Over-The-Phone AppleID Password Resets Will Not Be Allowed Until Apple Beefs Up Security

Over-The-Phone AppleID Password Resets Will Not Be Allowed Until Apple Beefs Up Security

Apple is going to make it much harder to rest your account password from now on.

In the continuing saga of Mat Honan’s digital life getting hacked to pieces, Apple has stopped accepting over-the-phone AppleID password resets indefinitely. In a statement today, Apple confirmed that the freeze it put on over-the-phone password change requests last night will remain in effect until tighter security can be implemented on Apple’s end. For now, all AppleID password resets will have to be done online.

“We’ve temporarily suspended the ability to reset Apple ID passwords over the phone,” Apple spokesperson Natalie Kerris told Wired via email. “We’re asking customers who need to reset their password to continue to use our online iForgot system (iforgot.apple.com).

“This system can reset a password in one of two ways – either have a password reset sent to an alternate email address already on record or challenge the customer to answer security questions they had previously set up. When we resume over-the-phone password resets, customers will be required to provide even stronger identify verification to reset their password.”

The good news is that it will be much harder to impersonate someone when attempting to gain access to an AppleID. A hacker was able to call Apple support, provide bits of information like the last four digits of Mat Honan’s credit card, and gain total access to his account. All of his devices were then remotely wiped with iCloud and his Twitter and Gmail were taken over.

After Apple improves its over-the-phone security procedure, you will assumedly have to answer specific security questions you set beforehand. The issue with the current procedure is that the hacker who took over Honan’s account was able to wave the security questions and only give the last four digits of his credit card.

Amazon is also beefing up its security so that hackers will not be able to social engineer their way into getting credit card information from an Amazon account in the future.

Lock down your email accounts, people. We recommend two-factor authentication for Gmail users. It’s a bit of a pain to set up, but in the end it’s worth the peace of mind.

About the author

Alex HeathAlex Heath is a senior writer at Cult of Mac and co-host of the CultCast. He has been quoted by the likes of the BBC, KRON 4 News, and books like "ICONIC: A Photographic Tribute to Apple Innovation." If you want to pitch a story, share a tip, or just get in touch, additional contact information is available on his personal site. Twitter always works too.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News, Top stories | Tagged: , , , |