Apple Confirms Suspension of Over-the-Phone Password Resetsby Roberto Baldwin, wired.com
January 16th 2013
Apple has confirmed that it has temporarily suspended the practice of resetting AppleID passwords by customers over the phone.
“We’ve temporarily suspended the ability to reset Apple ID passwords over the phone,” Apple spokesperson Natalie Kerris told Wired via email. “We’re asking customers who need to reset their password to continue to use our online iForgot system (iforgot.apple.com).
“This system can reset a password in one of two ways – either have a password reset sent to an alternate email address already on record or challenge the customer to answer security questions they had previously set up. When we resume over-the-phone password resets, customers will be required to provide even stronger identify verification to reset their password.”
On Tuesday, we reported that the ability to reset an Apple ID over the phone had been suspended, according to a source at Apple and tests by the Wired staff.
The over-the-phone password reset of an Apple ID was key in a hacker’s ability to infiltrate and obliterate Wired writer Mat Honan’s iCloud account and wipe his iPhone, iPad and MacBook Air. The hacker was able to dismiss the security questions asked by an Apple representative and instead offered up the last four digits of the credit card tied to the account.
The credit card information was gleaned from Amazon via a social engineering scheme that allowed the hacker to create a new email address for Honan’s Amazon account. Amazon has since suspended the practice of allowing new email addresses be added to accounts over the phone.
Apple and Amazon’s suspension of the practices that allowed nefarious individuals to access accounts is good, but individuals should be mindful of their own security practices to mitigate the likelihood of being hacked. Wired has a some helpful tips to help secure your digital life.
Original Page: http://pocket.co/sGRLk
Shared from Pocket