This is the only possible response after the "exploit" was published. Amazon's process was appropriate for their business, and the problems the journalist experienced were due solely to the level is security Apple chose to implement and their decision to allow remote wiping of people's Macbooks.<p>This is only a story because of Apple's of operational decisions. The information required to game their system could have come from a myriad of sources other than Amazon.
While they have closed the loophole for adding credit cards, you can apparently still change your email or password via phone: <a href="http://www.forbes.com/sites/kellyclay/2012/08/07/amazon-tightens-security-after-high-profile-hacking-sort-of/" rel="nofollow">http://www.forbes.com/sites/kellyclay/2012/08/07/amazon-tigh...</a>
I would like to see a customer service/tech support org where customers have to enter their 2-factor PIN at a phone menu before reaching a <i>human</i> support agent. You could possibly combine that with caller ID for better verification - basically use phone # like a username and the PIN as password.<p>Or you could just use them alongside other verification steps.
Is it possible to prevent a remote wipe by Apple? Or at least so it is only possible with knowledge of my password? If I lose <i>both</i> my MBA <i>and</i> my password, I am ok with not being able to remote wipe.<p>EDIT: OK, I can disable remote wipe entirely by disabling 'find my mac'.