Is there a security model that's both highly secure, and foolproof regardless of the mental faculties of potentially billions of diverse users? I think the answer is, "Obviously not," so the real question is whether or not the necessary compromises made here represent acceptable measures.
Apple has no adequate way to actually verify who anybody is without (a) forcing them to physically visit one of a small number of offices (it can't be every store), and (b) probably charging a significant fee to cover the cost of doing real verification.
And even that demands assuming that the identifying information on the account is right.
For account recovery in store verification is viable. They're already collected data on their customers via payment processors.
I would also force users to watch a video explaining the security features and quiz them before turning them on. You can't expect users to immediately understand how the security model works.
> Apple has no adequate way to actually verify who anybody is without (a) forcing them to physically visit one of a small number of offices (it can't be every store), and (b) probably charging a significant fee to cover the cost of doing real verification.
My bank is able to verify me remotely to login to their app from a new device in under 15 minutes, just with a photo of my ID card and a video of my face. And the bank is liable for any losses caused if they misidentify me.
Your bank verifies that against the copy of your ID that was collected in person when you opened the account (unless you're using some fly-by-night FinTech "bank", anyway). At a minimum, the bank has already collected, and checked, a bunch of other information that it can use to verify you (more than Apple can collect without mass user rebellion). It has reasonable confidence you haven't lied about that information. The bank can use that information to look up more about you in public records (which the bank knows how to do because, unlike Apple, it doesn't operate in every jurisdiction in the world). And I suspect that the ID/video check is on top of proving you already know a password.
Perhaps even more important, the bank knows exactly what liability it's assuming, and what risk it's exposing you to. There's a limit on how much money the app will let you move (even if the bank doesn't tell you what it is). All the transactions you can do are defined by the bank, it knows what's going on at all times, and it can and does apply extra checks for risky-looking transactions.
And bank transactions in general have a whole reversal-based security layer on top of all that.
On the other hand, people use their Apple accounts to log into God-knows-what third party systems with God-knows-what risks and God-knows-what other security measures or lack thereof.
Oh, and also the bank charges you ongoing overt or hidden fees specifically to cover the costs of securing your money. And of insurance if it fails to do so.
Online-only bank Chase from JPM, charges me £0, has a £10k limit on transactions without requiring further verification, and successfully verified me online in under 15 minutes, despite having never seen any of my real documents in person, despite me logging in for the first time in 2 months from a new device that they’ve never seen.
Meanwhile Apple is unable to manage to identify its own customers in its home jurisdiction.
You haven't figured out that there are hidden charges? They're not giving you an account because they love you. They're giving you an account because they're making money on your deposits and/or transactions and not passing it on to you. And the money they're making is pretty proportionate to their risks; the more money you have to lose, the more they're going to make.
Whatever revenue iCloud manages to eke out of a random iPhone is going to be far less, and far less correlated with risk. Apple has to structure the system around the user who buys zero premium services.
> has a £10k limit on transactions
So a low limit by the standards of what we're talking about here, and a nice, quantifiable, insurable amount to boot. Which, as I said before, is the most important part of the whole thing. Oh, and I suspect you'll find out that the limit magically gets lower if the money is being sent to wesellgiftcards.com or whatever.
The person featured in the sob story here claims to have lost an entire career. That's going to be worth quite a bit more than that transaction limit, but how much more is hard to say because it's unquantifiable. It is of course stupid to make that dependent on your iPhone, but Apple still has to worry about it if Apple starts trying to take on responsibility for that kind of stupidity.
> despite having never seen any of my real documents in person
You should get a more responsible bank. Although nowadays they may be able to pull, for instance, your ID pictures from government databases to compare with whatever you send them over the Internet... since they have the numbers (and maybe the authorization) to do the lookups. Unlike Apple.
> Meanwhile Apple is unable to manage to identify its own customers in its home jurisdiction.
"Home jurisdiction" is irrelevant. It's not about where your headquarters are. It's about where you operate. Whatever Apple sets up in its "home jurisdiction", it also effectively has to support throughout the world. There aren't enough phone buyers in Cupertino to support Apple's valuation.
Identity is a really hard problem to solve. Just about any scheme you can think of to verify identity, some smart criminal can think of a way to exploit or circumvent/abuse the system.
Oh no a hard problem. Too bad we don't have smart people to solve it.
You know there are smart criminals who use fake, or fraudulent passports and travel documents? And yet we still go through the process of using them because a system with some control is better than chaos and no control.