Apple Blocks iForgot Password System to Deal With Security Flaw
Apple has temporarily taken its iForgot password system offline to prevent against a security flaw that could let someone reset another person’s Apple ID by knowing only their email and birthdate.
“Apple takes customer privacy very seriously,” the company said in a statement on Friday. “We are aware of this issue, and working on a fix.”
While iForgot has been taken offline temporarily, there are other ways to reset one’s password, including going to the Apple ID Website.
Apple is also in the process of adding the option for Apple ID users to choose a two-step verification process. The process requires users to enter an additional code, sent to an existing device, when making a purchase from a new one.
“Two-step verification is an even more robust process to ensure our users’ data remains protected,” Apple said. “We are now offering our users the choice to take advantage of this additional layer of security.”
Update: The iForgot system is back up and running and the vulnerability appears to have been closed.