On 08/23/2012 09:27 AM, da...@lang.hm wrote:
On Thu, 23 Aug 2012, lopser wrote:
From: da...@lang.hm [mailto:da...@lang.hm]
On Thu, 23 Aug 2012, lopser wrote:
Guess what? Account seems to be compromised? Use the information
from
"Account Recovery Options." Duh. ;-)
are you aware of the trouble that Mat Honan just had to go through as a
result of people using the insecure "account recovery options" of
apple?
If people give insecure verification information ("Q: Please verify
your PIN." "A: Five, Five, Five, Five.") then they can't blame the
company. Garbage in, garbage out.
I'll certainly admit there are a lot of people out there who fall
into precisely this category. But at some point, people need to be
held responsible for their own lack of security.
I'll agree on the point of Apple's policy being broken. Verify the
last 4 digits of your credit card? Anybody could know that.
While I agree that Apple did stupid stuff, I think you are missing the
forest for the trees.
Most of the information that's used for "account recovery" options is
finable (where were you born, your mother's maiden name, your pet's
name, etc) due to the ease of searching for what was at one point
obscure data about you.
People actually use real information for the account recovery
questions? Wow...
Paul
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
