Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
So the weak link is people who naively put their birth date on Facebook :rolleyes:

Most people don't consider their DOB to be particularly sensitive information. That's why you shouldn't introduce huge backdoors in your authentication infrastructure that let people use a DOB to get into someone's account.
 
So the weak link is people who naively put their birth date on Facebook :rolleyes:

Yup. As if anyone with an ounce of sense would know not to put something as sensitive and private as your birthdate on a website. That's almost as bad as posting your social security number on a messageboard. Idiots.

As usual, a bunch of Apple Haters are blowing a nonissue little problem that only effects a small number of people out of proportion. :rolleyes:
 
Unfortunately, it appears if you have a .mac email address as your AppleID, you're screwed. Signing in with that, I have no option to enable the 2-step security process (I do have the option with my .me/iCloud AppleID). And since Apple will not allow you to transfer purchases to another AppleID (something I've wanted to do for years), I'm stuck with that. Which is, apparently, now insecure. Thanks, Apple!

I have a .mac account as well and I did it yesterday. There is a 3 day "stasis" period to ensure account security integrity - I'm in that waiting period.
 
I don't quite understand. Do they get access to my account with this method or do I just get an email that my password has been reset and I need to put in a new one?
 
So the weak link is people who naively put their birth date on Facebook :rolleyes:

The weak link is you don't even need access to the users email account to reset the password. Apple is the only one to blame on this one. Getting someone's birthdate doesn't require Facebook and it doesn't require it to be posted online.
 
OK so I'm trying to set up my two step verification and when I get to Password and Security I get two security questions that I've never see before and know I've never answered before. I can't get past that screen because none of the answers I put in are correct. WTF Apple?!? Seriously someone's head needs to roll over all these security glitches. :mad:
 
OK so I'm trying to set up my two step verification and when I get to Password and Security I get two security questions that I've never see before and know I've never answered before. I can't get past that screen because none of the answers I put in are correct. WTF Apple?!? Seriously someone's head needs to roll over all these security glitches. :mad:

Same issue here, tried to follow this kb article, but the options don't exist anywhere I can find.
 
OK so I'm trying to set up my two step verification and when I get to Password and Security I get two security questions that I've never see before and know I've never answered before. I can't get past that screen because none of the answers I put in are correct. WTF Apple?!? Seriously someone's head needs to roll over all these security glitches. :mad:

This is exactly what just happened to me. I never set any security questions to my accoount, yet I'm getting a randomized of at least 5 that expects an answer I've never put in.

This is some pretty damn sloppy work on Apple's part.
 
Apple is just a horrible web services company. They've never done much right in the space.
I guess you think Google is so much better. The same company that had a major breach that they kept silent on details for almost a year. I guess they were waiting for the focus to die down. If Apple waited six days to provide details or respond you would have called for Cook's head.
http://money.cnn.com/2010/04/20/technology/google_hacker/index.htm
 
Why is it that any time Apple drops the ball, you have at least 14 people pop up per thread saying "Yeah? Well X is worse"!

I don't care how much worse someone else is. The only thing I do care about is that all my accounts are secure. Right now, now matter how bad the other guy is, or how many times they've dropped the ball in the past, Apple isn't doing much better right now.
 
This is exactly what just happened to me. I never set any security questions to my accoount, yet I'm getting a randomized of at least 5 that expects an answer I've never put in.

This is some pretty damn sloppy work on Apple's part.
Yep I'm calling Apple to complain right now. :mad:
 
I guess you think Google is so much better. The same company that had a major breach that they kept silent on details for almost a year. I guess they were waiting for the focus to die down. If Apple waited six days to provide details or respond you would have called for Cook's head.
http://money.cnn.com/2010/04/20/technology/google_hacker/index.htm

That breach had nothing to due with security holes in Google's system. Apple hasn't been forthright at all on iTunes account hacking over the years either.
 
Yup. As if anyone with an ounce of sense would know not to put something as sensitive and private as your birthdate on a website. That's almost as bad as posting your social security number on a messageboard. Idiots.

As usual, a bunch of Apple Haters are blowing a nonissue little problem that only effects a small number of people out of proportion. :rolleyes:
My IP address is 127.0.0.1 and I dare you to hack me. :D
 
Well, I would love to activate the two-step verification. But it seems like some countries are once again of lower priority :(
 
Google doesn't share any personal details about my email to anyone. They allow advertisers to bid on what to put in my window as i look at my email.

I frankly don't get why you are so concerned about it. It's not like google is handing out my email accounts, age, sex, income level to the highest bidder. In fact, I think google is one of the first email providers to provide automatic https support when accessing email to improve security.

Google's was intentional, Apple's wasn't. That's all I meant, nothing more. Sorry for inciting hatred, I'll proof-read next time. :D
 
Apple is just a horrible web services company. They've never done much right in the space.

Apple is just plain bad at a lot of things.

I know someone who was able to "buy" almost $5,000 worth of TV shows and movies through the iTunes store and not pay a dime. Apple still uses a delayed system that bills after several purchases so that they can try and save costs that they are billed through the card companies. This is why it takes several days to receive a bill. The friend I know, discovered that because of this and a prepaid card loaded with about $5, he could buy a Tv show season or a few movies at a time as long as the cost was under $37 and he could start downloading them before Apples system realized there were not enough funds on the card to cover the cost.

He then opened another account and did it all over again. He only got caught doing this because he did a charge back on a purchase and as part of that process, they searched purchases using his IP and came up with all these accounts. They now have enabled "some" security checks to prevent some of this but if someone had access to hundreds of computers, they could still do it.

They never went after this guy to get their almost $5,000. All they did was prevent his iPhones and Macs from being able to make purchases. He sold the computers and iPhones and bought all new ones and has an Apple account once again and doesn't do the above anymore. Any account created using those old computers and iPhones would result in the new account instantly being disabled.
 
Yep I'm calling Apple to complain right now. :mad:

I'm gonna use Roessnakhan's link to try to see if I can reset the security questions I never put in before I start making angry phone calls.

...but if I can't. Oh damn, son. Oh damn. :mad:

edit: just read the link. It's for setting up a rescue email, and doesn't have anything at all to do with resetting passwords of security questions.

I guess I gotta make a call.
 
i dont get it ... isnt this how u usually reset a password? o_O

when i forgot my password on our train companies site among others i just enter my the email i signed up with and they send me a new password to my email. i mean, who else could read that email with the new password? o_O its still only my email account
 
i dont get it ... isnt this how u usually reset a password? o_O

Usually you put in a request, and you get an email sent to you with a link allowing you to do so.

This isn't what I'm trying to do, though. I'm trying to set up two step verification. Which I can't do because it's asking me security questions that have no answer.

edit: Ha! I just tried resetting my password just to see if going through the process would somehow fix the problem, and...guess what? The password reset service is down due to maintenance! This is grand.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.