Apple toughens up phone password reset system

Apple is hardening up the security around its phone password reset service, but in the mean time, it's taking no risks by taking the service down for now.

Following the highly publicised breach of former Gizmodo journalist Mat Honan, Apple has suspended the ability for AppleID passwords to be reset over the phone, while it hardens up its security.

"We're asking customers who need to reset their password to continue to use our online iForgot system."

According to Apple, the system resets password either by having a unique reset link sent to an alternative email address that was already on record, or by asking the customer to answer security questions, also previously on record.

Apple's password reset form.(Screenshot by Michael Lee/ZDNet)

Apple's password requirements specify that they must be at least 8 characters in length and contain a minimum of one letter, one capital letter, one number and not more than three consecutive characters. Passwords must also not be the same as the account name or have been used in the past year.

Although it doesn't state the maximum length, Apple accepts passwords up to 32 characters in length.

At the moment, the iForgot system provides users with options to recover their AppleID password, but attempting to recover a username still takes the user through the same password recovery process first. The username is eventually emailed when the account password is reset, however.

In the meantime, the incident has, at least, raised the issue to the foreground, possibly paving the way for other companies to harden their security . Apple appears to be changing its password reset mechanism and/or policies, stating that when the ability for reset passwords over the phone resumes, customers will be required to "provide even stronger identify verification to reset their password".


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All