Apple Enhancing Apple ID Safety by Enforcing Security Question Requirements

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Apr 12, 2012.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    The Next Web reports that Apple has begun enhancing the security of users' Apple ID accounts, requiring those who have do not have alternate email addresses and security questions on file to add them.
    [​IMG]


    Hacking of iTunes Store accounts has been a long-standing complaint from a number of users, but with over 225 million user accounts, they make for a popular target for phishing, brute force hacking, and other methods. The company has occasionally taken steps to improve account security such as last August's addition of confirmation emails when content is purchased from a previously-unused device, and the company undoubtedly evaluates its security practices on an ongoing basis.

    Article Link: Apple Enhancing Apple ID Safety by Enforcing Security Question Requirements
     
  2. macrumors 65816

    FloatingBones

    Joined:
    Jul 19, 2006
    #2
    Does Apple suggest that you not put answers to your security questions that can be looked up from public sources -- like a Facebook account? :rolleyes:

    Do users realize that the best strategy is to give non-sequitur responses to this kind of question: The first school you attended was: tangerine trees.
     
  3. macrumors 603

    bedifferent

    Joined:
    Jan 8, 2009
    Location:
    NY
    #3
    How about combining multiple ID's? It'd be nice as over the years many have used different email addresses, etc. and having to enter/authorize all of them is a PITA.
     
  4. macrumors 68040

    Joined:
    Dec 14, 2007
    #4
    How about, who needs this added security. Annoying.
     
  5. macrumors 68000

    Joined:
    Apr 13, 2010
    Location:
    Into the lungs of Hell
    #5
    The question is: Do you actually put in right answers for these questions? Obviously, I don't.
     
  6. macrumors 6502

    Joined:
    Jan 16, 2006
    #6
    I hate this feature

    The limited questions annoyed me to no end the other night trying to figure out what to do since I could only remember the answers to 2 questions "What was your first car" and "what was your favorite car?" and it wouldn't let me give the same answer to both... I had to make up answers to other questions then program them into my keychain app! Geess.... Then I had to have a second e-mail account? This is just rubbing me the wrong way.
     
  7. macrumors 6502a

    MasterHowl

    Joined:
    Oct 3, 2010
    Location:
    North of England
    #7
    It would be more annoying if your Apple ID got hacked :p
     
  8. macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #8
    Right, because inevitably your first reaction to your security questions after you forget your password is "Why yes, my first school was tangerine trees." :rolleyes:
     
  9. macrumors regular

    Joined:
    Oct 13, 2010
    #9
    I just wish I didn't have to put it in every time I download or update an app. Maybe there is a way to avoid that, I haven't looked in a while, but it would be nice.
     
  10. macrumors 6502a

    GekkePrutser

    Joined:
    Aug 18, 2005
    Location:
    Ireland
    #10
    I hate this... Security questions are useless if you use good passwords. They actually make it easier to hack an account because they are usually things found out pretty easily.

    This is only good for those people that use stupid passwords like the names of their children, dog, or top-100 common ones like 'sunshine' or 'password'.
     
  11. macrumors regular

    Joined:
    Aug 1, 2009
    #11
    Quote:
    Originally Posted by FloatingBones View Post
    Does Apple suggest that you not put answers to your security questions that can be looked up from public sources -- like a Facebook account?

    Do users realize that the best strategy is to give non-sequitur responses to this kind of question: The first school you attended was: tangerine trees


    Wow, as in "non-sequitur", maybe ?
     
  12. macrumors 68020

    Joined:
    May 1, 2009
    #12
    Back-up email? Seriously? I don't have a need for multiple email addresses, one suits me just fine.
     
  13. macrumors 68000

    GSPice

    Joined:
    Nov 24, 2008
    #13
    It's sad how the terms "hack", "hacked", "hackers" have been mutilated with the advent of online accounts. :(
     
  14. macrumors 68020

    pgiguere1

    Joined:
    May 28, 2009
    Location:
    Montreal, Canada
    #14
    I hope my iPhone won't start to constantly ask me to answer those questions just for me to use it normally.

    Ever since I got iTunes match, my iPhone already asks me to type my Apple ID password several times a day just so I can play music (not sure if bug or feature).
     
  15. macrumors 6502

    Joined:
    Sep 20, 2011
    #15
    If I understand it correctly, the questions are used only when you have already logged into the account in question - in which case it does slightly improve security.

    If I understand it incorrectly, the questions are used more traditionally (e.g. "get back my account"). In that case, it only worsens the security situation - since questions like this are often the easiest way to 'crack' an account to begin with.
     
  16. HornetMontana, Apr 12, 2012
    Last edited: Mar 14, 2014

    macrumors newbie

    Joined:
    Apr 12, 2012
  17. macrumors member

    Joined:
    Apr 4, 2012
  18. macrumors member

    Joined:
    Jul 9, 2010
    #18
    How does a back door into the account enhance security? The author of the article would provide a service to readers if he explored the real reason for the change.
     
  19. macrumors 65816

    Joined:
    Jul 11, 2008
    #19
    I've never answered these questions seriously, I've always found that these security questions make an account less secure from people that know you and unfortunately people you know may want your info more than people you don't know, i.e. a insecure girlfriend or ex.

    Excessive if they are trying to make you answer three questions plus password on every purchase, if they want to boost security increase password length and special requirements (such as three lowercase letters, three uppercase, special character and a minimum of 10 characters), or maybe add a second password.
     
  20. macrumors 6502a

    Joined:
    Nov 10, 2008
    Location:
    Denver
    #20
    I get the reason behind extra security for new devices and like the way Apple (and many other companies) have been doing this.

    But having to to type in multiple extra responses beyond your account password simply to update an existing or new app on an existing device is ridiculous.

    They better start doing a lot better job QAing apps to minimize updates or its going to drive business away.
     
  21. macrumors 65816

    Joined:
    Jul 11, 2008
    #21
    Point is with the internet so connected these days chances are people can find out the answers esp. With social sites like facebook.
     
  22. macrumors regular

    Joined:
    Apr 13, 2010
    Location:
    Telford. UK.
    #22
    Great... Another hoop I have to jump through just because people are dumb enough to keep falling for phishing attempts that ask them for their login details!

    You people deserve what you get :mad:
     
  23. macrumors 68020

    Blorzoga

    Joined:
    May 21, 2010
    #23
    Tangerine Trees!? What year did you graduate?
     
  24. macrumors 6502

    Joined:
    Jun 16, 2010
    #24
    This might be true, years ago I did this with Woz's .mac account but it was only one security question to guess correctly and the answer was simple... I didn't do anything malicious with it and let him know to change it but yeah they can be dangerous.
     
  25. macrumors 68020

    Blorzoga

    Joined:
    May 21, 2010
    #25
    Unless of course you forget the password to that email account and need to retrieve it by having an email sent to a different email account that allows you to reset your password.
     

Share This Page