Apple rolls out new security measures for iTunes, App Store
Apple has reportedly started asking iTunes and App Store customers to fill out three security questions that will be associated with their accounts in what is presumably a move to reduce fallout in the event of a breach.
The newly-instituted system asks customers to choose and answer three specific security questions that can be used later to verify their identity if their account were to be compromised, according to a thread on Apple's Support Forums.
Interestingly, the rollout is not iTunes-wide as only a select number of users are being asked to fill out the online form. It is speculated that those accounts that had problems in the past will be the first to get the new feature and will be followed by all customers in the coming weeks.
The users who do receive the notice are seeing the questions appear when they try to download any content through iTunes, the App Store or the iBookstore. All devices are affected by the change, and customers can expect to see the form to show up wherever they use iTunes, including iDevices.
Once asked to enter their iTunes password, users are taken to a page where they are asked to select three questions like "Who was your first teacher." This type of security question and answer system has been used for years by financial institutions and online entities that store sensitive personal information.
Users are asked to select three security questions when downloading content from iTunes. | Source: The Mac Observer
As with existing security formats across the web, Apple will be instituting a "Rescue Email Address" in case it needs to change a user's password. Reports are conflicting as to whether the company is requiring this information immediately or if it is merely making the option available to those who want an added layer of security.
[ View article on AppleInsider ]
Comments
It?s annoying, but banks do it?for a reason?and Apple?s got your credit card info on file, after all.
Well I'm disappointed that I'm not the select number of users who got this special privilege.
Don't feel disappointed just yet...
[...] and will be followed by all customers in the coming weeks.
You're next
?these questions are getting harder to answer. As I approach 60 years old, I just am not quite sure I remember. At least I don't have to do another one of those Capcha things. I have to zoom in for those
I agree. The name your first school always gets me ... I couldn't spell then!
Favorite author is a common one, but, suppose your favorite author changes and you forget who the old one was, or you have a couple of favorite authors and can't recall which one you identified. Plus, anyone who knows you (perhaps an angry ex?) may very well know who your favorite author (or first pet, first car, first job, etc.) is.
Worse yet, and hopefully Apple isn't in this camp, some companies that request this information actually save and check it in exact case. And, even when you remember your answer, you may not remember exactly how you entered it. So, say your first car was a "Volkswagen Beetle", did you enter that as,
* Volkswagen Beetle
* volkswagen beetle
* Volkswagen beetle
* Volkswagon Beetle
* Volkswagen Beatle
* VW Beetle
* vw beetle
* Vw beetle
* Vw beatle
and so on and so on.
Now, you can't get into your own account, and are stuck contacting customer service, who, hopefully, you can reach, and maybe they will help you, maybe not.
The whole idea of the security question was always a bad one (mother's maiden name, really?) and making it more complicated hasn't really solved the problems with it: Easy to remember Q&A are also easy for others to know or guess. Difficult to know or guess Q&A are hard to remember, especially when there can be variation in the entry.
?these questions are getting harder to answer. As I approach 60 years old, I just am not quite sure I remember. At least I don't have to do another one of those Capcha things. I have to zoom in for those
1password is a great app for storing passwords and forms, also good for storing other stuff such as serial numbers. Check it out. (not affiliated, just a pretty happy user)
1password is a great app for storing passwords and forms, also good for storing other stuff such as serial numbers. Check it out. (not affiliated, just a pretty happy user)
I agree, I'm using it and very happy with it. I like the way they sync the data between I devices with macs.
I agree, I'm using it and very happy with it. I like the way they sync the data between I devices with macs.
So, if they sync between devices, they have your passwords on their server? is it known how secure that data is?
Interestingly, the rollout is not iTunes-wide as only a select number of users are being asked to fill out the online form. It is speculated that those accounts that had problems in the past will be the first to get the new feature and will be followed by all customers in the coming weeks.
It's Apple's way of politely saying "Yo! All you weak-password-monkeys! You go first."
Surprised I haven't gotten the email yet. My Apple ID is a pretty common name.
(But my password is totally impossible to guess. Knock on wood.)
So, if they sync between devices, they have your passwords on their server? is it known how secure that data is?
Here's a link to the technical explanation. There's a wealth of information on their site. And yes, I strongly recommend 1Password for everyone. BTW, 1Password is available on both App stores. No affiliation other than a satisfied user.
http://help.agilebits.com/1Password3...in_design.html
ciao
After filling out all the requirements and then getting verified I can't remember all my answers and let alone type them in right.
Then make better questions. Questions for which you can remember the answer. That's sort of the point?
This isn't anything Steve Jobs would want: KISS.
Either give evidence of this or never mention it again.
1password is a great app for storing passwords and forms, also good for storing other stuff such as serial numbers. Check it out. (not affiliated, just a pretty happy user)
I've been using it for years, and I agree. I'd be in serious trouble without it.
I like it when I can write my own questions for this sort of thing. Name of fist wife, second wife, third wife and so on ...
I'm laughing because your comment strikes home with me. First was Nancy, second was Roxann, and third is Janice. And, no, I won't be using those if I forget my password.
What was the first auto you were not embarrassed to be seen driving?
Who was the first teacher you had the hots for?
What was your first favorite band that your parents hated?
What was the first job you had that was not at McDonalds?
In which city did you lose your virginity?