What are your thoughts on this process? Have you rolled out multi-factor authentication for your organization?
Apple passwords to be reset with only email address, date of birth
Apple yesterday rolled out two-step verification, a security measure that promises to further shield Apple ID and iCloud accounts from being hijacked. Unfortunately, today a new exploit has been discovered that affects all customers who haven't yet enabled the new feature. It allows anyone with your email address and date of birth to reset your password — using Apple's own tools.
Update: We've had a little more time to explore the hack and have yet more bad news to report. Yesterday a number of users were told they'd need to wait three days before enabling two-step verification. As a result, these accounts are fully vulnerable to the exploit. As of right now, the only surefire way these individuals can avoid the security threat is by changing their birthdate through Apple's account settings page. This option is located at the bottom of "Password and Security."
Update 2: Apple's password reset tool is currently unavailable "due to maintenance," a strong indicator that the company is working to patch up the major security blunder. We're still awaiting further details on the situation and will report back when we hear more.
Read the full article on The Verge.