Last month when Wired‘s Mat Honan was hacked thanks to Apple’s password reset protocol, it scared the pants off Apple. It was frightening the ease with which the hack was accomplished and horrifying what was destroyed in the process. However, Apple’s response has sent them flying too far in the opposite direction. Instead of having a fairly simple and easy password recovery process that can easily be hacked, the iTunes creator lept to the far end of the spectrum. As a result, I hope you have your information written down somewhere, because if you forget your password and the answers to your security questions, it’s basically impossible for you to recover your account at the moment.
Apple was obviously flustered by the hacking. They didn’t seem to know what to do or what direction to take to fix their security issues. They just knew that they had to fix it fast. And while it is wonderful Apple wants to fix their mistakes (and just about anything would be better than requesting nothing more than the last 4 digits of a customer’s credit card, something that’s available on just about any receipt and definitely not secure enough for this kind of verification), Apple still hasn’t figured out exactly how they DO want to verify who you are. If you were to call Apple right now and request a password reset, you’d get a very simple answer that smacks of HAL from 2001: A Space Odyssey (assuming your name is Dave): “I’m sorry. I can’t do that, Dave.”
What exactly am I trying to say? I am saying that after Honan’s hack, Apple changed their protocol so that currently there is absolutely no way for Apple support personnel to reset your password or your security questions if you’ve forgotten both of them. On top of that, they can’t reactivate a disabled account, no matter why it was disabled. If your account was disabled and you want it back, you’ll be put in the text version of being on terminal hold – Apple support will take your information down, put it on a list, and then put it away for (hopefully) future corrections.
To clarify, if you have either your password OR the answers to your security questions, you’re still okay — support can help you get back into your account. But if you’ve forgotten both of those pieces of information, you’re completely out of luck until who knows when. No songs or movies bought through iTunes, no updates to apps you already own, and (worst of all, in my opinion) no updates – security or software – for OS X or iOS.
No, this isn’t happening to me, thank goodness. But it is happening to quite a few people, and is turning into a hassle for Apple and their customers alike across the board. Now while dotTech has no brilliant suggestions on how Apple can find a balance between a hacker-friendly system and a user-unfriendly system, let’s just hope they get themselves straightened out soon, because I can only imagine the headache if this continues any longer. Come on, Apple, get your head in the game and show us why
we they all love you!