I have a significantly long and secure password but I was forced to create three security questions. These questions mostly related to things that are easily discovered and add a risk to my account that I do not want. How can I remove these and only rely on my strong password? It defeats the advantages of a strong password if anyone who knows me well enough can guess 2 of 3 of these questions.
Set up a rescue email address if you haven’t already, go to a page which asks for the answers, and use the reset link even though you know them.
(138390)
It's not the questions, it's your answer that makes the difference.
Eg,
Q.: What's your favourite color:
A: Beetle, almighty.
Notice, you don't have to answer the question in the correct way. You just need to remember it, whatever it is.
It defeats the advantages of a strong password if anyone who knows me well enough can guess 2 of 3 of these questions.
It is up to you what answers you pick for the security questions. You do not need to answer them truthfully, and then your answers are harder to guess.
The security questions will be used, if your account has to be closed for security reason and you need to give Apple Support a call to get the account activated again. Apple Support will use these questions to confirm your identity.
Yes, I do this with a number of other sites which eventually requires a password manager. It's very inconvenient but most will answer these honestly which lowers security.
I've had an Apple account since .Net and .Mac.... I have been able to ignore this requirement until now as it no longer allowed me to manage the account until I set these. Again, of course I could enter three more random answers but these security questions have historically been a weak point for many. I would prefer to use a single strong password with optionally available two-factor authentication, as Google, gaming, and many banking sites have offered for some time. Forcing security questions are not ideal.
It's an addition to your security.
You should also use the 2 step verification for Apple ID
Frequently asked questions about two-step verification for Apple ID - Apple Support
Thanks but I don't want to change them, I was making a suggestion that they remove the requirement and chose a modern solution to this issue.
Again, these have historically been a weak point for many who chose to answer them honestly. There are better solutions. I was mostly disgruntled from having to finally set them after many years of being able to ignore them.
Did you read the 2 step verification?
If that's not good enough, send a feedback to Apple.
I think you are missing the point but it is ok. I'm not after stronger security, I'm suggesting they stop using security questions that are limited to well known subjects that most will answer honestly leaving themselves vulnerable. If they must, make them optional. I'm really not looking for a work-around to my original question, I know them. I simply wondered if I " can I remove these and only rely on my strong password? "
Daniel from Marina del Rey wrote:
I think you are missing the point but it is ok. I'm not after stronger security, I'm suggesting they stop using security questions that are limited to well known subjects that most will answer honestly leaving themselves vulnerable. If they must, make them optional. I'm really not looking for a work-around to my original question, I know them. I simply wondered if I " can I remove these and only rely on my strong password? "
Sorry no, it's you missing the point what this forum is about.
Read my previous post again.
You can tell Apple about your wishes, we don't have to agree but nobody here can change what Apple does.
As was suggested earlier, you can avoid using Security Questions altogether by using Two Step Verification:
Cheers,
GB
As was suggested earlier, you can avoid using Security Questions altogether by using Two Step Verification:
Will it work, if you have to talk to Apple's account security support team, because Apple disabled your account for security reasons? I had my password and my trusted devices, but only the answers to the security questions convinced Apple to enable my iTunes Store account again and to give me access to all my purchases.
If someone gets hold of your credit card number and goes shopping with it at the iTunes store (using an arbitrary AppleID that is not your AppleID), Apple will disable all your AppleIDs using the credit card in question for security reasons. My password and my trusted devices did not help in that case, because someone else with a different AppleID had been causing the problem. The security questions helped to prove my identity and get me my accounts and my money back.
Again, it's ok. It's simple, I have been able to exist with my .Mac account since 2002, yes at least 13 years, with a strong password and no security questions and no two factor authentication. I use two factor authentication where it maters but did not want to use it with my .Mac, MobileMe, iCloud account and also chose to forgo the security questions until two days ago when it was forced.
I was simply hoping someone might know of an undocumented way to return to this state. Just a single, very complex password that I change a couple of times a year for more than a decade. That was my point. I'm not looking to add two factor authentication to replace the questions, I'm not trying to reset my password, I'm not trying to change my security question answers.
Of course I can suggest it to Apple but there was always a chance that someone might know of an existing solution.
Forced Security Questions
