iforgot.apple.com - legitimate?

[Danneman101]

Yesterday I was trying to log into my developer's account (ios), but my password wouldn't work. Instead I was redirected to "iforgot.apple.com". There I had to submit my email adress to receive an email to reset my password. However, having done so I tried to log into my account again, but this time the OLD password worked, not the new one I tried to reset to. This sounds very suspicious, so I'm wondering if this was really a legitimate email.

I hadn't been opening my account for about 2 weeks prior to this. The sender for the first mail was: appleid@id.apple.com

 

[ChristianVirtual]

The mail ID looks ok; same I got all the time I had to reset my accounts.

Could it be that you just had some typos ? Depend on your password strategy ? Did you really changed to the new password ?
To be really safe maybe do it one more time.

 

[0dev]

Yes, iforgot.apple.com is legit. If the domain name is apple.com, it's Apple. If it was iforgot.apple.iscx.fr or something, then it'd be dodgy.

 

[chown33]

iforgot.apple.com is an HTTPS-only site. You can look at its SSL certificate to see who issued the certificate, who it was issued to, etc. Simply click the lock icon at upper right in title bar of window (Safari). Other browsers may have other ways of indicating an HTTPS server.

 

[Danneman101]

That's comforting - thanks guys