filed in E-Business on Mar.25, 2013
The reset system was taken offline on Friday, just as we were reporting that the two-step authentication option now allows security-conscious users of iTunes, the App Store, iBooks and other Apple services to require verification of new devices. That means users must get a security code sent by text message or Apple's Find My iPhone feature before that unknown device can access accounts, much the way many banks verify user accounts.
Two-step authentication as well as two-factor identification -- in which users must answer a security question, input a jumbled word, or recognize an image -- are increasingly being added to web sites and services to thwart hackers, like those who commandeered the Twitter accounts of Burger King and Jeep last month, and sent a stream of malicious messages.
An irresponsible web site Friday posted detailed instructions on using tomfoolery to get into other users accounts, as reported by the online magazine, The Verge, which said the feat was accomplished by pasting in a modified URL while providing a date of birth in the password reset process. It did not identify or link to the source of the information. The Verge also noted that you can change your birthdate in account settings.
The two-step verification process would prevent the exploit, but it evidently takes up to three days for this system to take affect. So, those who signed up Friday will have to wait a bit. Meanwhile, if you forgot your password, no music, apps or e-books for you,...