|AOL.com Mail Search|
The ripples from Mat Honan's weekend security incursion keep pushing outward. Earlier today Amazon shifted policy to prevent account details from being changed via a phone call, which blocks one avenue the hackers used to get the personal info used to compromise Honan's iCloud account. Now, according to Wired, the other shoe has dropped: Apple's phone support team is in a 24-hour freeze for account resets by phone.
This change, which Wired confirmed with an internal Apple source and also tested directly by trying to perform a password reset in a call with AppleCare, might be a temporary holding action until Apple comes up with a more permanent adjustment to its security policies. As Honan's story unfolded late Friday night, it wasn't immediately clear how the hackers gained access to his iCloud account, but it turned out that with just an email address, mailing address and the last four digits of the account's credit card, AppleCare would provide a temporary account password over the phone.
Apple could implement a two-factor authentication scheme similar to Google's approach, but that's confusing to set up for mobile devices and in situations where a separate challenge step doesn't work smoothly (calendar or email apps, for instance). Apple could also do a callback step to the phone that's on the account, although in the case of a stolen phone that might not help. Even a multiple-choice "which of these songs did you purchase on this date" account detail check might add some security to the process, but a perfect system hasn't been invented yet. Google's Tim Bray is working on the future of authentication, and he comments that one way to be safer online is to not be "the softest touch on the block" -- if
|Apple TV||Mac 101|