Apple ID

New in iOS 8.3: download free apps and iTunes media without entering Apple ID password

Christian Zibreg ∙ March 22, 2015

A new 'Password Settings' section has been discovered in the Settings app of the current iOS 8.3 beta which will permit users to set up their iPhone, iPod touch or iPad so that downloading free iTunes apps and iTunes media won't require an Apple ID password.

The new option is only exposed to users when Touch ID is disabled, reports 9to5Mac. With Touch ID enabled, the new option is unavailable.

This is understandable to an extent, because approving purchases — free or paid — with the tap of a fingerprint is a frictionless experience.

Read More

Apple patches serious vulnerability that let hackers take over your Apple ID

Christian Zibreg ∙ January 5, 2015

As of today, brute-forcing your way into your ex's Apple ID or iCloud account by way of dictionary-based attacks is no longer a viable option.

As reported by James Cook of Business Insider, Apple's reportedly patched a vulnerability in its iCloud service that determined hackers were able to exploit in order to hack into your Apple ID account.

Even though Apple IDs that employ weak passwords and don't use Apple's vaunted two-step verification feature were at greatest risk, we're most certainly glad that Apple's moved so swiftly to increase online security of its users.

Read More

New Apple ID attack tool surfaces as Apple pulls Photos web app from iCloud.com

Christian Zibreg ∙ January 2, 2015

Friday, a new attack tool was posted to GitHub that uses brute-force dictionary attacks on iCloud and Apple ID accounts with weak passwords. Using a dictionary list containing more than 500 words, the 'iDict' tool pretends to be a legitimate iPhone device trying to log in to iCloud.com. Somehow, it manages to avoid Apple ID lockout restrictions.

People with complex passwords shouldn't be concerned but those with simple ones based on commonly used words such as pet names are at risk. If you fall in that category, you're wholeheartedly recommended to change your password and optionally enable two-step verification for your Apple ID.

Seemingly unrelated to 'iDict', the Photos web app mysteriously disappeared from the iCloud website this morning.

Read More

Elcomsoft’s Phone Breaker can now help access iCloud data protected with 2-step verification

Christian Zibreg ∙ December 18, 2014

Moscow-based Elcomsoft, which produces a mobile forensic tool used by law enforcement around the world to gain access to a suspect's iOS devices, has updated its Phone Breaker application which now makes it easier to bypass Apple's two-step verification for Apple ID accounts in order to access underlying iCloud data, Engadget reported Thursday.

Not only does this include iWork documents stored in iCloud, but also data in third-party apps such as WhatsApp communications, 1Password password databases — even user dictionaries that may contain secret words and phrases — provided a user has enabled the app in question to sync data with iCloud.

Although hackers still need both your Apple ID username/password and a two-factor code sent to your trusted device (or a digital token stolen from your computer), once they do gain access to your account Phone Breaker can then create a digital token granting them permanent access to iCloud data, no two-step verification code needed — until you change your Apple ID password, that is.

Read More

Poll: is your Apple ID protected with two-step verification?

Christian Zibreg ∙ Updated October 14, 2018

Two-step verification protects your Apple ID from unauthorized access when accessing iCloud.com and the Apple ID web interface or when when making an App Store or iTunes purchase from a new device. It's an additional layer of security which combines something you know (your Apple ID password) with something you have (an iOS device).

Once enabled, it requires that you enter a four-digit code after providing your Apple ID credentials, with the code being pushed to a trusted iOS device.

You will also get a 14-character Recovery Key to regain control of your account should you ever lose access to your trusted devices or forget your password.

So, is your Apple ID protected with two-factor verification or do you still trust your digital life with the good ol' password in conjunction with security questions?

Read More

How losing your Apple ID Recovery Key could permanently lock you out of your account

Christian Zibreg ∙ Updated October 14, 2018

With two-step verification enabled for your Apple ID, you don't need to create or remember any security questions because your identity is exclusively verified using your password, verification codes sent to your trusted devices and your Recovery Key.

The added layer of security is a tremendous convenience, but with great power comes great responsibility and I can't stress enough how crucial it is to ensure you never forget where you stored your Recovery Key. As Owen Williams of The Next Web learned the hard way, they're calling it "Key" for a good reason.

Losing your Recovery Key puts you at risk of being locked out of your Apple ID if Apple's temporarily disabled it as a security precaution because someone's tried to hack it.

Apple cannot grant you access back into your Apple ID. This is by design: the system's been engineered in such a way so that only you can regain access to it. And in order to do that, you absolutely need a Recovery Key.

Here's what to know about securing your Apple ID with two-step verification.

Read More

Apple: two-step verification for Apple IDs will require app-specific passwords starting tomorrow

Jeff Benjamin ∙ Updated October 13, 2018

If you have two-step verification enabled and you're currently signed in to a third-party app using your Apple ID password, you'll need to adjust to a new change starting tomorrow. For security purposes, Apple is introducing app-specific passwords to access iCloud data using third-party apps.

Apple will allow users to generate these app-specific passwords via the Password & Security section of its Apple ID website. Once there, you'll simply need to click Generate App-Specific Password to create a password for the third-party app that you wish to grant access to your iCloud data.

Read More

Apple reportedly patches Find My iPhone vulnerability to hack Apple ID accounts

Christian Zibreg ∙ September 1, 2014

According to The Next Web this morning, Apple has allegedly patched a security hole in the Find My iPhone service which allowed nefarious users to brute-force Apple ID passwords, according to Twitter user @hackappcom who posted a proof of concept titled 'iBrute' to GitHub on Saturday.

This should be good news for celebrities who reported their iCloud accounts being hacked and saw their nude pictures posted online.

As Cody told you yesterday, Academy Award winner Jennifer Lawrence and several other celebrities found themselves in the middle of a major nude photo leak after attackers apparently exploited a vulnerability in Apple’s Find My iPhone service.

Read More

How to create an Apple ID without a credit card

Sébastien Page ∙ Updated May 8, 2023

Having an Apple ID is a prerequisite to do just about anything related to Apple services. If you want to buy music on iTunes, download apps in the App Store, or use iCloud, you must have an Apple ID.

A few years ago, linking a credit card to an Apple account was mandatory. But Apple has changed its stance and has been letting users create an Apple ID without a credit card for a while now.

Whatever your reason might be to do so, we are going to show you how to create an Apple ID without a credit card...

Read More

Apple ID 2-step verification live in 48 new markets

Christian Zibreg ∙ July 17, 2014

It appears that Apple has rolled out its two-factor authentication feature for Apple ID accounts in an additional 48 markets, bringing the total number of countries which support this security-minded feature to a cool 59.

Two-factor authentication bolsters up your security when logging in to your Apple ID account on the web by combining something you know - your Apple ID username and password or a Recovery Key - with something you own - a four-digit authorization code sent to your iPhone, iPod touch or iPad device...

Read More

Apple rolling out two-step verification for iCloud web portal

Cody Lee ∙ June 30, 2014

Apple has apparently begun rolling out a two-step verification system to its iCloud web portal this afternoon. The new system adds an additional layer of security to an area that offers access to web versions of stock Mac and iOS apps like Mail, Contacts and Calendar.

It's not clear if Apple is simply testing the feature with some users or plans to eventually roll it out to all iCloud.com subscribers, but it seems not everyone has access to it yet. Those who do see it, though, say it requires users to enter a special code to access their apps...

Read More

Apple plans to improve AppleCare+ and iOS device support in near future

Joe Rossignol ∙ Updated April 17, 2018

According to the well-connected blogger Mark Gurman, citing Apple employees that wish to remain anonymous, Apple Vice President of AppleCare and technical support Tara Bunch held a Town Hall meeting this week for AppleCare employees. At the meeting, several upcoming improvements to AppleCare+ and other support platforms were outlined.

Bunch hinted that AppleCare+ may be expanded to additional countries, although it is a challenging process because of the insurance and government-related legal processes that vary between countries worldwide. Bunch also told employees that Apple is testing a pilot program to expand the eligibility window for purchasing AppleCare+ to 60 days. Several other changes are incoming… 

Read More