Tuesday, August 7, 2012

My Apple ID Episode From 2008

In the wake of Mat Honan’s story, Marko Karppinen shares his story from 2008 in which “Apple just gave out my Apple ID password because someone asked.” Via Paul Kafasis, who writes:

As long as Apple believes the last four digits of your credit card are enough to verify you, however, your Apple ID is definitely not safe.

An Apple ID is pretty much required these days, but you can at least limit the potential damage. Don’t use iCloud’s e-mail account, even as a backup address supplied to other services. Honan’s Gmail was compromised because the password recovery e-mail went to his me.com address. And don’t enable Find My Mac.

3 Comments RSS · Twitter

Do you mean:

1. Don’t use iCloud’s own email service, or
2. Don’t use the email address that is the Apple ID, even if it is not using iCloud’s email servers?

The reason I ask is that I originally did create a new me.com address that served as my iCloud login. Since that was different from my old Apple ID, which I had used for iTunes purchases etc., I manually migrated the data to a new iCloud account once it was out of beta. That address is also my email account, but it is not hosted by iCloud. What do you think?

@Martin I mean don’t use iCloud’s own e-mail hosting (i.e. @me.com/@icloud.com).

[...] is much better than asking for a device serial number and should help against Mat Honan–type social engineering. If you no longer have access to one of your devices, go to My Apple ID to remove that device [...]

Leave a Comment