Four-digit passcode identifies device on top of user credentials
Apple is either testing or in the process of rolling out two-step verification for its iCloud.com portal, optionally allowing users who want to use the two-factor authentication to enter a random four-digit passcode on their device in order to add it to a list of "trusted" devices. The option is not yet available to Apple ID accounts that have previously set the preference for using two-step verification, but improves security over the default "Apple ID password only" method.
Vulnerability shut down, but fooled visitors into providing info
Late Wednesday afternoon, Electronic Arts reported that it had finally closed a serious vulnerability on its web servers that allowed hackers to host a fake "Apple ID" page -- part of a phishing scam that attempted to trick users into visiting the fake page and supplying personal information and credit card details that Electronista reported on earlier today. Netcraft, which originally spotted the compromised pages, reported the problem to EA on Tuesday night.
Compromised EA server used to collect Apple IDs, personal information
A web server owned by game publisher Electronic Arts has been compromised and used in a phishing attack against users of Apple services, a security firm has claimed. The server, apparently used to host a calendar under the ea.com domain, is said to be used to try and acquire the Apple ID credentials of potential victims by posing as an account verification site.
Children under 13 can have accounts only through recognized schools
In an effort to further promote and support the iPad for students, the company is bending a rule that children under 13 can't have Apple ID accounts and allowing schools and "approved educational institutions" to create accounts for students under the age limit. Children between 13 and 18 are now requested to review the terms and conditions with parents or guardians when creating an account. In order for schools to implement Apple IDs for kids under 13, the institution must obtain the students' parent's consent.
Better security comes at a cost for forgetful customers
With the release of the iPhone 5, a number of previous and new customers are encountering first-hand the new reality of Apple's increased emphasis on better security: it is now much more difficult to reset one's iCloud or Apple ID password than it used to be. While this is overall better for consumers in terms of making it harder for identity thieves to gain control of an account, it is also more difficult for customers who may not be able to jump through the newly-required hoops set up to ensure their identify before a reset can occur.