Apple rolls out two-factor authentication, iForgot service is back up

23 Mar 2013157 Views

Share on FacebookTweet about this on TwitterShare on LinkedInPin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInPin on PinterestShare on RedditEmail this to someone

Apple’s iForgot password reset page is back up and running after a security hole that allowed unauthorised resets was discovered. In recent days Apple launched two-factor authentication.

Apple this joined internet giants like Dropbox, Facebook and Google to deploy two-factor authentication to keep password hackers at bay. Instead of just putting in a password each time you want to download an app, a unique 4-digit verification code is sent to a trusted device and has to be inputted before the transaction goes ahead.

However, just as Apple was rolling out the new service a security hole was discovered that allowed unauthorized password resets to occur on accounts still using single-step authentication. Users who had already moved to two-factor authentication were free of the threat.

Support Silicon Republic

Apple took down its iForgot password reset page to fix the vulnerability.

According to iMore the vulnerability enabled a hacker who had access to a victim’s date of birth and Apple ID to send Apple a URL that allowed them to reset the password without needing to answer any security questions.

Cloud security image via Shutterstock

John Kennedy is an award-winning technology journalist who served as editor of Siliconrepublic.com for 17 years.

editorial@siliconrepublic.com