Arriving right on the coat tails of Apple’s two-step verification implementation, a new security flaw has been found in Apple’s password reset process for Apple IDs. The vulnerability allows an attacker to reset your Apple ID’s password with only the knowledge of your Apple ID and date of birth, completely bypassing the need to answer your security questions. The Verge first reported the vulnerability after being tipped off to the hack.
Apple has joined the growing list of companies offering two-step verification to secure their accounts. By enabling two-step verification, whenever you attempt to log in on a new device with your Apple ID, you will be asked to enter a 4-digit verification code. This code will be sent to a device that you have registered as a trusted device, such as your iPhone, via a Find My iPhone notification or SMS.
After the news of Mat Honan's horrible experience of getting hacked, many of you are probably (and if not, should be!) taking extra precautions with your accounts, passwords, and general outlook on digital security. One of the big mistakes that Mat said he made was to not setting up Gmail's 2-step verification. Admittedly, this is a somewhat annoying security measure, but it's totally worth it.
iMore is here to help you every step of the way with setting it up!