“Apple Inc. is beefing up security for resetting user passwords after a journalist wrote about a hack affecting his personal data, highlighting possible weaknesses in the system protecting more than 400 million user accounts,” Adam Satariano reports for Bloomberg.
“The company is temporarily suspending the ability to reset AppleID passwords over the phone while it takes steps to make the procedure more secure, said Natalie Kerris, a spokeswoman for Cupertino, California-based Apple,” Satariano reports. “‘This system can reset a password in one of two ways: either have a password reset sent to an alternate e-mail address already on record or challenge the customer to answer security questions they had previously set up,’ Kerris said. ‘When we resume over-the-phone password resets, customers will be required to provide even stronger identify verification to reset their password.’”
Satariano reports, “Mat Honan, a reporter for Wired, wrote this week… ‘The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification,’ Honan said in his article. Ty Rogers, a spokesman for Seattle-based Amazon, said the company has investigated the reported exploit and closed it off. He declined to elaborate.”