As of today, hacking into Apple IDs by using a dictionary-based brute force is no longer an option, according to James Cook from Business Insider. Most Apple IDs don’t employ weak passwords and use two-step verification and we’re glad Apple has patched its online security for its users.
The information came via Pr0x13 on Twitter. He had created the hacking tool called “iDict” which claimed to bypass Apple’s account lockout restrictions and secondary authentication on any Apple ID or iCloud account. The tool used a dictionary with 500 words to hack into iCloud or Apple ID’s with weak passwords. Granted, more words could be added by using a custom dictionary file.
iDict simulates itself as an iPhone logging into iCloud.com. Apparently, that was enough to fool Apple’s security system to bypass the password protection system Apple had in place. As always, you should never set weak passwords such as pet names or other easily identifiable words. You should always use two-step verification.
If you decide to use two-step verification, store your recovery key in a safe place. Without it, you will not be able to get into your account if you happen to forget your password.