12 Replies Latest reply: Sep 17, 2012 9:19 AM by Stainless911
Stainless911 Level 1 Level 1 (0 points)

Everytime I go to download a new app I get a prompt to choose 3 additional questions for security.  You can't choose your own questions and the questions they ask are asinine!  I didn't have a pet or a favorite teacher.  I can't remember where my first plane ride went or my favorite movie etc.....  This is just another irritant I don't need.  So far this is my only complaint with the iPad!!!


iMac, Mac OS X (10.6.8)
  • 1. Re: Additional security questions!!!
    lllaass Level 10 Level 10 (142,190 points)

    Just make up the answers and make sure you remember them.

  • 2. Re: Additional security questions!!!
    Stainless911 Level 1 Level 1 (0 points)

    I would have to write them down somewhere because I have no idea how to remember a lie!

  • 3. Re: Additional security questions!!!
    Meg St._Clair Level 8 Level 8 (38,425 points)

    Stainless911 wrote:

     

    I would have to write them down somewhere because I have no idea how to remember a lie!

    Whatever works.

  • 4. Re: Additional security questions!!!
    John Galt Level 8 Level 8 (36,425 points)

    Do this on a computer (not an iPad)

     

    • Go to https://appleid.apple.com
    • Click the blue "Manage Your Apple ID" button
    • Sign in with your Apple ID and password
    • Choose "Password and Security" from the left column
    • Choose "Reset your security information"
    • Confirm your identity by answering your existing security questions, if required.
    • You may then choose new questions or change your existing answers. If you don't want to "remember a lie" I recommend the option to create your own custom security questions.

     

    Important: On that page you may enter a "Rescue Email Address". That's important to have in the event you are unable to answer your existing questions in the future. If you forget the answers to your security questions, and without a "Rescue Email Address" your only recourse will be to contact iTunes Support via email. That could entail days of back-and-forth correspondence so that Apple can confirm you are really you.

     

    If you haven't yet entered a "Rescue Email Address" do it now!

  • 5. Re: Additional security questions!!!
    Stainless911 Level 1 Level 1 (0 points)

    John, Thanks for the info.  I did what you suggested and made up my own security question (great) BUT now it requires me to make up a new passord that I haven't used in a year!  I've used my old password for years and DON'T need a new password and DON'T want a new password!!   What crap!!!!!!!!!!!!!!!!!!!!!!!

  • 6. Re: Additional security questions!!!
    Meg St._Clair Level 8 Level 8 (38,425 points)

    Stainless911 wrote:

     

    I've used my old password for years and DON'T need a new password and DON'T want a new password!!   What crap!!!!!!!!!!!!!!!!!!!!!!!

    Not riculous at all. Using the same password for years is considered by many experts to be a security risk.

  • 7. Re: Additional security questions!!!
    Philly_Phan Level 6 Level 6 (11,710 points)

    Meg St._Clair wrote:

     

    Stainless911 wrote:

     

    I've used my old password for years and DON'T need a new password and DON'T want a new password!!   What crap!!!!!!!!!!!!!!!!!!!!!!!

    Not riculous at all. Using the same password for years is considered by many experts to be a security risk.

    True but so is everything else that we do with passwords.  I never did an actual count but I figure that I deal with close to a hundred passwords.  According to true security practice, no two should be the same and each one should consist of a quasi-random sequence of a minimum of eight numbers, letters (caps & LC), and special characters and none should ever be written down.  Yeah, right.

     

    I spoke to the several financial institutions that hold my savings and asked what a thief could do with my money if he/she had my password.  Turns out, not much.  If I'm withdrawing my funds, the money will be sent via check only to the mailing address on record (which can not be changed via web connection) or an electronic transfer will be sent only to a bank that could confirm that the account is mine.  I still wouldn't want it to happen but it's not as catastrophic as you might think.

  • 8. Re: Additional security questions!!!
    Meg St._Clair Level 8 Level 8 (38,425 points)

    I'm not saying that I change my passwords regularly (maybe I do, maybe I don't...) However, given that it is often recommended, the fact that Apple is requiring it doesn't seem at all surprising.

     

    Read an article recently that says much of corporate security thinking about passwords is wrong and encourages people to pick easy to remember (and guess passwords) or to write them down.

  • 9. Re: Additional security questions!!!
    Philly_Phan Level 6 Level 6 (11,710 points)

    Meg St._Clair wrote:

     

    Read an article recently that says much of corporate security thinking about passwords is wrong and encourages people to pick easy to remember (and guess passwords) or to write them down.

    I disagree completely with the author.  I'm not claiming that I practice what I preach but the author is dead wrong.

  • 10. Re: Additional security questions!!!
    Meg St._Clair Level 8 Level 8 (38,425 points)

    I'll have to track down the article for you. I'm making a hash at explaining it.

  • 11. Re: Additional security questions!!!
    John Galt Level 8 Level 8 (36,425 points)

    ... I've used my old password for years and DON'T need a new password and DON'T want a new password!! 

     

    I hear you. More and more places are turning to this arbitrary requirement. For such an innovative company as Apple not to come up a better approach to security is disappointing.

     

    I believe these so-called "security experts" are taking the easy way out. They fail to consider human nature and the practicality of requiring frequent changes using incomprehensible passwords. If you have a perfectly good, non-trivial password, who cares how long you have had it? Forcing a change every so often won't prevent it from being discovered. Arguably, it diminishes security since frequent changes make it more likely you will have to write it down.

     

    There are examples of better approaches. I have seen at least two banking websites that use an innovative idea, and Google requires additional scrutiny only when you log in from a location distant from your usual one. I think Apple can and should do better.

  • 12. Re: Additional security questions!!!
    Stainless911 Level 1 Level 1 (0 points)

    Thanks for all the comments!  I've given in and chosen a new password I have no chance of remembering and WRITTEN it down like everybody else (I know) does and hope I don't forget where my list is.  Also; like everybody else; I have at least 40 passwords and I doubt anyone remembers more than a couple of them.