Too bad it already fappened.
Apple, a company notorious for knowing what's best for their customers should have had 2-step verification enabled by default.
Guess what? Most of the hack attempts were done because they answered a few security questions. They didn't need to know the user's password.
Tim Cook is a fantastic CEO this way. He has done a great job at saying "hey, we screwed up" when they have (and even if they haven't), and saying "hey, we agree, things could be better and we're going to make sure they are."
You said it was Apple's fault that the celebrities had their data stolen because 2-step verification wasn't offered in all countries.
Tim Cook is a fantastic CEO this way. He has done a great job at saying "hey, we screwed up" when they have (and even if they haven't), and saying "hey, we agree, things could be better and we're going to make sure they are."
I want to set up 2 step authorization but can't remember my security question answers. (Well, I think I remember but it's not accepting them.) Apparently I don't have an emergency email with Apple so I have to call support. Thus, I keep putting it off.
What else can they do? Not have backups?
They should have thought this ahead before the damage is already done.
This type of poor management of sensitive data reminds me of Microsoft, ie; Damage control policy, let the bad things happen then look for ways to prevent them from happening again.
or not have backups in the cloud (have local only), which is another option you can choose to make this sort of thing impossible.
^^^This
It's like saying that we should have checked out the terrorist background before they crashed a commercial plane into a building killing 1000's of innocent people.
Or
We should not let 9 year old girls handle UZI machine guns after accidentally killing her instructor.
The damage is already done and is irreversible. I'm just surprised that Apple let this happen in the first place. You're sitting on all this money so it's not like you don't have the resource to hire outside vendors to find weaknesses in the system.
I'm not a security expert, but I'm a network tech. Years ago I attended a basic security class and they stressed to never give correct answers to these personal "security" questions. Make up ridiculous answers and save them in something like 1Password. Perhaps not perfect, but it does allow for an extra layer of protection.
or not have backups in the cloud (have local only), which is another option you can choose to make this sort of thing impossible.
If you somehow still think Apple's security doesn't SUCK DONKEY BALLS, see:
http://mashable.com/2014/09/04/i-hacked-my-own-icloud-account/
Explain. Are you saying you were issued a temporary password after answering the security questions right then and there in the browser instance you were using to reset the password? Are you saying you didn't have to confirm the reset by clicking a link in a verification email they sent you?
If you know the answers to your security questions
Go to My Apple ID (appleid.apple.com).
Select Reset your password.
Enter your Apple ID, then select Next.
Select Answer security questions as your authentication method. Select Next.
Select the birth date associated with your Apple ID, then select Next to begin answering your security questions.
After answering your security questions, you'll be asked to enter and confirm your new password. Select Reset Password when done.
He's also clever. Apple still hasn't addressed or admitted to their initial screw up that led to all of this. Yes they fixed the multiple login attempts but have not addressed it. If they weren't going to be introducing so many shiny new products in 4 days, the press would be asking questions about that mistake. It's a gamble but how much do you wanna bet no one calls them out on their security goof this Tuesday? Tim is willing to bet all will be forgiven by then.
I don't want 2 factor authentication based on SMS messages pushed down my throat. Apple should use the same scheme Dropbox uses and allow for off-line apps to generate the token. At least give that choice. SMS doesn't work that well when traveling abroad without roaming
If you somehow still think Apple's security doesn't SUCK DONKEY BALLS, see:
http://mashable.com/2014/09/04/i-hacked-my-own-icloud-account/
Not if you enable 2-factor authentication. Then they will not be able to change your password, so they won't be able to get at your iCloud data.
Also, as the article said, Apple is also going to expand 2-factor authentication so, presumably, even if you know someone's password, you STILL won't be able to restore/slurp their iCloud backups without also having access to one of their trusted devices.
Most importantly, he points out that most of their customers CHOOSE not to use 2-factor authentication. (Which is THE CUSTOMER'S FAULT, not Apple's.) And they are going to start harassing customers to smarten up and use it.
There is nothing more Apple can do than that.
I'm not a security expert, but I'm a network tech. Years ago I attended a basic security class and they stressed to never give correct answers to these personal "security" questions. Make up ridiculous answers and save them in something like 1Password. Perhaps not perfect, but it does allow for an extra layer of protection.
Although I'm sorry it happened, it's hard to feel sorry for these folks. They are extremely well-paid, and perhaps, along with their agents and PR people, they could afford to hire technology consultants?