or Connect
AppleInsider › Forums › Mobile › iPod + iTunes + AppleTV › Apple improving iTunes account security with stricter requirements
New Posts  All Forums:Forum Nav:

Apple improving iTunes account security with stricter requirements

post #1 of 34
Thread Starter 
Apple has begun asking users to select and answer a series of questions associated with their Apple IDs to enhance security measures.

The security prompts began popping up on iOS devices on Wednesday, according to Ars Technica. Users are met with a prompt that states "Security Info Required."

After being shown the message, users are asked to select from a number of security questions and provide personal answers. Users are also prompted to provide a backup e-mail address in case the primary address associated with their Apple ID is compromised.

The changes are meant to curb fraud and phishing attempts that have been used for many years to hijack iTunes accounts. Because credit card information is tied to a user's account, nefarious people will steal and resell accounts, allowing people to buy content like music, movies and applications on someone else's dime.

This week's changes are only the latest in a series of measures by Apple over the years to improve security associated with iTunes accounts. Some of the steps taken include requiring users to verify their account information when they log into new devices, and upgrading passwords to make them more complex with varying characters.


Screens via The Next Web.


Some users have by the new security prompts appearing this week, and have expressed concern on the Apple Support Communities website that the alerts could be bogus phishing attempts. However, the revised measures have been proven to be legitimate, and Apple has admitted they are part of an ongoing effort to bolster security.

[ View article on AppleInsider ]
post #2 of 34
Quote:
Originally Posted by AppleInsider View Post

..... nefarious people will steal and resell accounts, allowing people to buy content like music, movies and applications on someone else's dime.

Oh, how I hate nefarious people!
post #3 of 34
Nice, this is much needed security.
post #4 of 34
Quote:
Originally Posted by nkingman View Post

Nice, this is much needed security.

Personally, I think they are a little overzealous lately. I get my Apple ID disabled at least once a year due to them being overly vigilant and it's a drag to have to re-set it.

Now I have to remember what I answered to a question I was asked possibly a year or more ago? (the next time they mistakenly disable my account).

Bleh.
post #5 of 34
How long until they require voiceprint and facial recognition? Seems like the security breaches have increased quite a bit recently.

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #6 of 34
It's nice that Apple lets you choose the questions. I hate banks and other sites that ask "what's your first pet's name", "what's your mother's maiden name", etc. Then when one of these sites is hacked, they have all the answers and can use them to change passwords on other sites.

I now enter random and different answers to these questions (not the correct answers), and store the answers in a safe, secure place.
post #7 of 34
Quote:
Originally Posted by Gustav View Post

It's nice that Apple lets you choose the questions. I hate banks and other sites that ask "what's your first pet's name", "what's your mother's maiden name", etc. Then when one of these sites is hacked, they have all the answers and can use them to change passwords on other sites.

I now enter random and different answers to these questions (not the correct answers), and store the answers in a safe, secure place.

Yeah. I hate that too. My favorite hated question is "what's your pet's name" and "what is your first grade teacher's name"... How the hell would I remember the name of my first grade teacher!
post #8 of 34
Actually its been getting quite annoying with security precautions. I don't understand why I can't choose to override some of their requirements.

Its incredibly annoying having your account locked and force password change, this requires to me to make password changes ALL OVER the place, i.e.: iCloud login, iTunes login, Home sharing, on and on and on, on every device in my household and office.

Furthermore, I don't want capital letters in my password, as it slows down entry dramatically, and I DON'T want to enter my frigging password 10 times a day.

Apple, why can't I "take the risk" myself, opt to save passwords on my device, and NOT have to constantly re-enter them over and over and over again????
post #9 of 34
Good grief... I just got off the phone with an Apple rep after going through their updated security procedures and accidentally creating another log-in ID for iTunes... bleh! All of these goddamn login IDs are driving me off the deep end.

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #10 of 34
Quote:
Originally Posted by SpamSandwich View Post

Good grief... I just got off the phone with an Apple rep after going through their updated security procedures and accidentally creating another log-in ID for iTunes... bleh! All of these goddamn login IDs are driving me off the deep end.

Personally I hate these security questions. I don't even like having to constantly enter my password to update a damn app. Make me enter it to buy more than $5 worth of stuff a day. Other that it's just annoying. Ditto on the "iTunes Terms and Conditions Have Changed" pop up. ANNOYING.
I can only please one person per day.  Today is not your day.  Tomorrow doesn't look good either.  
Reply
I can only please one person per day.  Today is not your day.  Tomorrow doesn't look good either.  
Reply
post #11 of 34
Quote:
Originally Posted by NasserAE View Post

Yeah. I hate that too. My favorite hated question is "what's your pet's name" and "what is your first grade teacher's name"... How the hell would I remember the name of my first grade teacher!

Mrs. Alles. 30+ years ago.

I use random pass phrases keyed to the real question answers, and I would say that anyone that doesn't must have nothing to use. However, this limits me to accessing the information on one computer, since iOS doesn't sync keychains with a Mac.

That said... I have to type my iTunes password so often that it is my generic "insecure" one.

Here is wishing for a fingerprint scanner.
post #12 of 34
Quote:
Originally Posted by NasserAE View Post

Yeah. I hate that too. My favorite hated question is "what's your pet's name" and "what is your first grade teacher's name"... How the hell would I remember the name of my first grade teacher!

Mine was Miss O'Conner. I'll be 74 this year. She's the only one I remember.
post #13 of 34
Quote:
Originally Posted by pmz View Post


Apple, why can't I "take the risk" myself, opt to save passwords on my device, and NOT have to constantly re-enter them over and over and over again????

For the same reason you cannot be trusted to get your software anywhere except the App Store.
post #14 of 34
Quote:
Originally Posted by Prof. Peabody View Post

Personally, I think they are a little overzealous lately. I get my Apple ID disabled at least once a year due to them being overly vigilant and it's a drag to have to re-set it.

Now I have to remember what I answered to a question I was asked possibly a year or more ago? (the next time they mistakenly disable my account).

Bleh.

After dealing the the same problem on other websites ("What did I say was my favorite restaurant?" "Did I say my high school was in Yokelville (technically correct) or Hicksburg (the bigger town)?"), I've started just using the last word in the question as the answer:

Q: "What was your first child's name?"
A: "name"

Not very secure, I'll grant, but then (i) I have a strong password system that's not written down anywhere, and (ii) no more wondering what I said 2 or 3 years ago in answer to a stupid question.
post #15 of 34
Quote:
Originally Posted by pmz View Post

Actually its been getting quite annoying with security precautions. I don't understand why I can't choose to override some of their requirements.

Its incredibly annoying having your account locked and force password change, this requires to me to make password changes ALL OVER the place, i.e.: iCloud login, iTunes login, Home sharing, on and on and on, on every device in my household and office.

Furthermore, I don't want capital letters in my password, as it slows down entry dramatically, and I DON'T want to enter my frigging password 10 times a day.

Apple, why can't I "take the risk" myself, opt to save passwords on my device, and NOT have to constantly re-enter them over and over and over again????

+1 +1 +1!!!

I hope to FSM that I never have an Apple ID log-in problem, because I still have a simple 8-character, all-numeric password. My S.O. had to do the alpha+number, at least one cap letter password a few months ago and it's such a ludicrous pain to enter - so much slower than straight numbers.
post #16 of 34
Quote:
Originally Posted by Sierrajeff View Post

+1 +1 +1!!!

I hope to FSM that I never have an Apple ID log-in problem, because I still have a simple 8-character, all-numeric password. My S.O. had to do the alpha+number, at least one cap letter password a few months ago and it's such a ludicrous pain to enter - so much slower than straight numbers.

Heh, I got my iCloud account early enough that I don't have that restriction, either.

Of course, iCloud still has a password length cap; something I'll never understand

Oh, and why can't passwords ever be non-arabic characters?

Maybe I know some other languages? Maybe, just maybe, I want to type my password in characters FROM these other languages because that makes my password absolutely unguessable and even harder to crack?
post #17 of 34
i agree on a two stage login
but this is a mess, lots of typing etc

my bank has by login split
user name
enter
new page with a self chosen image
underneath is my password

then if they sense a different computer THEN they ask for my security questions

so basically two pages, same username and password
I APPLE THEREFORE I AM
Reply
I APPLE THEREFORE I AM
Reply
post #18 of 34
I'm assuming the naysayers haven't yet been "phished".

This week I received 4 bogus delivery notifications from "Apple" informing me of shipments of MBP's, all to US addresses, not to me (I live in Thailand). Since we have a house full of Apple products, it's probably not difficult to collect the info that I have had dealings with Apple.

I'm sure that if I had tried to inform "Apple" that I had received these delivery notifications by mistake, there would have been a request for my Apple ID. In my opinion, finding out that someone had stolen my ID and had charged thousands of dollars of iTunes/Mac store purchases on my credit card is a lot more trouble than answering a security question.

One of the reasons that I have little apps on my Galaxy Tab is that there is no security to speak of in the android market store here, and they don't even require an ID to authorize a purchase.

I support anything that Apple does to improve security.
Apple user since 1984
Reply
Apple user since 1984
Reply
post #19 of 34
So how do I input my 3 security questions and answers. I logged out of my iTunes and logged back in, but I wasn't prompted with the new alert.
post #20 of 34
i wouldn't mind a two stage log in but the one at my bank rocks
easy, secure, self directed (i chose the picture)

have you tried googles two stage system, they text you a code to input for log in
so you have to have your cellphone, i prefer the picture system, and if you are at a different computer then the questions

now lets make it even more cumbersome
I APPLE THEREFORE I AM
Reply
I APPLE THEREFORE I AM
Reply
post #21 of 34
Quote:
Originally Posted by NOFEER View Post

i wouldn't mind a two stage log in but the one at my bank rocks
easy, secure, self directed (i chose the picture)

have you tried googles two stage system, they text you a code to input for log in
so you have to have your cellphone, i prefer the picture system, and if you are at a different computer then the questions

now lets make it even more cumbersome

Amex does not allow you to use capital letters in their passwords.

How up-to-date is that for a credit institution!
Pot is legal in North Korea.
That explains a considerable amount.
Reply
Pot is legal in North Korea.
That explains a considerable amount.
Reply
post #22 of 34
This is essential. The previous method was open to people guessing the password.
The security questions included the birth date. --Every body having a 40th. 50th. etc Birthday party gave away half the security away. Some people used a question that too many people could guess.

Belated Well Done Apple.
post #23 of 34
Quote:
Originally Posted by OldMacGuy View Post

Mine was Miss O'Conner. I'll be 74 this year. She's the only one I remember.


Mrs. Gardner. 50 years ago.


I'm personally DISGUSTED with Apple of late. Ridiculous password requirements are just the half of it. Why, for example, do I have to log into the app store to download a FREE app? That's complete B.S. And WHY do you have to password a machine on a private network? This makes zero sense, and is about as far from user friendly as a company can get.

Apple is not a bank. It should stop behaving like one.
post #24 of 34
Quote:
Originally Posted by dualie View Post

Why, for example, do I have to log into the app store to download a FREE app? That's complete B.S.

Not in the slightest. It makes perfect sense. It ties the apps to your account, allowing them to automatically download on all your other devices and to keep a record of the purchase if the app goes paid.

I've had that happen before. An app updated and went paid, but I got the free version before this happened. My version changed to the paid version (as opposed to the free trial they offered thereafter) and my account showed the paid version redownloadable for free.

Quote:
Apple is not a bank. It should stop behaving like one.

And when thousands of accounts get hacked due to a lack of security, they'll blame Apple instead of their lack of security. They're not going to loosen up.
post #25 of 34
Quote:
Originally Posted by OldMacGuy View Post

Mine was Miss O'Conner. I'll be 74 this year. She's the only one I remember.

I'm thirty years younger and can't remember what I did last week! Good on you, OMG (OldMacGuy).

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #26 of 34
Quote:
Originally Posted by dualie View Post

Mrs. Gardner. 50 years ago.


I'm personally DISGUSTED with Apple of late. Ridiculous password requirements are just the half of it. Why, for example, do I have to log into the app store to download a FREE app? That's complete B.S. And WHY do you have to password a machine on a private network? This makes zero sense, and is about as far from user friendly as a company can get.

Apple is not a bank. It should stop behaving like one.

Although it's a free app, you still receive a receipt for it, which I assume must be reported to some government agency... as is everything these days.

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #27 of 34
Quote:
Originally Posted by OldMacGuy View Post

Mine was Miss O'Conner. I'll be 74 this year. She's the only one I remember.

Where I lived we used to have a separate teacher for each subject (math, science.. etc). We used to get get with a stick on the hand if we missed a homework or did not pay attention. So this is an experience I don't regret forgetting.
post #28 of 34
Dear AppleInsider, The only thing that these new security measures will protect are Apple's corporate bottom line. While I hail the upgrade of Apple ID's password requirements as something that actually tightens iTunes already far from lax security, the idea of having three security questions to confirm consumers identity actually protecting consumers at best is ludicrous. At best the questions are lame, ranging from "In which city were you first kissed?" to "Who was your best childhood friend?". At worst they are an invasion of privacy. There is no option to either opt out of their security requirements; my password is secure and guessing it at a rate of 1000 times a second a brute force cracking method would take an average of 2.13 thousand centuries to discover (see https://www.grc.com/haystack.htm ) nor is there an option to create your own security questions that would have more meaning to me individually. They've got all this cloud storage space and claim to use "industry-standard encryption" why not at the very least give me the option of creating security questions that are meaningful to me. I am seriously considering taking my five week old iPhone 4S back to Verizon and getting a Droid instead. Wievil
post #29 of 34
Quote:
Originally Posted by Wievil View Post
At worst they are an invasion of privacy.

So lie. That's even more secure.

 

Quote:
They've got all this cloud storage space and claim to use "industry-standard encryption" why not at the very least give me the option of creating security questions that are meaningful to me.

Agreed. I could have sworn there was already an Apple service that allowed that… Why they don't have it across the board is beyond me.

 

Quote:
 I am seriously considering taking my five week old iPhone 4S back to Verizon and getting a Droid instead. Wievil

Sure you are.


Edited by Tallest Skil - 4/23/12 at 4:46pm
post #30 of 34

 

I recommend to those who do not like the security implementation in iTunes to send an email to Tim Cook, CEO Apple  tcook@apple.com.  I have provided a template email below to which you need simply add your "signature."

 

Greetings, I beseech you to add or change questions in iTunes security.  While I applaud the additional scrutiny, the questions are too restrictive and quite honestly I can't remember the answers to most of the questions.

 

Here are examples of questions which Apple is asking:

What was the first care you owned?

Who was your first teacher?What was the first album you owned?

Where was your first job?

In which city were you first kissed?

Which of the cars you've owned has been your favorite?

Who was your favorite teacher?

What was the first concert you attended?

Where was your favorite job?

Who was your best childhood friend?

Which of the cars you've owned has been your least favorite?

Who was your least favorite teacher?

Where was your least favorite job?

In which city did your mother and father meet?

Where were you on January 1, 2000?

 

Many of these questions contradict or are contraindicated by security question best practices:

 

The answer to a good security question should be easy to remember but still not available to others. Ideally, the user should immediately know the answer without doing research or looking up a reference or remembering too far back in time.

 

Bad examples:

What is your driver's license number? (I haven't memorized mine, have you?)Car registration number (this may be easy for others to find on the web anyway)

 

But don't use questions that go back to childhood, or for that matter last year for someone like me.

 

Bad examples:

 

What was the name of your first pet?

What was your first car, favorite elementary school teacher, first kiss, etc.

 

http://www.goodsecurityquestions.com/designing.htm

 

Please add questions that the average person over 40 can actually remember, more imporantly see the website listed above for security question best practices:

 

In which city, county and state were you born?

What is your grandmother's maiden name?

 

 

Thank you very much for your time and consideration,

 

 

[Your name here]

post #31 of 34

I've got five weeks time invested in iTunes, all the music and video I've downloaded are direct from CD or digital copies and all of the apps I've downloaded are free plus the iPhone 4S on Verizon runs only at 3G speeds while Verizon offers 4G speeds on their Droid phones.  As a consumer the best way to express my displeasure at a given company and their practices is to take my wallet else where.  They will never earn another penny from me.

 

Also, the iTunes site that lets you "manage" your security questions says that you can put in your own questions but doesn't actually allow you to.

 

Wievil
 

post #32 of 34
Quote:
Originally Posted by Wievil View Post

I've got five weeks time invested in iTunes, all the music and video I've downloaded are direct from CD or digital copies and all of the apps I've downloaded are free plus the iPhone 4S on Verizon runs only at 3G speeds while Verizon offers 4G speeds on their Droid phones.  As a consumer the best way to express my displeasure at a given company and their practices is to take my wallet else where.  They will never earn another penny from me.

 

Thanks for joining a website about a company just to say you're never going to buy from that company again.

 

Is that an outright lie, being a drama queen, or just plain trolling? I can't tell.

post #33 of 34

 

Quote:
Originally Posted by OldMacGuy View Post


Mine was Miss O'Conner. I'll be 74 this year. She's the only one I remember.

 


My mother is 85 and she used to be a teacher. Several years ago, one of her former students came to our table when I took her out to dinner. He knew her right away! I asked him how he could remember a teacher he had over 50 years ago? He said he still had the ruler marks on his hands.

 

Somehow I'm betting that if I could locate my mother's former students, I could hack their accounts pretty easily. lol.gif

If two people always agree, then one of them is redundant.
Reply
If two people always agree, then one of them is redundant.
Reply
post #34 of 34

oh yes! this is great! i like this improvement! :D

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPod + iTunes + AppleTV
AppleInsider › Forums › Mobile › iPod + iTunes + AppleTV › Apple improving iTunes account security with stricter requirements