Following the major security vulnerability, Apple has disabled the password recovery feature for Apple IDs. The report was confirmed by the leading technology website The Verge, that the hacker was able to use email address and date of birth of the user to successfully reset the password using Apple’s password recovery tool. The process involved in modifying the URL to cheat the security questions.
Fortunately, the company unveiled Two-Step verification system for Apple IDs, that allows users to add trusted device to reset the passwords. The recently discovered security hole didn’t work through Two-step verification system. However many users are yet to complete the two-step verification.
Apple decided to turn off the password recovery feature until the issue is fixed. Here’s what the Apple spokesperson told AllThingsD.
“Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix. Two-step verification is an even more robust process to ensure our users’ data remains protected. We are now offering our users the choice to take advantage of this additional layer of security.”
Learn to enable Two-Step Verification System for your Apple ID and be secure until Apple fixes the issue.
Update: Well, according to the reports from Apple, the malicious URLs will no longer work and the password recovery facility is back again.