Avoid answering security questions
APp store insists that answer security questions. I do not want this. How can I get around that window?
iPad 2 Wi-Fi
Apple’s Worldwide Developers Conference to kick off June 10 at 10 a.m. PDT with Keynote address
The Keynote will be available to stream on apple.com, the Apple Developer app, the Apple TV app, and the Apple YouTube channel. On-demand playback will be available after the conclusion of the stream.
The Keynote will be available to stream on apple.com, the Apple Developer app, the Apple TV app, and the Apple YouTube channel. On-demand playback will be available after the conclusion of the stream.
APp store insists that answer security questions. I do not want this. How can I get around that window?
iPad 2 Wi-Fi
"I now have a new understanding of how easily some users' accounts are compromised, how their identities are stolen, how their bank accounts have been emptied out, credit ratings ruined."
Irony.
My bank asked these same questions. Now, I am supposed to give the password-reset security answers for my bank to a random acne plauged employee at Apple?
I am shocked so few people comprehend the *real* security issue being discussed here. I am equally shocked that the standing answer is to just accept it an not bother thinking.
CapFan wrote:
"I now have a new understanding of how easily some users' accounts are compromised, how their identities are stolen, how their bank accounts have been emptied out, credit ratings ruined."
Irony.
My bank asked these same questions. Now, I am supposed to give the password-reset security answers for my bank to a random acne plauged employee at Apple?
I am shocked so few people comprehend the *real* security issue being discussed here. I am equally shocked that the standing answer is to just accept it an not bother thinking.
^this
Can't thank you enough CapFan for coming along to restore my faith in humanity.
@Ikrupp as to your comment about "getting used to it." You are correct there is little I can do. I probably have less power to change this poorly implemented policy from Apple than I do to change the ridiculous security theater at airports. Your second comment, as has already been call out above is certainly unintended irony.
If Apple had sent me an email telling me about their new policy or put a link on box where I was first asked for my three new questions that directed me to a page of instructions, I still would have grumbled. I'm not opposed to web security. The clumsy way Apple presented this new theater made me think I'd picked up some malware. Those of you who never even thought about it....
CapFan wrote:
Now, I am supposed to give the password-reset security answers for my bank to a random acne plauged employee at Apple?
Oh?
With posts like that, don't expect sympathy here.
Posts turning into personal attacks show how much yaysayers are covering up for this weak system. To add on, the more people probe these guys experiencing the issues the more the number of security flaws exposed.
Firstly, security questions are so Jurassic and prone to hijacks. Wonder how many old age systems are using them?
Secondly, from what I'm hearing, these questions are predetermined? Some are not even able to change them? So let it be, let the hijackers roll in - if an account's security back door is left open?
Why isn't Apple as the company with the world's highest capitalisation using new age security like 2-factory authentication???
I'm glad my bank is using this, Google is using this too and I'm beginning to kiss goodbye to "wuss the secret key phrase" kind of security.
CapFan wrote:
"I now have a new understanding of how easily some users' accounts are compromised, how their identities are stolen, how their bank accounts have been emptied out, credit ratings ruined."
Irony.
My bank asked these same questions. Now, I am supposed to give the password-reset security answers for my bank to a random acne plagued employee at Apple?
I am shocked so few people comprehend the *real* security issue being discussed here. I am equally shocked that the standing answer is to just accept it an not bother thinking.
As has been stated here already you are not required to use the "same" questions as your bank, or even answers. You can create your own. The answers themselves don't have to be the correct ones either. In fact more security conscious users intentionally input screwy answers (that make sense to themselves only) to normal questions to enhance the security.
But the bottom line is as it has always been. Comply or leave. All the arguing and castigating in the world won't change that. Online security is changing rapidly. In a short time almost all web sites that store personal information will be doing this or something similar. Banks and credit cards companies have been doing this for several years now. iTunes is just following the trend.
lkrupp wrote:
You can create your own.
No you can't this is one of the reasons that this is a bad policy that doesn't enhance security. Each of the three quesitons has only 5 choices.
lkrupp wrote:
But the bottom line is as it has always been. Comply or leave.
I hear your chest pounding. Do you work for Apple?
Nice.
You do know he said you can creat your own answers. They can be fake.
DcBEARcD wrote:
lkrupp wrote:
You can create your own.
No you can't this is one of the reasons that this is a bad policy that doesn't enhance security. Each of the three quesitons has only 5 choices.
lkrupp wrote:
But the bottom line is as it has always been. Comply or leave.
I hear your chest pounding. Do you work for Apple?
Well, I have the option to create my own questions for my account. So yes I can.
I will submit to the new requirement... But not happy about it. I'll have to make up nonsense answers, and be sitting in front of my Mac so I can type in the questions and answers in to mSecure (my favorite password manager which I have on Mac, pc, iPad, and iPhone).
tyler39 wrote:
You do know he said you can creat your own answers. They can be fake.
For some reason, he thinks adding his own answers is "proof that the policy does not work".
Chris CA wrote:
tyler39 wrote:
You do know he said you can creat your own answers. They can be fake.
For some reason, he thinks adding his own answers is "proof that the policy does not work".
Perhaps I wasn't clear
what I meant to say and maintain is if I'm allowed to use the same answer for all the questions the policy doesn't improve security
So don't use the same answer for every question.
DcBEARcD wrote:
Chris CA wrote:
tyler39 wrote:
You do know he said you can creat your own answers. They can be fake.
For some reason, he thinks adding his own answers is "proof that the policy does not work".
Perhaps I wasn't clear
what I meant to say and maintain is if I'm allowed to use the same answer for all the questions the policy doesn't improve security
It won't improve security if you tell the world that you're using the same answer. Perhaps you're unaware but all security mechanisms depends on you keeping your mouth shut.
Philly_Phan wrote:
It won't improve security if you tell the world that you're using the same answer. Perhaps you're unaware but all security mechanisms depends on you keeping your mouth shut.
True for 2 factor authentication as a security solution? That's more like safekeeping of the device. I don't know why is it so difficult for Apple to implement such a security solution.
A 2-factor device that generates the code from the algorithm can come in virtual forms like apps or even a physical device. That's real security people are using in offices, rather than falling back on security questions.
Avoid answering security questions