Apple to make phone identity verification stronger after Wired hack
Despite initially blaming an individual employee for helping set off a massive hack on a Wired journalist, Apple has now taken some of the responsibility and will improve its AppleID phone identity verification.
Holes in the Cupertino company’s phone verification process as well as others at Amazon led to hackers accessing pretty much every part of reporter Mat Honan’s digital life and ruining large portions of it.
Amazon addressed the issue and on Tuesday confirmed it took steps to end the exploits on its behalf that led to the hack. Apple, on the other hand, only said its part of the failure was because an individual customer service representative did not follow the company’s policies -- although that is up for debate.
But Apple on Tuesday said it was reviewing its processes, and the tech giant concluded it could stand to improve its practices.
“We’ve temporarily suspended the ability to reset AppleID passwords over the phone,” Natalie Kerris, an Apple spokeswoman, told the Los Angeles Times. “When we resume over-the-phone password resets, customers will be required to provide even stronger identity verification to reset their password.”
Kerris also said any users who need to change their password during the phone reset freeze can do so by going to iforgot.apple.com, where they can reset their AppleID’s password after getting a reset sent to another email address or answering security questions.
Of course, alternative email addresses and security questions aren’t bulletproof to hacks either, but at least Apple is doing something to improve customer security.
If you want to improve your security further, Wired suggests getting creative with your answers for security questions, such as by adding extra characters to your answer or swapping the answers for your questions.
PCWorld also suggests making your account recovery email addresses not obvious. Having email@example.com is excellent for your actual email address, but not for your recovery account -- for that feel free to use the firstname.lastname@example.org account you were using in fifth grade to throw off any hackers.
Your guide to our clean energy future
Get our Boiling Point newsletter for the latest on the power sector, water wars and more — and what they mean for California.
You may occasionally receive promotional content from the Los Angeles Times.