“Apple Inc. is beefing up security for resetting user passwords after a journalist wrote about a hack affecting his personal data, highlighting possible weaknesses in the system protecting more than 400 million user accounts,” Adam Satariano reports for Bloomberg.
“The company is temporarily suspending the ability to reset AppleID passwords over the phone while it takes steps to make the procedure more secure, said Natalie Kerris, a spokeswoman for Cupertino, California-based Apple,” Satariano reports. “‘This system can reset a password in one of two ways: either have a password reset sent to an alternate e-mail address already on record or challenge the customer to answer security questions they had previously set up,’ Kerris said. ‘When we resume over-the-phone password resets, customers will be required to provide even stronger identify verification to reset their password.'”
Satariano reports, “Mat Honan, a reporter for Wired, wrote this week… ‘The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification,’ Honan said in his article. Ty Rogers, a spokesman for Seattle-based Amazon, said the company has investigated the reported exploit and closed it off. He declined to elaborate.”
Read more in the full article here.
Use OS X to help you create strong passwords – August 8, 2012
Apple temporarily suspends over-the-phone iCloud password changes – August 7, 2012
Amazon quietly closes security hole after journalist’s devastating hack – August 7, 2012
How to configure Google’s two-step authentication – August 7, 2012
Apple responds to iCloud hack: Our internal policies were not followed completely – August 7, 2012