Apple ID Two-step Verification Now Available in some Countries
Today Apple confirms a new exploit against passwords was discovered which was affecting all users who haven't enabled the two-step verification on their Apple ID/iCloud account. The flaw appears fixed now. The steps to set it up are available here.
Apple is implementing a two-step process to login with Apple ID/iCloud accounts. The steps are:
1- You provided your Apple ID and password
2- Apple sends a verification code to one of your devices
3- You enter the code to confirm your identity to complete your login
"Initially, two-step verification is being offered in the U.S., UK, Australia, Ireland, and New Zealand. Additional countries will be added over time. When your country is added, two-step verification will automatically appear in the Password and Security section of Manage My Apple ID when you sign in to My Apple ID." [1]
[1] http://support.apple.com/kb/HT5570
[2] http://www.theverge.com/2013/3/22/4136242/major-security-hole-allows-apple-id-passwords-reset-with-email-date-of-birth
[3] http://www.latimes.com/business/technology/la-fi-tn-apple-security-flaw-20130322,0,2800832.story
[4] http://www.theverge.com/2013/3/22/4137068/apple-confirms-security-threat-working-on-fix
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Comments