Avoid answering security questions

Encrypted11 wrote:

Philly_Phan wrote:

It won't improve security if you tell the world that you're using the same answer. Perhaps you're unaware but all security mechanisms depends on you keeping your mouth shut.

True for 2 factor authentication as a security solution? That's more like safekeeping of the device. I don't know why is it so difficult for Apple to implement such a security solution.

A 2-factor device that generates the code from the algorithm can come in virtual forms like apps or even a physical device. That's real security people are using in offices, rather than falling back on security questions.

I'm not in the habit of using a shotgun to kill a mosquito.

Philly_Phan wrote:

Encrypted11 wrote:

Philly_Phan wrote:

It won't improve security if you tell the world that you're using the same answer. Perhaps you're unaware but all security mechanisms depends on you keeping your mouth shut.

True for 2 factor authentication as a security solution? That's more like safekeeping of the device. I don't know why is it so difficult for Apple to implement such a security solution.

A 2-factor device that generates the code from the algorithm can come in virtual forms like apps or even a physical device. That's real security people are using in offices, rather than falling back on security questions.

I'm not in the habit of using a shotgun to kill a mosquito.

But gee whilikers, Philly. Just think how impressive you would sound while doing it. 😉

That banal **** some people choose to get their panties in wad over sometimes amazed me.

As for the OP: Its a VERY common security protocol, in use all over the web. Give things a little time, it will change again. It is effective, but yes does require that you use more than two brain cells. Such is life. Get over yourself.

Philly_Phan wrote:

Encrypted11 wrote:

Philly_Phan wrote:

It won't improve security if you tell the world that you're using the same answer. Perhaps you're unaware but all security mechanisms depends on you keeping your mouth shut.

True for 2 factor authentication as a security solution? That's more like safekeeping of the device. I don't know why is it so difficult for Apple to implement such a security solution.

A 2-factor device that generates the code from the algorithm can come in virtual forms like apps or even a physical device. That's real security people are using in offices, rather than falling back on security questions.

I'm not in the habit of using a shotgun to kill a mosquito.

Not a thing about shotgun. Simple web services from google are using this already, games are beginning to use it, offices are already using it. Companies are understanding the vulnerabilities of contemporary solutions like security questions. The rippling effect is that the practice of this security measure is coming from top down, services requiring high secrecy all the way to regular gaming.

No doubt 2 factor is more secure than security questions. That's undeniable.

Security is never an overkill because there's nothing out in the industry that's 100.00% secure and how tough is it to use such a device?

Just push the button, type the generated code from the algo into the relevant fields. The extent of the security is also highly customisable.

You can have numeric 4 character 2-Factor authentication, you can even have those with alphanumeric combos with longer strings of characters.

Just be complacent and just wonder how many waves of Flashback and Codesigning hack can one withstand.

IF being more secure is a thing of the past, look at mail clients. Which one of them out there doesn't have SSL these days?

Philly_Phan wrote:

As for the OP: Its a VERY common security protocol, in use all over the web. Give things a little time, it will change again.

Lul..

James Ward4 wrote:

But gee whilikers, Philly. Just think how impressive you would sound while doing it. 😉

😁

Like you, I can't believe that this got started over a handful of basic questions.

Philly_Phan wrote:

James Ward4 wrote:

But gee whilikers, Philly. Just think how impressive you would sound while doing it. 😉

😁

Like you, I can't believe that this got started over a handful of basic questions.

Absolutely amazing

You can't use the same answer for more than one question. It won't let you.

I'm also annoyed at this. Not because I hate the idea of security. Not because I don't want to take a minute to answer a couple of basic questions. But because these questions are literally unanswerable for me. I have never had a car. I didn't have a favourite teacher. I don't remember what concert I first went to. I haven't liked any of my jobs. Of the possible questions for question 2, in particular, I cannot answer a single one.

After much thought, I worked out an answer to one of them. But no, not allowed. It was one about which city I did something in. It's the same city I did quite a lot of things in, and so it was my answer to all three questions. But I can't use the same answer more than once.

Apple have provided a very small range of questions to choose from, which are very poorly thought through. They assume that you're a car owner, that you're a concert-goer, that you have definite and abiding favourites from your childhood, and so on. They also assume that all the key moments from your life occurred in cities. The cultural bias is American (even the spelling of "favorite" is American, even for non-American customers). And "city" means something different in America from other countries (in America it means pretty much anything from a tiny hamlet upwards, but elsewhere it is more restrictive). Outside America, not everyone owns cars. And so on. All these "favourite" questions are plain odd; how many people have, say, a "least favourite job" to the extent that whenever asked that question they'd always answer the same?

It baffles me that Apple do not allow users to create their own questions, as other companies do. It baffles me even more that, having decided not to do this, they provide such a limited range of questions to choose from.

It means that before I can buy anything else from them, I'm going to have to invent three made-up answers to these questions, write down those answers, and find somewhere safe to keep them. Then, if I'm actually asked these questions in the dim and distant future, I'm going to have to remember that I didn't answer them truthfully but invented answers, and I'm going to have to remember where I put them. Perhaps this isn't a problem for the kind of people who remember what the first album they bought was, or who their favourite teacher was, but for those of us with ageing brains it's quite a hassle that could have been easily avoided by a better thought through security procedure on Apple's part.

Get used to it.

Many web sites (banking, insurance, financial, etc.) employ the security question technique (which is a good system IMHO) to help prevent fraud. This seems like a good idea to me.

JonathanCR wrote:

...but for those of us with ageing brains it's quite a hassle that could have been easily avoided by a better thought through security procedure on Apple's part.

I'm 70 and I've had no problem.

My problem is that the questions are so indistinct with multiple possible answers or configuration of the answers (e.g. Vauxhall Astra, Astra, The Astra etc etc for a car, Sarah, Sarah Cook, Cookie for a name - remembering both the answer and its configuration will be very difficult). This forces users to have a passwords file either on their computer or physically which is a greatly increased security risk.

I am only 32 and can't answer nearly all the questions as well (really can't remember first kiss, only had one car, no favourite teacher (all good!) can't remember first concert etc etc) so there is no natural response I won't have to either try to remember on top of all the other passwrds (and I work in finance, I have a LOT of passwords) or scibble down somewhere and hope it doesn't get found and used by someone else.

I have an Ipad 2 and on that there is certainly no option to create your own questions which would solve all these problems. If you can on an itunes account on a PC or Mac I assume I may need to create/access one to do this but don't want to do all that without verification that that is the case.

This is a practical problem and not a complaint about the nasty security trolls or somesuch!

'Where was your favourite job?

That could mean city - e.g. London

That could mean type - e.g. the pizza place, the bank, the cinema

That could mean company name - e.g. Apple

That could mean full company name - e.g. Apple Inc

A better question would be 'What is the full name of the favourite company you have worked for?' - at least that gives a definite structure to the answer if it is the question chosen.

I suspect that most persons (the younger ones, those under 90) will simply use whatever term that they normally use. I don't know the full name of the favorite company that I worked for but I do know exactly how I identify it. Any customers in the 90s and up will probably need assistance from relatives.

If this is really that hard for you, perhaps Apple just doesn't want your business and this is their way of telling you.

So Apple don't want the business of affluent people in their 30s? Those who have grown up with their devices and have the disposable income to spend? Only a madman would think Apple want to ditch that demographic. You will also note that 32 is under 90.

I don't normally talk about my favourite car, favourite teacher, etc and the very fact that this then relies on 'normally' means that when faced with having to answer the question you may end up answering wrongly. If I had an employee who 'normally' showed up to work he wouldn't last long.

It is such a simple thing to allow users own questions, make the questions exact or even give the full list of fifteen questions in all three cases (I can actually answer two in the last set without problem but none in the middle one).

For a company the scale of Apple this is simply poor despite the very praiseworthy intensions.

Tangentical wrote:

So Apple don't want the business of affluent people in their 30s?

Sure they do.

Tangentical wrote:

You will also note that 32 is under 90.

You're kidding! Wow, I didn't know that.

Tangentical wrote:

For a company the scale of Apple this is simply poor despite the very praiseworthy intensions.

Their business model appears to be working.

I ddn't realise that a working business model made a company incapable of errors or mistakes.

Now I know this secret i'm going to invest all my company's money in the hunt for a Unicorn and attempts to genetically engineer geese that lay golden eggs.

I'm still not sure if Yeti hunting is a money spinner though.

Tangentical wrote:

I ddn't realise that a working business model made a company incapable of errors or mistakes.

I certainly wouldn't tamper with the most successful business model in the world simply to satisfy a handful of complaints.