March 23, 2013
Apple has already fixed the major password security issue that was discovered just hours ago. As a result, the company's iForgot password reset page is now back up. The issue was first reported by The Verge just a day after Apple introduced a voluntary two-step verification process for iCloud and Apple IDs. Basically, anyone with knowledge of your email address and date of birth could reset the password for your Apple ID. According to The Verge, the security flaw could be exploited by pasting a modified URL when answering the security question regarding date of birth on Apple’s iForgot page. Apple later took the page down in order to prevent further misapplication of the same. The company also publicly acknowledged the issue and said that a fix was already underway. In a statement to The Verge, the company said, "Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix." And now, the issue has indeed been fixed and the iForgot page has been restored online. To minimize the risk of password compromise, it's recommended that you enable two-step verification for your Apple ID. To learn more about the process, read our post about it here.