Apple Inc. is enhancing security for resetting user passwords following a report by a journalist Mat Honan which said that the hackers were able to use the last four digits of his credit-card number and his home address to get a member of Apple’s tech-support staff to reset his password, according to Washington Post.
The company is temporarily suspending the ability to reset AppleID passwords over the phone while it takes steps to make the procedure more secure, said Natalie Kerris, a spokeswoman for Cupertino, California based Apple.
He said that the incident highlighted potential vulnerabilities in AppleID, the verification needed for purchasing music, movies and applications from iTunes, as well as downloading software updates and accessing content on Apple’s iCloud Web-storage service.
“This system can reset a password in one of two ways: either have a password reset sent to an alternate e-mail address already on record or challenge the customer to answer security questions they had previously set up,” Kerris was quoted by Washington Post Saying. “When we resume over-the-phone password resets, customers will be required to provide even stronger identify verification to reset their password.”
At the moment, the iForgot system provides users with options to recover their AppleID password, but attempting to recover a username still takes the user through the same password recovery process first. The username is eventually emailed when the account password is reset.