Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Enhancing Apple ID Safety by Enforcing Security Question Requirements

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,552
30,876



The Next Web reports that Apple has begun enhancing the security of users' Apple ID accounts, requiring those who have do not have alternate email addresses and security questions on file to add them.
In the past 24 hours, Apple appears to have started prompting iOS devices owners and those with Apple IDs within iTunes to make their accounts more secure, requiring them to pick three security questions and enter their answers when they download a new app.

The company is also asking users to enter a backup email address, in order to better protect their device but also their account (which is tied to Apple's Retail website and all of its media services).
Click to expand...
iphone_security_questions.jpg



Hacking of iTunes Store accounts has been a long-standing complaint from a number of users, but with over 225 million user accounts, they make for a popular target for phishing, brute force hacking, and other methods. The company has occasionally taken steps to improve account security such as last August's addition of confirmation emails when content is purchased from a previously-unused device, and the company undoubtedly evaluates its security practices on an ongoing basis.

Article Link: Apple Enhancing Apple ID Safety by Enforcing Security Question Requirements
 
Article Link
https://www.macrumors.com/2012/04/12/apple-enhancing-apple-id-safety-by-enforcing-security-question-requirements/
FloatingBones

FloatingBones

macrumors 65816
Jul 19, 2006
1,486
745
Does Apple suggest that you not put answers to your security questions that can be looked up from public sources -- like a Facebook account? :rolleyes:

Do users realize that the best strategy is to give non-sequitur responses to this kind of question: The first school you attended was: tangerine trees.
 
3

3282868

macrumors 603
Jan 8, 2009
5,281
0
How about combining multiple ID's? It'd be nice as over the years many have used different email addresses, etc. and having to enter/authorize all of them is a PITA.
 
D

dethmaShine

macrumors 68000
Apr 13, 2010
1,697
0
Into the lungs of Hell
FloatingBones said:
Does Apple suggest that you not put answers to your security questions that can be looked up from public sources -- like a Facebook account? :rolleyes:

Do users realize that the best strategy is to give non-sequitur responses to this kind of question: The first school you attended was: tangerine trees.
Click to expand...

The question is: Do you actually put in right answers for these questions? Obviously, I don't.
 
B

benspratling

macrumors 6502
Jan 16, 2006
417
136
I hate this feature

The limited questions annoyed me to no end the other night trying to figure out what to do since I could only remember the answers to 2 questions "What was your first car" and "what was your favorite car?" and it wouldn't let me give the same answer to both... I had to make up answers to other questions then program them into my keychain app! Geess.... Then I had to have a second e-mail account? This is just rubbing me the wrong way.
 
S

StealthGhost

macrumors regular
Oct 13, 2010
131
0
I just wish I didn't have to put it in every time I download or update an app. Maybe there is a way to avoid that, I haven't looked in a while, but it would be nice.
 
57004

57004

Cancelled
Aug 18, 2005
1,022
341
I hate this... Security questions are useless if you use good passwords. They actually make it easier to hack an account because they are usually things found out pretty easily.

This is only good for those people that use stupid passwords like the names of their children, dog, or top-100 common ones like 'sunshine' or 'password'.
 
E

ed724

macrumors regular
Aug 1, 2009
227
1
Quote:
Originally Posted by FloatingBones View Post
Does Apple suggest that you not put answers to your security questions that can be looked up from public sources -- like a Facebook account?

Do users realize that the best strategy is to give non-sequitur responses to this kind of question: The first school you attended was: tangerine trees


dethmaShine said:
The question is: Do you actually put in right answers for these questions? Obviously, I don't.
Click to expand...

Wow, as in "non-sequitur", maybe ?
 
J

JohnDoe98

macrumors 68020
May 1, 2009
2,488
99
Back-up email? Seriously? I don't have a need for multiple email addresses, one suits me just fine.
 
GSPice

GSPice

macrumors 68000
Nov 24, 2008
1,632
89
It's sad how the terms "hack", "hacked", "hackers" have been mutilated with the advent of online accounts. :(
 
pgiguere1

pgiguere1

macrumors 68020
May 28, 2009
2,167
1,200
Montreal, Canada
I hope my iPhone won't start to constantly ask me to answer those questions just for me to use it normally.

Ever since I got iTunes match, my iPhone already asks me to type my Apple ID password several times a day just so I can play music (not sure if bug or feature).
 
E

Exhale

macrumors 6502a
Sep 20, 2011
512
145
If I understand it correctly, the questions are used only when you have already logged into the account in question - in which case it does slightly improve security.

If I understand it incorrectly, the questions are used more traditionally (e.g. "get back my account"). In that case, it only worsens the security situation - since questions like this are often the easiest way to 'crack' an account to begin with.
 
R

rivertrip

macrumors member
Jul 9, 2010
46
2
How does a back door into the account enhance security? The author of the article would provide a service to readers if he explored the real reason for the change.
 
I

iEvolution

macrumors 65816
Jul 11, 2008
1,432
2
I've never answered these questions seriously, I've always found that these security questions make an account less secure from people that know you and unfortunately people you know may want your info more than people you don't know, i.e. a insecure girlfriend or ex.

Excessive if they are trying to make you answer three questions plus password on every purchase, if they want to boost security increase password length and special requirements (such as three lowercase letters, three uppercase, special character and a minimum of 10 characters), or maybe add a second password.
 
J

jimboutilier

macrumors 6502a
Nov 10, 2008
647
42
Denver
I get the reason behind extra security for new devices and like the way Apple (and many other companies) have been doing this.

But having to to type in multiple extra responses beyond your account password simply to update an existing or new app on an existing device is ridiculous.

They better start doing a lot better job QAing apps to minimize updates or its going to drive business away.
 
I

iEvolution

macrumors 65816
Jul 11, 2008
1,432
2
miles01110 said:
Right, because inevitably your first reaction to your security questions after you forget your password is "Why yes, my first school was tangerine trees." :rolleyes:
Click to expand...

Point is with the internet so connected these days chances are people can find out the answers esp. With social sites like facebook.
 
R

Rogue.

macrumors regular
Apr 13, 2010
166
0
Telford. UK.
Great... Another hoop I have to jump through just because people are dumb enough to keep falling for phishing attempts that ask them for their login details!

You people deserve what you get :mad:
 
Blorzoga

Blorzoga

macrumors 68030
May 21, 2010
2,560
66
FloatingBones said:
Does Apple suggest that you not put answers to your security questions that can be looked up from public sources -- like a Facebook account? :rolleyes:

Do users realize that the best strategy is to give non-sequitur responses to this kind of question: The first school you attended was: tangerine trees.
Click to expand...

Tangerine Trees!? What year did you graduate?
 
M

mactmaster

macrumors 6502
Jun 16, 2010
390
1
Exhale said:
If I understand it correctly, the questions are used only when you have already logged into the account in question - in which case it does slightly improve security.

If I understand it incorrectly, the questions are used more traditionally (e.g. "get back my account"). In that case, it only worsens the security situation - since questions like this are often the easiest way to 'crack' an account to begin with.
Click to expand...

This might be true, years ago I did this with Woz's .mac account but it was only one security question to guess correctly and the answer was simple... I didn't do anything malicious with it and let him know to change it but yeah they can be dangerous.
 
Blorzoga

Blorzoga

macrumors 68030
May 21, 2010
2,560
66
JohnDoe98 said:
Back-up email? Seriously? I don't have a need for multiple email addresses, one suits me just fine.
Click to expand...

Unless of course you forget the password to that email account and need to retrieve it by having an email sent to a different email account that allows you to reset your password.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom