPhone 5 :)

5. Max_Boost

Posts: 101; Member since: Sep 22, 2012

What was the password again? "Oh, iForgot", says Apple. Hahahahaha

6. tedkord

Posts: 17352; Member since: Jun 17, 2009

People need to give credit where due. Apple acknowledged the issue, took temporary steps to halt it by shutting down the password recovery, and started working on a permanent fix. You need to remember, there was a time, not very long ago, when Apple would have denied the issue, blamed the user, claimed that all cloud servers had the identical issue, quietly rolled out a fix without admitting anything needed fixing. That's progress. Yes, they have some more growing up to do, but it's happening.

9. Aeires unregistered

Have to agree with that, Tim's Apple is much improved vs. Steve's when it comes to taking responsibility for problems. Now if only they'd send the legal team on a long vacation....

10. GadgetsMcGoo

Posts: 168; Member since: Mar 15, 2013

True but you can only say "I'm sorry" so many times till people realize that they can't rely on your product anymore.

11. quakan

Posts: 1418; Member since: Mar 02, 2011

Apple has always fixed software bugs. You don't have to troll in reference to antenna-gate.

7. TROLL

Posts: 4851; Member since: Apr 13, 2012

Apple's product are like Swiss cheese, so many holes in them! Apple should test there products befor they release them. There is no excuse for a service like this to ever get into production with a such a epic fail security! No shame on them!

12. dragonstkdgirl

Posts: 144; Member since: Apr 07, 2012

Programming isn't always that easy. Sometimes one line of code will fix one thing and break ten other things. It's kinda like stopping up holes in the bottom of a boat where you plug one hole while three more spring up.

15. Droiddoes unregistered

well considering apple has used the exact same OS/UI for the last six years one would think they should have it figured out by now. Oh but people don't buy apple novelties for that so it's not important.

8. JunkCreek

Posts: 407; Member since: Jul 13, 2012

iSocomplicated

14. Droiddoes unregistered

It just works!

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.