Yesterday, Apple finally came around on the subject of two-step verification. And for many, the move seemed like Cupertino was taking a stronger stance on protecting those valuable Apple ID accounts. But unfortunately, a new security hole may have opened in the process.
As first reported by The Verge, a "step-by-step tutorial" was discovered online, explaining how to take over someone's Apple ID with as little information as an email address and corresponding birthday.
While we're not going to link to the instructions, or even go into great detail about the security vulnerability, we can attest that it's incredibly simple -- and a bit scary. Email addresses and birth dates are not always secret commodities in this social age.
Now, you may be thinking, "Wait, Apple made two-step verification. No big deal." And for anyone who has completed the extra security precaution released by Apple yesterday, there is certainly less to worry about. But there's another problem: some people are being forced to wait three days to access the feature, ironically enough, as a "security" measure. Whoops.
Thankfully, Apple appears to have taken down the iforgot.apple.com site for resetting Apple IDs, and with any luck, the risk should now be mitigated. Still, maybe not such a bad idea to keep a close eye on that Apple account for the time being.
Follow this article's author, Matt Clark, on Twitter.
