So you're happy now that instead of a few people knowing how to change your details, thousands now do?
Security by obscurity has never worked.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple ID Security Hole Allows Password Reset With Email Address and Date of Birth
- Thread starter MacRumors
- Start date
- Sort by reaction score
Security by obscurity has never worked.
You only wait if you have a password less than 8 characters. Found the below on iMore.
Note: In order to enable two-step verification, you must have a current password that meets Apple's minimum standards of 8 characters complete with at least 1 number and 1 capital letter. If you have to change your current password in order to meet this standard, you'll have a short waiting period before you can enable two-step verification
Yes, this is a bit frustrating as I had a 12 character password that met all of Apple's criterion, yet I still received the three day delay notification during the procedure which seemed to be at least 75% completed.
The page said after the three days expired (they were time and date specific) they would send an email to my Apple account.
Anyway, I'm glad they jumped on it, rather than going silent as they are often wont to do.
OK so I'm trying to set up my two step verification and when I get to Password and Security I get two security questions that I've never see before and know I've never answered before. I can't get past that screen because none of the answers I put in are correct. WTF Apple?!? Seriously someone's head needs to roll over all these security glitches.
This was incredibly annoying. I had two security questions which I had forgotten, fair enough, I opt to reset them and receive the email to do it. But then Apple wants me to fill THREE security questions each allowing me to choose some particular subject and then the form just would not proceed after I filled them up.
If I am already logged in, why do you ask me to answer some security questions in order to add further security to my account with a two step authentication system.
Sigh...
seriously though.. americans are all ignorant..
with the exception of myself.. of course
----------
[EDIT] took down wizard skills..
Last edited:
Here's the reason: Imagine you could turn on Two Factor Authentication immediately. And I happen to have found your password. So I go to the website, enter your AppleID and password, turn on Two Factor Authentication, and you have no chance ever getting back into your account.
Instead what happens is this: I enter your AppleID and password and try to turn on Two Factor Authentication. Apple sends an email to all email addresses of yours that they know. You read the emails, you figure out something is wrong, and call Apple support. Your account is safe.
Just added two-step. Nice. I wasn't able to add my Google Voice number as an SMS device (which does accept texts via email)... maybe the server is slow? I'll try again.
I wouldn't have posted that on here. For his sake, I'd delete it.
I sent him a PM showing just how easy it is to dig up info with only the most minimal amount of effort on the searchers part. If what I found was actually him, between your post and mine, the poor guy is about to get his mind blown.
Yup. As if anyone with an ounce of sense would know not to put something as sensitive and private as your birthdate on a website. That's almost as bad as posting your social security number on a messageboard. Idiots.
As usual, a bunch of Apple Haters are blowing a nonissue little problem that only effects a small number of people out of proportion.
10/10, made me giggle
Except this is like the third one in as many weeks. Just saying dont stick up for apple when they claim to be so secure...
And yet they fail at it every day. My email account on google was constantly getting hacked until I put two-factor authentication on it (thank God they offered that).
----------
Agreed. Birthday? C'Mon.
I dunno. I thought you went out and found it. It'd be funny as hell if you just managed to guess it, though.
I dunno. I thought you went out and found it. It'd be funny as hell if you just managed to guess it, though.
im not even joking.. that was a guess
i mean.. i always seem to take a guess at someone's bday in a situation like that.. but i meant for the online guess to be a miss which (in my head at least) will give me better odds on an irl guess..
so this just set me back a few years..
/damnIt
I recall reading posts on this forum to the effect of "Look what I got today for my birthday!" followed by bragging about whatever new Apple product. People reveal their birthdays all the time.
Regardless, problem is fixed now.
But that wasn't enough here either, you need this tweaked out URL as well. So it isn't like you know my email and my birthday and you are in
----------
Actually that probably is it, sort of. If you look at the deets in the verification notes it says that once you activate two step you can't change passwords without the key or the trusted device. So if someone not you just changed the password then you are screwed to change it cause you don't know the password. Or have the device.
They want everyone to conform to the more complex passwords so they are making 'you' change it. Within minutes you will get an alert the password was changed. And if it wasn't you then you can contact them, reset it yourself etc. the three days is so if you are one of those that only looks at email once a day or its your work email and you won't see it until tomorrow there is hopefully time to see it and stop any nonsense
Same for me. Hopefully it's not an issue between Google and Apple. I was able to send a text between me on one telephone network and my wife on another with no problem.
But is it more than every other company. I suspect not, it rather that Apple is such ripe hit fodder that we are hearing about them and not everyone else. At least not to the same degree
It's complicated, if the issue can be fixed in a short amount of time, clearly it's better if only a few know as opposed to millions.