Over-The-Phone AppleID Password Resets Will Not Be Allowed Until Apple Beefs Up Security


Apple is going to make it much harder to rest your password from now on.
Apple is going to make it much harder to rest your password from now on.

In the continuing saga of Mat Honan’s digital life getting hacked to pieces, Apple has stopped accepting over-the-phone AppleID password resets indefinitely. In a statement today, Apple confirmed that the freeze it put on over-the-phone password change requests last night will remain in effect until tighter security can be implemented on Apple’s end. For now, all AppleID password resets will have to be done online.

“We’ve temporarily suspended the ability to reset Apple ID passwords over the phone,” Apple spokesperson Natalie Kerris told Wired via email. “We’re asking customers who need to reset their password to continue to use our online iForgot system (iforgot.apple.com).

“This system can reset a password in one of two ways – either have a password reset sent to an alternate email address already on record or challenge the customer to answer security questions they had previously set up. When we resume over-the-phone password resets, customers will be required to provide even stronger identify verification to reset their password.”

The good news is that it will be much harder to impersonate someone when attempting to gain access to an AppleID. A hacker was able to call Apple support, provide bits of information like the last four digits of Mat Honan’s credit card, and gain total access to his account. All of his devices were then remotely wiped with iCloud and his Twitter and Gmail were taken over.

After Apple improves its over-the-phone security procedure, you will assumedly have to answer specific security questions you set beforehand. The issue with the current procedure is that the hacker who took over Honan’s account was able to wave the security questions and only give the last four digits of his credit card.

Amazon is also beefing up its security so that hackers will not be able to social engineer their way into getting credit card information from an Amazon account in the future.

Lock down your email accounts, people. We recommend two-factor authentication for Gmail users. It’s a bit of a pain to set up, but in the end it’s worth the peace of mind.

Source: Wired