Daniel from Marina del Rey
Level 1 (0 points)

Q: Forced Security Questions

I have a significantly long and secure password but I was forced to create three security questions.  These questions mostly related to things that are easily discovered and add a risk to my account that I do not want.  How can I remove these and only rely on my strong password?   It defeats the advantages of a strong password if anyone who knows me well enough can guess 2 of 3 of these questions. 

Posted on Jan 14, 2016 2:15 PM

by ckuan,Apple recommended
ckuan ckuan
Level 7 (34,344 points)
A:

It's not the questions, it's your answer that makes the difference.

Eg,

Q.: What's your favourite color:

A: Beetle, almighty.

Notice, you don't have to answer the question in the correct way. You just need to remember it, whatever it is.

Posted on Jan 14, 2016 2:27 PM

Close
Daniel from Marina del Rey

Q: Forced Security Questions

  • All replies
  • Helpful answers

Previous Page 2

  • by Daniel from Marina del Rey,

    Daniel from Marina del Rey Daniel from Marina del Rey Jan 15, 2016 10:18 PM in response to ckuan
    Level 1 (0 points)
    Jan 15, 2016 10:18 PM in response to ckuan

    Again, it's ok.  It's simple, I have been able to exist with my .Mac account since 2002, yes at least 13 years, with a strong password and no security questions and no two factor authentication.  I use two factor authentication where it maters but did not want to use it  with my .Mac, MobileMe, iCloud account and also chose to forgo the security questions until two days ago when it was forced.

     

    I was simply hoping someone might know of an undocumented way to return to this state.  Just a single, very complex password that I change a couple of times a year for more than a decade.  That was my point.  I'm not looking to add two factor authentication to replace the questions, I'm not trying to reset my password, I'm not trying to change my security question answers. 

     

    Of course I can suggest it to Apple but there was always a chance that someone might know of an existing solution. 

  • by LACAllen,

    LACAllen LACAllen Jan 17, 2016 11:05 PM in response to Daniel from Marina del Rey
    Level 5 (5,576 points)
    iCloud
    Jan 17, 2016 11:05 PM in response to Daniel from Marina del Rey

    The world has changed dramatically since 2002. Now you need as always, a strong password in addition to other measures. Passwords back in 2002 didn't need to be a certain length, have a number or an upper case letter and so on. You were an overachiever if you had a complex password that exceeded requirements. Good for you.

     

    That you have not had to comply until now is remarkable. But just like nickel loaves of bread and 25 cent a gallon gas, that time is over.

     

    Your search for weaker security will fail. You can debate that a complex password is not weak security and you will be wrong in the eyes of companies who face attacks each and every day.They set the standard and we have the choice to comply or not.

     

    If someone gave you a way to weaken the security of your account, why would you take it?

  • by Daniel from Marina del Rey,

    Daniel from Marina del Rey Daniel from Marina del Rey Jan 20, 2016 11:27 AM in response to LACAllen
    Level 1 (0 points)
    Jan 20, 2016 11:27 AM in response to LACAllen

    Choosing a max length password of random characters and symbols is weakened by allowing anyone to bypass it by knowing where I was born and my mother's maiden name which can be found rather easily with a search engine.   Of course I will not answer these security questions with correct answers but many will and some have had their account passwords bypassed.  It's a false security.  Two factor is a great option but most Banks, Google, etc, those who face the most security threats, offer strong passwords, optional two factor authentication, and often force a mobile phone or secondary email address where they can send a confirmation code.  They have mostly done away with Security Questions online that do not involve a PIN as they are a weakness. 

     

    I did not intend this as a debate over security questions, only a casual query if anyone knew of a work-around remove an inconvenience that has failed spectacularly for a number of those who actually answered them honestly but is mostly an inconvenience for those of us who manage their passwords properly. 

     

    ...not to mention the other implementation issues they have had with them.  http://www.theatlantic.com/technology/archive/2012/08/security-questions-the-big gest-joke-in-online-identity-verificatio…

Previous Page 2