+ Reply
Results 1 to 3 of 3

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Apple Puts 24-Hour Freeze On Over-The-Phone Password Resets

is a discussion within the

iPhone News

forums, a part of the

General iPhone

section;
...
  1. #1
    MMi Staff Writer Phillip Swanson's Avatar
    Join Date
    Apr 2011
    Location
    Michigan
    Posts
    1,342
    Thanks
    0
    Thanked 79 Times in 46 Posts

    Default Apple Puts 24-Hour Freeze On Over-The-Phone Password Resets



    Apple’s latest non-answer to the password-reset hack made public late last week is a 24-hour freeze on over-the-phone password resets.

    Apple’s “say nothing” approach to the recent password-reset hack that turned tech writer Matt Honan’s iLife upside down hasn’t helped the public outcry. Sources inside Apple familiar with the matter told Wired today that the over-the-phone password freeze would last at least 24-hours. The employee didn’t know the exact reason behind the stopgap measure, but speculates it’s a temporary measure while Apple determines what changes to make.

    Amazon dealt with a similar loophole recently that allowed people to take control of someone’s account if they knew the account holder’s name, e-mail, and mailing address. Those lucky enough to deal with Sprint’s online account “verification” process over the years could be familiar with account hijacking as well. Sprint’s verification measures used to include (and may still) generic questions that everyone had to answer like “what high school did you go to?” in order to access their account or change their password. Once invaders had access to a user’s account they could order phones, accessories, and other products and have them charged to the user’s account.

    While Apple is rightfully taking a huge right-hook to the chin for this absurd lapse in security, they’re not the only company that utilizes this sort of password reset protocol. Expect changes to sweep across the online security world and fast.

    Source: Wired
    Last edited by Orby; 08-07-2012 at 10:09 PM. Reason: typo

  2. #2
    Green Apple
    Join Date
    Aug 2012
    Posts
    45
    Thanks
    0
    Thanked 1 Time in 1 Post
    This is exactly what should be happening. Only banks and other crucial account-hosting websites should be doing the same

  3. #3
    szr
    szr is offline
    iPhone? More like MyPhone szr's Avatar
    Join Date
    Aug 2009
    Posts
    288
    Thanks
    111
    Thanked 23 Times in 19 Posts

    This is why I custom answers to such security questions that only I would know. For example, a security question for a best friend's name would usually prompt me to use an obscure moniker a friend of mine may have used some 15+ years ago in some obscure system that no longer exists. That sort of thing. Remember, just because security questions ask for certain information, doesn't mean you have to use real information, but rather it's better to use something that's only uniquely (and preferably obscurely) meaningful to you.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts