Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple ID Security Hole Allows Password Reset With Email Address and Date of Birth
- Thread starter MacRumors
- Start date
- Sort by reaction score
How much of that 'hacking' was really due to server/apple fails and how much was folks having piss poor passwords, security questions you can find on their Facebook etc
----------
Well, I would love to activate the two-step verification. But it seems like some countries are once again of lower priority
Given this hole are you really upset that you aren't in round one.
----------
Yet if they hasn't announced it to the word but simply to Apple it might have been fixed before anyone tried to sort out the full method
lol... Apple "up-the-security", but not in all areas....
just allowing DOB and users email address is shocking security just to reset their password.
I'd also by asking the security questions/answers here too, as well the last 4 digits of card number they have on file (optional)
I'm surprise this didn't actually happen sooner. But better sooner a fix, than later.
just allowing DOB and users email address is shocking security just to reset their password.
I'd also by asking the security questions/answers here too, as well the last 4 digits of card number they have on file (optional)
I'm surprise this didn't actually happen sooner. But better sooner a fix, than later.
Apple did not intentionally allow users to reset the password using just the date of birth and email. There were additional security questions after, but this hack was bypassing them.
You Americans........mind sharing your nationality so that one might properly address you kind sir?
That's not true. My password far exceeds those so-called minimum requirements.
----------
Don't you also need the physical device to sync to? How would some jerkface turn on Two Factor Authentication without that? The three-day waiting period seems unnecessary.
I wish retina scans and finger print devices would have been normal by now. Though, what if your eyes are badly bloodshot?
Personally I prefer good old pen and paper/book.
Personally I prefer good old pen and paper/book.
That sucks. Not to throw a competitor as a comparison - but that's why a bunch of my friends and colleagues switches from yahoo to gmail.
I've been with gmail since about when it started and never had an issue. Maybe you're just really popular
Holy crap. This is eye-opening. I just had a talk with my wife and we both agree that it's too dangerous on the Internet. After I post this we are throwing away our phones, computers, iPads and anything else we can find that might connect to the Internet. I also received a letter from Honda yesterday that there is a recall on my pilot for the airbag. That is just too much. We are having the pilot sent to the crusher tomorrow. My wife and I will stop at nothing to rid our lives and the lives of our children of all risks.
Is this just speculation or is there substance to this? The Verge won't mention anything other than that they "know something". I mean, I'm not saying it isn't possible...but I'm just curious if this is just a claim or if there is other eveidence that this happened.
Clearly there is a vulnerability...but is there evidence of affected users? Either way, two-step here I come.
Clearly there is a vulnerability...but is there evidence of affected users? Either way, two-step here I come.
Last edited:
I (the hacker) have a physical device. _My_ iPhone, iPad or Mac. If I have your AppleID and password, I can get into your account from any device. Just like you can if you buy a new phone.
I agree, I think I may need to sell my house too. Did you know they have programs that store all that information and real estate agents have access to that? It's crazy. I love sarcasm!!
The reality is we can't be 100% safe, ever. Apple may not have been, or be the best at It, but I will give them credit for jumping on the problem as quick as they did. The Steve jobs era was not like that, they would just remain silent and not fix it for a long time. I think they are making the effort and I give them credit for that. Beyond that I have to do what I can to keep myself as safe as I can. If you absolutely can't handle that then maybe you need lifestyle changes.
What cracks me up is how most of you are complaining to the point that you have had previous knowledge of their piss poor security and still use their services. That's ALL bad on you. Fool me once kinda thing you know?
Last edited:
Method was already known by anyone that would want to use it. News of this sort doesn't exactly spread through tech blogs, they'll only appear there from eventually being picked up.
Love how websites like MacRumiors driving Apple corporate decisions...like on the spot they tooj down the service.....bravo to social media
The only people who worry about this stuff are people who are trying to hide their wrongdoing.
You're welcome.
I'm with you!
----------
Dream on... denial is a wonderful thing for those who have no desire for taking personal responsibility.
??? Secure
does this mean now all you need to do is steal a device to change the password? how is that secure
does this mean now all you need to do is steal a device to change the password? how is that secure