This time it was fast. Yesterday we informed you that anyone who knew your email account associated with the Apple ID and the date of birth could reset your password and put one at will, with all that that implies. Within hours of detecting the failure, Apple put the "iForgot" page under maintenance, preventing user access to it. At these hours the page is now active again and the security flaw fixed. Again it is necessary to perform the three steps to reset the password: enter your account, your date of birth and answer the two security questions.
Despite this, it is not difficult to reset the password of anyone you know. The email account and the date of birth is something very easy to find online, and that we know from most of our contacts. The two security questions can be more complicated, or very simple, it all depends on how you have configured it. The tendency of most users is to ask very basic questions that anyone of our acquaintances could easily answer. If you do not want to have problems, it is best to access the Apple page to configure your Apple ID and change the security questions, or enter a date of birth different from the real one, so that only you know what date is associated with your account.
All this until it is available in our country the new two-step verification system which will guarantee that only you will be able to change your account details, including your password, or make purchases on devices that have never been associated with your account before. As soon as this new system is available we will notify you and we will publish the tutorial with the steps to follow, of course.
More information - Another security flaw would allow you to reset your Apple password
source - iDownloadBlog