Apple rolls out new security measures for iTunes, App Store

Posted:
in iPod + iTunes + AppleTV edited January 2014


Apple has reportedly started asking iTunes and App Store customers to fill out three security questions that will be associated with their accounts in what is presumably a move to reduce fallout in the event of a breach.



The newly-instituted system asks customers to choose and answer three specific security questions that can be used later to verify their identity if their account were to be compromised, according to a thread on Apple's Support Forums.



Interestingly, the rollout is not iTunes-wide as only a select number of users are being asked to fill out the online form. It is speculated that those accounts that had problems in the past will be the first to get the new feature and will be followed by all customers in the coming weeks.



The users who do receive the notice are seeing the questions appear when they try to download any content through iTunes, the App Store or the iBookstore. All devices are affected by the change, and customers can expect to see the form to show up wherever they use iTunes, including iDevices.



Once asked to enter their iTunes password, users are taken to a page where they are asked to select three questions like "Who was your first teacher." This type of security question and answer system has been used for years by financial institutions and online entities that store sensitive personal information.





Users are asked to select three security questions when downloading content from iTunes. | Source: The Mac Observer







As with existing security formats across the web, Apple will be instituting a "Rescue Email Address" in case it needs to change a user's password. Reports are conflicting as to whether the company is requiring this information immediately or if it is merely making the option available to those who want an added layer of security.



[ View article on AppleInsider ]

«1

Comments

  • Reply 1 of 36
    nagrommenagromme Posts: 2,834member
    This is useful even without any breach on Apple?s end: criminals phish to get you to tell them your Apple login. If you do, this helps stop them from using it.



    It?s annoying, but banks do it?for a reason?and Apple?s got your credit card info on file, after all.
  • Reply 2 of 36
    Well I'm disappointed that I'm not the select number of users who got this special privilege.
  • Reply 3 of 36
    lanceh5lanceh5 Posts: 37member
    In my case, I use three computers an iPad and a iPhone with one apple account. It may be an account with multiple devises they are requring this procedure. Many devises accessing one account may be a red flag for Apple.
  • Reply 4 of 36
    tylerk36tylerk36 Posts: 1,037member
    If one doesn't answer correctly Dark Water will visit you at about 3am. People will eventually forget you ever existed.
  • Reply 5 of 36
    Quote:
    Originally Posted by nkingman View Post




    Well I'm disappointed that I'm not the select number of users who got this special privilege.



    Don't feel disappointed just yet...



    Quote:
    Originally Posted by AppleInsider View Post




    [...] and will be followed by all customers in the coming weeks.






    You're next
  • Reply 6 of 36
    Well I'm disappointed that I'm not the select number of users who got this special privilege.
  • Reply 7 of 36
    rayconraycon Posts: 33member
    ?these questions are getting harder to answer. As I approach 60 years old, I just am not quite sure I remember. At least I don't have to do another one of those Capcha things. I have to zoom in for those
  • Reply 8 of 36
    MacProMacPro Posts: 19,718member
    I like it when I can write my own questions for this sort of thing. Name of fist wife, second wife, third wife and so on ...
  • Reply 9 of 36
    MacProMacPro Posts: 19,718member
    Quote:
    Originally Posted by RayCon View Post


    ?these questions are getting harder to answer. As I approach 60 years old, I just am not quite sure I remember. At least I don't have to do another one of those Capcha things. I have to zoom in for those



    I agree. The name your first school always gets me ... I couldn't spell then!
  • Reply 10 of 36
    anonymouseanonymouse Posts: 6,857member
    This "security" question thing has become all the rage lately, but, not only are they super annoying, but, either you end up choosing and answering the most easily remembered, which are also the most easily researched, or most likely to be known by other people. Or you choose less obvious ones, and have trouble remembering the answers you gave yourself.



    Favorite author is a common one, but, suppose your favorite author changes and you forget who the old one was, or you have a couple of favorite authors and can't recall which one you identified. Plus, anyone who knows you (perhaps an angry ex?) may very well know who your favorite author (or first pet, first car, first job, etc.) is.



    Worse yet, and hopefully Apple isn't in this camp, some companies that request this information actually save and check it in exact case. And, even when you remember your answer, you may not remember exactly how you entered it. So, say your first car was a "Volkswagen Beetle", did you enter that as,



    * Volkswagen Beetle

    * volkswagen beetle

    * Volkswagen beetle

    * Volkswagon Beetle

    * Volkswagen Beatle

    * VW Beetle

    * vw beetle

    * Vw beetle

    * Vw beatle



    and so on and so on.



    Now, you can't get into your own account, and are stuck contacting customer service, who, hopefully, you can reach, and maybe they will help you, maybe not.



    The whole idea of the security question was always a bad one (mother's maiden name, really?) and making it more complicated hasn't really solved the problems with it: Easy to remember Q&A are also easy for others to know or guess. Difficult to know or guess Q&A are hard to remember, especially when there can be variation in the entry.
  • Reply 11 of 36
    paxmanpaxman Posts: 4,729member
    Quote:
    Originally Posted by RayCon View Post


    ?these questions are getting harder to answer. As I approach 60 years old, I just am not quite sure I remember. At least I don't have to do another one of those Capcha things. I have to zoom in for those



    1password is a great app for storing passwords and forms, also good for storing other stuff such as serial numbers. Check it out. (not affiliated, just a pretty happy user)
  • Reply 12 of 36
    cutykamucutykamu Posts: 229member
    Quote:
    Originally Posted by paxman View Post


    1password is a great app for storing passwords and forms, also good for storing other stuff such as serial numbers. Check it out. (not affiliated, just a pretty happy user)



    I agree, I'm using it and very happy with it. I like the way they sync the data between I devices with macs.
  • Reply 13 of 36
    anonymouseanonymouse Posts: 6,857member
    Quote:
    Originally Posted by cutykamu View Post


    I agree, I'm using it and very happy with it. I like the way they sync the data between I devices with macs.



    So, if they sync between devices, they have your passwords on their server? is it known how secure that data is?
  • Reply 14 of 36
    sockrolidsockrolid Posts: 2,789member
    Quote:
    Originally Posted by AppleInsider View Post


    Interestingly, the rollout is not iTunes-wide as only a select number of users are being asked to fill out the online form. It is speculated that those accounts that had problems in the past will be the first to get the new feature and will be followed by all customers in the coming weeks.



    It's Apple's way of politely saying "Yo! All you weak-password-monkeys! You go first."



    Surprised I haven't gotten the email yet. My Apple ID is a pretty common name.

    (But my password is totally impossible to guess. Knock on wood.)
  • Reply 15 of 36
    ai46ai46 Posts: 56member
    Quote:
    Originally Posted by anonymouse View Post


    So, if they sync between devices, they have your passwords on their server? is it known how secure that data is?



    Here's a link to the technical explanation. There's a wealth of information on their site. And yes, I strongly recommend 1Password for everyone. BTW, 1Password is available on both App stores. No affiliation other than a satisfied user.



    http://help.agilebits.com/1Password3...in_design.html



    ciao
  • Reply 16 of 36
    After filling out all the requirements and then getting verified I can't remember all my answers and let alone type them in right. It is a big mess and made messier. There needs to be a better solution. This isn't anything Steve Jobs would want: KISS.
  • Reply 17 of 36
    tallest skiltallest skil Posts: 43,388member
    Quote:
    Originally Posted by Palerope View Post


    After filling out all the requirements and then getting verified I can't remember all my answers and let alone type them in right.



    Then make better questions. Questions for which you can remember the answer. That's sort of the point?



    Quote:

    This isn't anything Steve Jobs would want: KISS.



    Either give evidence of this or never mention it again.
  • Reply 18 of 36
    rayconraycon Posts: 33member
    Quote:
    Originally Posted by paxman View Post


    1password is a great app for storing passwords and forms, also good for storing other stuff such as serial numbers. Check it out. (not affiliated, just a pretty happy user)



    I've been using it for years, and I agree. I'd be in serious trouble without it.
  • Reply 19 of 36
    rayconraycon Posts: 33member
    Quote:
    Originally Posted by digitalclips View Post


    I like it when I can write my own questions for this sort of thing. Name of fist wife, second wife, third wife and so on ...



    I'm laughing because your comment strikes home with me. First was Nancy, second was Roxann, and third is Janice. And, no, I won't be using those if I forget my password.
  • Reply 20 of 36
    mstonemstone Posts: 11,510member
    For an additional layer of user protection I have rewritten the security questions:



    What was the first auto you were not embarrassed to be seen driving?



    Who was the first teacher you had the hots for?



    What was your first favorite band that your parents hated?



    What was the first job you had that was not at McDonalds?



    In which city did you lose your virginity?
Sign In or Register to comment.