or Connect
AppleInsider › Forums › Mobile › iPod + iTunes + AppleTV › Apple rolls out new security measures for iTunes, App Store
New Posts  All Forums:Forum Nav:

Apple rolls out new security measures for iTunes, App Store

post #1 of 35
Thread Starter 
Apple has reportedly started asking iTunes and App Store customers to fill out three security questions that will be associated with their accounts in what is presumably a move to reduce fallout in the event of a breach.

The newly-instituted system asks customers to choose and answer three specific security questions that can be used later to verify their identity if their account were to be compromised, according to a thread on Apple's Support Forums.

Interestingly, the rollout is not iTunes-wide as only a select number of users are being asked to fill out the online form. It is speculated that those accounts that had problems in the past will be the first to get the new feature and will be followed by all customers in the coming weeks.

The users who do receive the notice are seeing the questions appear when they try to download any content through iTunes, the App Store or the iBookstore. All devices are affected by the change, and customers can expect to see the form to show up wherever they use iTunes, including iDevices.

Once asked to enter their iTunes password, users are taken to a page where they are asked to select three questions like "Who was your first teacher." This type of security question and answer system has been used for years by financial institutions and online entities that store sensitive personal information.


Users are asked to select three security questions when downloading content from iTunes. | Source: The Mac Observer


As with existing security formats across the web, Apple will be instituting a "Rescue Email Address" in case it needs to change a user's password. Reports are conflicting as to whether the company is requiring this information immediately or if it is merely making the option available to those who want an added layer of security.

[ View article on AppleInsider ]
post #2 of 35
This is useful even without any breach on Apples end: criminals phish to get you to tell them your Apple login. If you do, this helps stop them from using it.

Its annoying, but banks do itfor a reasonand Apples got your credit card info on file, after all.
post #3 of 35
Well I'm disappointed that I'm not the select number of users who got this special privilege.
post #4 of 35
In my case, I use three computers an iPad and a iPhone with one apple account. It may be an account with multiple devises they are requring this procedure. Many devises accessing one account may be a red flag for Apple.
post #5 of 35
If one doesn't answer correctly Dark Water will visit you at about 3am. People will eventually forget you ever existed.
An Apple man since 1977
Reply
An Apple man since 1977
Reply
post #6 of 35
Quote:
Originally Posted by nkingman View Post


Well I'm disappointed that I'm not the select number of users who got this special privilege.

Don't feel disappointed just yet...

Quote:
Originally Posted by AppleInsider View Post


[...] and will be followed by all customers in the coming weeks.


You're next
post #7 of 35
these questions are getting harder to answer. As I approach 60 years old, I just am not quite sure I remember. At least I don't have to do another one of those Capcha things. I have to zoom in for those
There are many more cockroaches in this
world than human beings, but it doesn't
make them a higher life form.
Reply
There are many more cockroaches in this
world than human beings, but it doesn't
make them a higher life form.
Reply
post #8 of 35
I like it when I can write my own questions for this sort of thing. Name of fist wife, second wife, third wife and so on ...
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
"Google doesn't sell you anything, they just sell you!"
Reply
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
"Google doesn't sell you anything, they just sell you!"
Reply
post #9 of 35
Quote:
Originally Posted by RayCon View Post

these questions are getting harder to answer. As I approach 60 years old, I just am not quite sure I remember. At least I don't have to do another one of those Capcha things. I have to zoom in for those

I agree. The name your first school always gets me ... I couldn't spell then!
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
"Google doesn't sell you anything, they just sell you!"
Reply
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
"Google doesn't sell you anything, they just sell you!"
Reply
post #10 of 35
This "security" question thing has become all the rage lately, but, not only are they super annoying, but, either you end up choosing and answering the most easily remembered, which are also the most easily researched, or most likely to be known by other people. Or you choose less obvious ones, and have trouble remembering the answers you gave yourself.

Favorite author is a common one, but, suppose your favorite author changes and you forget who the old one was, or you have a couple of favorite authors and can't recall which one you identified. Plus, anyone who knows you (perhaps an angry ex?) may very well know who your favorite author (or first pet, first car, first job, etc.) is.

Worse yet, and hopefully Apple isn't in this camp, some companies that request this information actually save and check it in exact case. And, even when you remember your answer, you may not remember exactly how you entered it. So, say your first car was a "Volkswagen Beetle", did you enter that as,

* Volkswagen Beetle
* volkswagen beetle
* Volkswagen beetle
* Volkswagon Beetle
* Volkswagen Beatle
* VW Beetle
* vw beetle
* Vw beetle
* Vw beatle

and so on and so on.

Now, you can't get into your own account, and are stuck contacting customer service, who, hopefully, you can reach, and maybe they will help you, maybe not.

The whole idea of the security question was always a bad one (mother's maiden name, really?) and making it more complicated hasn't really solved the problems with it: Easy to remember Q&A are also easy for others to know or guess. Difficult to know or guess Q&A are hard to remember, especially when there can be variation in the entry.
post #11 of 35
Quote:
Originally Posted by RayCon View Post

these questions are getting harder to answer. As I approach 60 years old, I just am not quite sure I remember. At least I don't have to do another one of those Capcha things. I have to zoom in for those

1password is a great app for storing passwords and forms, also good for storing other stuff such as serial numbers. Check it out. (not affiliated, just a pretty happy user)
post #12 of 35
Quote:
Originally Posted by paxman View Post

1password is a great app for storing passwords and forms, also good for storing other stuff such as serial numbers. Check it out. (not affiliated, just a pretty happy user)

I agree, I'm using it and very happy with it. I like the way they sync the data between I devices with macs.

my way or the highway...

Macbook Pro i7 13" with intel SSD 320 series and 8GB RAM, iPhone 5, iPad 3 (Retina)

Reply

my way or the highway...

Macbook Pro i7 13" with intel SSD 320 series and 8GB RAM, iPhone 5, iPad 3 (Retina)

Reply
post #13 of 35
Quote:
Originally Posted by cutykamu View Post

I agree, I'm using it and very happy with it. I like the way they sync the data between I devices with macs.

So, if they sync between devices, they have your passwords on their server? is it known how secure that data is?
post #14 of 35
Quote:
Originally Posted by AppleInsider View Post

Interestingly, the rollout is not iTunes-wide as only a select number of users are being asked to fill out the online form. It is speculated that those accounts that had problems in the past will be the first to get the new feature and will be followed by all customers in the coming weeks.

It's Apple's way of politely saying "Yo! All you weak-password-monkeys! You go first."

Surprised I haven't gotten the email yet. My Apple ID is a pretty common name.
(But my password is totally impossible to guess. Knock on wood.)

Sent from my iPhone Simulator

Reply

Sent from my iPhone Simulator

Reply
post #15 of 35
Quote:
Originally Posted by anonymouse View Post

So, if they sync between devices, they have your passwords on their server? is it known how secure that data is?

Here's a link to the technical explanation. There's a wealth of information on their site. And yes, I strongly recommend 1Password for everyone. BTW, 1Password is available on both App stores. No affiliation other than a satisfied user.

http://help.agilebits.com/1Password3...in_design.html

ciao
post #16 of 35
After filling out all the requirements and then getting verified I can't remember all my answers and let alone type them in right. It is a big mess and made messier. There needs to be a better solution. This isn't anything Steve Jobs would want: KISS.
post #17 of 35
Quote:
Originally Posted by Palerope View Post

After filling out all the requirements and then getting verified I can't remember all my answers and let alone type them in right.

Then make better questions. Questions for which you can remember the answer. That's sort of the point

Quote:
This isn't anything Steve Jobs would want: KISS.

Either give evidence of this or never mention it again.
post #18 of 35
Quote:
Originally Posted by paxman View Post

1password is a great app for storing passwords and forms, also good for storing other stuff such as serial numbers. Check it out. (not affiliated, just a pretty happy user)

I've been using it for years, and I agree. I'd be in serious trouble without it.
There are many more cockroaches in this
world than human beings, but it doesn't
make them a higher life form.
Reply
There are many more cockroaches in this
world than human beings, but it doesn't
make them a higher life form.
Reply
post #19 of 35
Quote:
Originally Posted by digitalclips View Post

I like it when I can write my own questions for this sort of thing. Name of fist wife, second wife, third wife and so on ...

I'm laughing because your comment strikes home with me. First was Nancy, second was Roxann, and third is Janice. And, no, I won't be using those if I forget my password.
There are many more cockroaches in this
world than human beings, but it doesn't
make them a higher life form.
Reply
There are many more cockroaches in this
world than human beings, but it doesn't
make them a higher life form.
Reply
post #20 of 35
For an additional layer of user protection I have rewritten the security questions:

What was the first auto you were not embarrassed to be seen driving?

Who was the first teacher you had the hots for?

What was your first favorite band that your parents hated?

What was the first job you had that was not at McDonalds?

In which city did you lose your virginity?

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #21 of 35
Quote:
Originally Posted by Palerope View Post

. This isn't anything Steve Jobs would want: KISS.

Setting aside the fact that you can't back up that statement with any real facts, I suspect Jobs wouldn't have wanted the lawsuits and negative PR of Apple being lax on account security.

Perhaps you would rather banks drop their fraud checks, stores be banned from asking to see a photo id, etc. just let me take your wallet which I just lifted, clean out your bank account because there's no pin, run up your credit cards etc. oh and thanks for the car I just bought in your name. Good thing you had really great credit so I didn't have to put down a down payment.

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #22 of 35
Quote:
Originally Posted by digitalclips View Post

I like it when I can write my own questions for this sort of thing. Name of fist wife, second wife, third wife and so on ...

1. Elizabeth Taylor
2. Elizabeth Taylor
3. Elizabeth Taylor
4. ...



These days, I'm using 1Password Pro (a universal app) on my iPhone and iPad to store my passwords. "Important information" is protected by a 16-character "master password". The cool thing is this is all being synced up via Dropbox.

Gone are the days when I had a cheat sheet of 50+ logins on a piece of paper in my wallet. Today, it's more like 300+ logins (between home, work, etc.) with a variety of passwords of differing lengths and complexities.
post #23 of 35
A very old one, and getting long in the tooth, still funny:

I once tried setting my password to penis, but it was too short.
I’d rather have a better product than a better price.
Reply
I’d rather have a better product than a better price.
Reply
post #24 of 35
.

Thanks for 'heads up' on 1Password App https://agilebits.com/

Me too, the little 'log book' getting full in recent years, and fast

(and approaching how many ? - smile)

.

Curious about the Big Picture Future of 'Security'

Are some interesting discussions around about 'random' and 'computers/binary logic' etc

Almost as if 'any encryption code you can write, I can eventually write a code to de-code it'

Does seem at least 'theoretically possible' - 1's and 0's don't leave many options

Sorta makes ya wish for the good ol' days of analog

.

Well, who knows - someone might come up with an App for Hieroglyphic-Cryptography

Or an 'un-hackable method-process' we don't know yet, can't imagine

(hint hint - consider DNA, that's fairly 'unique' - ha ha)

Yea, all this just getting started out there in our Digital Global Village

Think Different - Change the World - and Watch Your Back

.


post #25 of 35
Quote:
Originally Posted by anonymouse View Post

So, if they sync between devices, they have your passwords on their server? is it known how secure that data is?

It is one option to have your data on a server. Another option, the one I chose, is to sync directly between two devices over wifi. I trust my hidden, WPA2 wifi security.
post #26 of 35
What I do for these security questions is have the same answer regardless of the question.
example, "What was your first car?" = banana; 'What is your mother maiden name?"=banana. That way it is virtually unguessable, social engineering won't do any good, and I will never ever forget it.
post #27 of 35
Quote:
Originally Posted by saskbmw View Post

I will never ever forget it.

How would you ever remember it?
post #28 of 35
Quote:
Originally Posted by Tallest Skil View Post

How would you ever remember it?

Really?? Try Lastpass or 1password. It helps.... (just kidding)
post #29 of 35
Quote:
Originally Posted by saskbmw View Post

Really?? Try Lastpass or 1password. It helps.... (just kidding)

Those don't save secret questions.
post #30 of 35
I was helping a friend last week and this security junk popped up. It won't accept the same answer to multiple questions but it did accept "ford", "Ford" and "FORD" as answers to the three questions. Now I'm worried that not only are these obscure questions but that they might be Case Sensitive futher decreasing my ability to correctly answer a question if I'm ever asked. Actually, other than "My first car" none of the other questions were ones that I could ever hope to remember the answer. If I'm ever challenged I'll probably be locked out from my account. And I've never had a problem with my account so I don't know why I was selected. I give this implementation a grade of E-!!!
post #31 of 35

 

Quote:
Originally Posted by Tallest Skil View Post


Then make better questions. Questions for which you can remember the answer. That's sort of the point
Either give evidence of this or never mention it again.

 


If you weren't acting so condescending, you would know that you don't have any option in choosing the questions - that is the whole point of what people are moaning about; the fact there is no individuality or unique questions, just generic repetition which anyone may be lucky enough to know. If my BANK allows me to set my own questions, wtf are Apple doing trying to dictate these imbecilic terms - I make my own questions because then, sure as nuts, I am the ONLY person who will have even the vaguest of ideas what I am on about, let alone answering it!!!

 

post #32 of 35

 

Quote:
Originally Posted by charlituna View Post


Setting aside the fact that you can't back up that statement with any real facts, I suspect Jobs wouldn't have wanted the lawsuits and negative PR of Apple being lax on account security.

Perhaps you would rather banks drop their fraud checks, stores be banned from asking to see a photo id, etc. just let me take your wallet which I just lifted, clean out your bank account because there's no pin, run up your credit cards etc. oh and thanks for the car I just bought in your name. Good thing you had really great credit so I didn't have to put down a down payment.

 

 



I am a perfect example of someone who doesn't really give a damn about losing their ID (in practise, yes, I know I would)  I have no money, no savings, no job, no equity, nothing whatsoever which anyone could possibly ever use. FFS - I can't even afford apps on my ipod at the moment, but even on free apps, this is being asked for. **** Apple for the lack of personalisation of these questions

post #33 of 35
Quote:
Originally Posted by Jonnysolar View Post
If you weren't acting so condescending, you would know that you don't have any option in choosing the questions… 

 

"I know that. Now."

 

FrankDrebin.jpg

 

Quote:
FFS - I can't even afford apps on my ipod at the moment, but even on free apps, this is being asked for.

 

Yes, because they have to tie the apps to your ID.

 

Quote:
**** Apple for the lack of personalisation of these questions

 

Just submit a bug report or feature request like everyone else.

post #34 of 35

 

Quote:
Originally Posted by Tallest Skil View Post

 

"I know that. Now."

 

FrankDrebin.jpg

 

 

Yes, because they have to tie the apps to your ID.

 

 

Just submit a bug report or feature request like everyone else.

 


Sorry, was in a grouchy mood earlier because of this....

I know they tie everything in, just frsustrating when i enter my password for an app, it begins dowloading, then halfway through (seemingly) it pauses and decided to ask me for my password AGAIN and then to complete these nonsensical things.

Bug report submitted - that's another stupid thing; I'm complaining about retarded security policy and they have mandatory sections on the feedback for operating software, version of iTunes and others. I think the key is in the "account security" not the fact I am complaining about iTunes not working.

post #35 of 35
Quote:
Originally Posted by Jonnysolar View Post
Sorry, was in a grouchy mood earlier because of this....

 

Hey, no worries.

 

Quote:

…it begins downloading, then halfway through (seemingly) it pauses and decided to ask me for my password AGAIN and then to complete these nonsensical things.

 

Wait, really? That's non-standard behavior. I know that when you choose an app to download, it kicks you out of the store to the Springboard and asks for your password then, but not afterward… Or is that what you meant?

 

Bug report submitted - that's another stupid thing; I'm complaining about retarded security policy and they have mandatory sections on the feedback for operating software, version of iTunes and others. I think the key is in the "account security" not the fact I am complaining about iTunes not working.

 

When I first read the story about these questions, I was mystified. I could have SWORN that Apple not only had a system like this in place, but that they had for years let people write their own questions. 

 

I mean, I have a serious memory problem, so it could all be wrong, but this just stuck with me, nagging in the back of my mind: 'could have sworn that Apple let you write your own questions'. I sure hope it'll be changed (again) to reflect that…

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPod + iTunes + AppleTV
AppleInsider › Forums › Mobile › iPod + iTunes + AppleTV › Apple rolls out new security measures for iTunes, App Store