Forgot password or security questions? Apple will say too bad, wipe iTunes account, and lock you out

Last month when Wired‘s Mat Honan was hacked thanks to Apple’s password reset protocol, it scared the pants off Apple. It was frightening the ease with which the hack was accomplished and horrifying what was destroyed in the process. However, Apple’s response has sent them flying too far in the opposite direction. Instead of having a fairly simple and easy password recovery process that can easily be hacked, the iTunes creator lept to the far end of the spectrum. As a result, I hope you have your information written down somewhere, because if you forget your password and the answers to your security questions, it’s basically impossible for you to recover your account at the moment.

Apple was obviously flustered by the hacking. They didn’t seem to know what to do or what direction to take to fix their security issues. They just knew that they had to fix it fast. And while it is wonderful Apple wants to fix their mistakes (and just about anything would be better than requesting nothing more than the last 4 digits of a customer’s credit card, something that’s available on just about any receipt and definitely not secure enough for this kind of verification), Apple still hasn’t figured out exactly how they DO want to verify who you are. If you were to call Apple right now and request a password reset, you’d get a very simple answer that smacks of HAL from 2001: A Space Odyssey (assuming your name is Dave): “I’m sorry. I can’t do that, Dave.”

What exactly am I trying to say? I am saying that after Honan’s hack, Apple changed their protocol so that currently there is absolutely no way for Apple support personnel to reset your password or your security questions if you’ve forgotten both of them. On top of that, they can’t reactivate a disabled account, no matter why it was disabled. If your account was disabled and you want it back, you’ll be put in the text version of being on terminal hold – Apple support will take your information down, put it on a list, and then put it away for (hopefully) future corrections.

To clarify, if you have either your password OR the answers to your security questions, you’re still okay — support can help you get back into your account. But if you’ve forgotten both of those pieces of information, you’re completely out of luck until who knows when. No songs or movies bought through iTunes, no updates to apps you already own, and (worst of all, in my opinion) no updates – security or software – for OS X or iOS.

No, this isn’t happening to me, thank goodness. But it is happening to quite a few people, and is turning into a hassle for Apple and their customers alike across the board. Now while dotTech has no brilliant suggestions on how Apple can find a balance between a hacker-friendly system and a user-unfriendly system, let’s just hope they get themselves straightened out soon, because I can only imagine the headache if this continues any longer. Come on, Apple, get your head in the game and show us why we they all love you!

[via Gizmodo]

Related Posts

  • Password and username

  • I to help me so need to know my new password and user name

  • @Coyote: I play WoW, and I completely get what you mean about Blizzard. Unfortunately, they did put out a call when they integrated to to tell anyone who signed up with a name other than their legal name to please change it. And when you install an authenticator, you need to write down the serial number and restore code it gives you when you first activate it to avoid that in the future.

    The phone my Authenticator’s on has died three times, but thanks to having the restore code and serial written down in a notepad, I was able to easily attach the authenticator on the next phone I got to it as well.

    I have a friend who has a similar issue, though – he hates his real name and doesn’t use it anywhere online. The moment they enabled the RealID system, they insisted that the name on the account match the name on whatever credit card you use to pay. As a result, he simply let his subscription run out until recently when they updated to the more anonymous Battletag system and now he doesn’t have to worry about people seeing his real name anymore.

  • Coyote

    I just had something similar happen with Blizzard support recently. No mater what information I give them i can not get in my account and by way of that my Diablo 3 game I purchased just months ago.

    My issue is a bit different though, I had used a generic name back in the early 00’s when blizzard was still free for all and was just another game hub. I also attached an authenticator on a tablet that has since died. So sadly Bob Bob isn’t on my drivers license or on any receipts and without the authenticator I can’t even login to games even though I know my password….

    Funny thing they gave me the opportunity to provide the proper government forms for name changes. But I think they can just keep the $60 for the game and forget I ever existed.