App Store Security or Phishing

I never said I was switching to another product. I just said I was not going to use the iPad at this point because of their policy. It is okay.

If you are fine with giving out your info, go right ahead. It is okay if someone does not like something that another person says or does.

I am happy to see security improved, but without doubt someone has selected possibly the worst set of security questions I have ever seen in 20+ years of computing. Even a choice to add you own questions might have been possible, such a shame an opportunity missed.

It's quote likely this is not specific to the iPad, but it iTunes/AppleID in general.

I also initially thought its phishing, just by the number and intrusiveness of the questions. Even though this later appeared to be legit, I'm officially asking apple to exclude me from this survey. Why?

There are bunch of websites, including online banking that as a security measure include one or maximum two of these types of questions. Having you and me answered bunch of those at once gives invaluable tools for hackers and identity thieves. If it's phishing, now all they need to do to restore passwords and any other information on other websites is plug the answers in. If it isn't, then apple has all this information and one day may become at thugs disposal (remember Sony?).

I am sick and tired of intrusiveness of apple and other companies (almost all of them in that matter). If it's free app, why should I tell you all my personal info. If it's not free, why should you need anything other than my credit card number to pay and why should you store my credit card number in your database?

This is becoming ridiculous.

I was puzzled by the pop-up as well this morning, figuring it was in response to somebody trying to hack my account or something.

I don't mind an additional layer of security and some security questions, but this is a very very very poor implementation.

There is no Skip button to bother me with these questions in a few days.

There are only five questions with a variation of first, favorite and least favorite.

Some of these answers are public knowledge and not secure.

There's also a problem with some answers being correct whether they are type one of three ways (car brand, car model, car + model) do you include mr or ms?

Most of these questions I don't know the answer to as too much time has passed or they are simply a question I would never ask myself or haven't thought about in several decades.

Like first teacher?! Kindergarden? Primary school? Seriously?!

I skipped half of kinder garden. Only recall where it was.

Primary school. I recall one teacher's name ... but he did 3rd grade I thought.

Favorite teacher? When? That's an answer that evolves through time. There was a very nice lady in primary school, but I don't recall her name. So, maybe I should pick the "hot" teacher from art class in high school?! She had a German name ... mmmmm

... What the heck is Apple thinking asking me these obscure questions?

So, right now I am locked out of my account. I don't want to answer the obvious public knowledge ones. The obscure ones I don't want to answer with fake answers ... which I will never ever remember when the day comes I need to answer these questions again.

... looking for answers ...

If only they let you write your own questions or just stuck to a verify with primary and alternate email address system.

A simple set of three answers could for example have the same word/text for each answer but put the number 1 after your first answer, number 2 for second, 3 for third, ( for first / favourite / least favourite) after your chosen secret word. These three different answers may be more easily remembered by those in our senior years when remembering which day it is can sometimes be a challenge (not).

Not a bad idea, but then you have to remember that you faked the answers and how are you going to remember to add 1/2/3? Typically the security questions I get from existing accounts is where they only ask one of three; on top of user name and password. Might just be better to answer them all the same, without a number.

I'm by no means senior, but if it weren't for the news and a calendar, I wouldn't know what day it is. Between working every day, spending time on the road and no kids in school ... all days seem extremely similar to me. It used to be worse with working three different shifts in two days. You'd answer the phone in the middle of the afternoon and say good morning, because you just woke up 😉

I had this happen last night, I entered in my password twice. Then two hours later (at 1am) I received an email from Apple saying that my account email address had been updated, then another one 5 hours later saying that the main email address had been changed. When I turned the computer on at 9am I thought it looked suspicious, so I immediately reset my iTunes password, then checked iTunes and my account had been used to buy a whole lot of crappy chinese music.

Of course, being Apple, I've spent 20 minutes trying to find who to contact about this, to no avail.

You guys really don't see how Unsecur this is? All I need to do is find your facebook account or an old myspace or your twitter feed to find the answer to most of these questions. Just because there are multiple steps does not mean that it is more secure. And really, requiring everyone that uses the app store to have more than one e-mail address. This is not security, this is to make people feel better about apple. This does NOTHING to enhance the security of your account.

Stover\'s Net Connection wrote:

You guys really don't see how Unsecur this is? All I need to do is find your facebook account or an old myspace or your twitter feed to find the answer to most of these questions.

Only if you put all that information out there in FB or MySpace or Twitter. Some people don't put their whole lives on public view. You can also make up the answers to the questions. They don't have to be the "real" answers.For example, I never give my mother's maiden name for verification purposes. I use a different name. On many sites, I don't use my real birthdate, either. As long as I know the answer to the verification questions, it doesn't matter what they are.

So where do you keep this list of fake answers? Please don't tell me you keep then in a text file on your computer. Do you use the same fake answer to all sites? You do understand that these answers are used to unlock your account if it happens to be locked right? Where are you if you forget your fake answers? We are talking about SECURITY here, both to keep others out and maintain the ability for you to get back in. Providing fake answers might address the first but severly limits the second.

You are aware of things like password keeping programs (including one that comes built in to Macs). Why would I tell you where I keep my passwords? Or if I use the same ones for multiple sites? We are talking about SECURITY

Where are you when you loose your mac because of fire, theft, drive failure ect.... When you lose the data in that app for what ever reason are you going to be able to remember what you answered to all the security quetions you gave fake answers to? Look I know your type I deal with them every day, it is what pays my mortgage. I know you have the answer to everything, right up to the point where you no longer have them, then its Apples, Microsoft's or Google's fault because you cant get in.

I have the answers I need to feel that my data is secure and I have given you very little indication of what those answers are. You don't know how many offsite back ups I keep or how I chose to back things up. Suffice it to say, I'm comfortable with what I'm doing. You sound like you're on some sort of mission. Enjoy.

WOW. I am on a mission, that is to keep people safe from being lulled into a false scene of security, you turned this into something personal. I am talking about the millions that do not have backups off site..... Never mind, you win. I would have thought someone with as many posts would welcome an adult conversation.