iTunes Users Upset Over Apple's Security Questions

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
I don't know what these guys are complaining about, if I was making iTunes security questions, I would ask stuff like "what's your favorite flavor of kool-aid" and "what color is the sky in your world." :D

Some people chiming in on Apple Support Communities say the answers to certain questions are too easy to figure out or are public knowledge. Others are saying they don't even know the answers to certain questions. A few have suggested that Apple let users choose their own questions. And some are upset that there was no advance warning of this added security measure.
Click to expand...
 
The answers to those questions are only to easy to guess if you are stupid enough to provide the correct answers. Make one and and remember it. Or use a password manager.
 
Don't know what they are complaining about, choice is not a staple at apple.

Surprised they don't have questions like: What company makes magical devices?
 
xxEIEIOxx said:
The answers to those questions are only to easy to guess if you are stupid enough to provide the correct answers. Make one and and remember it. Or use a password manager.
Click to expand...

^ This, always this. Why on earth would anyone actually give an accurate answer to the question? It's just flat out common sense to answer the question with something completely unrelated that you can associate with the question. Security questions are nothing more than a password hint for each individual user to figure out. They are not meant for a user to accurately answer as any of said accurate answers are wildly easy to find. I blame social networking and people willing handing out every single detail about their life for answering these questions accurately. The very first rule of security and safety on the internet when it came to proliferation is you never give out your real information. Though obviously this is irrelevant to making purchases and similar usages that didn't exist back in the day when the internet only consisted of Yahoo! chat, ICQ, and Angelfire. . .
 
Racer_J said:
The very first rule of security and safety on the internet when it came to proliferation is you never give out your real information.
Click to expand...
Apple requires your first and last name, address, credit card information and other personal information for your Apple ID/ iTunes account. Telling them who your favorite English teacher was is of no genuine risk, and the fear of providing such information is born of pure paranoia.
 
A few have suggested that Apple let users choose their own questions.
Click to expand...

HAHAHAHAHA.... Funniest thing I have read this year.

Suggesting Apple let you choose something? Sorry buddy, that ship sailed the second you bought an Apple product.
 
I get so fed up with Apple haters. You know, deal with it people. I have an iphone and i guarantee that I make more than a ton of users in this Forum, and I'm in IT.

I bought a phone because it's easy to use, my wife has one, and the games are great on it. Did I have an android before this? Yes, an Evo. Do I mind the Apple security questions, or policies, or the like, eff no. It works, it's fast, and the features I wanted are in it.

Could I buy an Android? Sure, and then deal with the flavor of the month phone and OS update.

Not everyone who has this damn phone is a moron, or loser, or simply likes Apple telling them their opinion. It works and it delivers what I wanted in a phone. Android didn't at the time and that's why I switched.

The security questions? Who the eff cares!!!! They were simple enough questions, even if I didn't get the option to define my own. I just chose questions I had answers to and went on my damn merry way. All of 2 minutes of my time.

Damn I get tired of the stupid Apple hate by Android fan boys. I was on your side of the fence and it didn't deliver what I wanted and I know how to root, program, and customize a damn phone.

Anyway, both sides blowing the security questions deal out of proportion. Who cares. Answer the damn questions and move on.
 
xxEIEIOxx said:
The answers to those questions are only to easy to guess if you are stupid enough to provide the correct answers. Make one and and remember it. Or use a password manager.
Click to expand...

Ding ding ding. I make it a habit of providing "wrong" answers to security questions. If you're worried about people figuring it out that is the obvious thing to do. Except if you're an Apple customer apparently.
 
wonderfield said:
Apple requires your first and last name, address, credit card information and other personal information for your Apple ID/ iTunes account. Telling them who your favorite English teacher was is of no genuine risk, and the fear of providing such information is born of pure paranoia.
Click to expand...

You completely missed the entire point of what I said. Not answering security questions accurately has absolutely nothing to do with paranoia or "trying to stay off the grid". It has to do with making said answers incredibly difficult for anyone other than yourself to answer. My post had absolutely nothing to do with not giving truthful information to Apple (or any other company that needs it) out of a risk to them obtaining more personal information which they would already be able to access.

The reason I brought up social networking, the willingness to hand out any and all information, etc. was to illustrate the fact that it's made people lazy with their security. Answering a secret question that anyone could answer with a few minutes of research entirely defeats the purpose of choosing a secret question and answer. The questions have to be limited and generic for the sake of practicality. The answer (which is by far the most important part) does not have to be generic and easily guessed by someone that has no business trying to access whatever they are trying to access.

I see you took the time to remove the very next sentence so I'm guessing you also failed to read it, comprehend it, or were in a rush to brand someone as paranoid. Since you obviously chose to exclude it though in order to make your post sound valid:

Though obviously this is irrelevant to making purchases and similar usages that didn't exist back in the day when the internet only consisted of Yahoo! chat, ICQ, and Angelfire. . .[/QUOTE]
 
mecra said:
I get so fed up with Apple haters. You know, deal with it people. I have an iphone and i guarantee that I make more than a ton of users in this Forum, and I'm in IT.
Click to expand...

Uhm, the people bitching are Apple users and owners. Granted there are five people trolling in this thread trying to get their e-peen on but that's really not what this thread is about. There is some irony though in you QQing about the trolling then trying to get your e-peen on by attempting to brag that you make more than other people on an internet message board. You're just begging people to troll you.

The rest of us are discussing how inane it is to get upset over limited and easily guessable security questions because all of these questions are generic and easily guessable if answered truthfully regardless of what company/institution is issuing them. The OP was even pointing out he didn't get what the complaints were about. In addition to that if even half of the comments made in the actual link are actually true:

e.g. "I can't answer what my first car was because I have never owned one"

Then those people should be bumped down several grades or sent back to school entirely as they have no business being loose in society.
 
"What was the first car you owned?" Ticonderog@6598659Sh1TFVcK
"Who was your first teacher?" Slappyh@tfish8@1t
"Who was your best childhood friend?" C@thol!cPr1est
"In which city were you first kissed?" KLEINFELTERSVILLE

Save to passkeeper.

/rant
 
I am glad that somebody is finally complaining about the stupid questions that are asked. For work we are upgrading some systems and part of our that is our online billing system. I had to create questions that we want to use for security stuff like this. I stayed away from the stuff like "who was your first grade teacher?" "who was the first person you kissed?" "what city where you born in?" All of this stuff can be found through stuff like facebook, or is known by your friends, or could be found by somebody easily if they already know a little about you.

Looking at a few guides online it didn't suggest something like what city was your first kiss as again that would be too easy for somebody that knows you. It was stuff like where was your second kiss? something you were less likely to tell people.
 
Security questions are a FARCE of a security measure. Like passwords, they are so easily compromised, they only add trouble for the user, and add little to not effort for the person attemping to compromise the account. Unfortunately more and more people are moving this way include the U.S. Gov't. They are all idiots the lot of the.

The ONLY way to secure an account is by educating the user.

Instead of making security questions, they should give a security test.
 
The questions sucked. I was surprised we couldn't type our own. Chase allows custom questions and my credit union, as well.
 
These are the same suckers that will give you the answer to any question you ask them as long as you tell them its in their best interests.

Bait. Hook. Reel.
 
Yeah it was a bit annoying when I went to install an app on my iphone the other day and get asked to put in security questions. I just put in random shit because it was in my way :p

To all the people saying the real answers are easy to obtain... really? How much information do you guys put out there on social sites? I have a facebook account, but I'm pretty sure only my close family and maybe one or two friends would know my first pet, if the school has records going back that far you could find my first grade teacher, but it wouldn't be "easy", first car a lot of people would know because it's a distinctive car, first kiss I'm struggling to think of anyone who would know that, it's not like I jump up and down and tell people. Hell, even the town I grew up or the town I was born, they'd be things you COULD find out, but wouldn't be obvious unless you also stole my wallet which has my parents' address on it and also stole my passport/birth certificate which has town of birth. None of those things are on my facebook page.

No wonder everyone hates facebook if they can't stand putting all their deepest darkest secrets on it.
 
Tudz said:
To all the people saying the real answers are easy to obtain... really? How much information do you guys put out there on social sites? I have a facebook account, but I'm pretty sure only my close family and maybe one or two friends would know my first pet, if the school has records going back that far you could find my first grade teacher, but it wouldn't be "easy", first car a lot of people would know because it's a distinctive car, first kiss I'm struggling to think of anyone who would know that, it's not like I jump up and down and tell people. Hell, even the town I grew up or the town I was born, they'd be things you COULD find out, but wouldn't be obvious unless you also stole my wallet which has my parents' address on it and also stole my passport/birth certificate which has town of birth. None of those things are on my facebook page.

No wonder everyone hates facebook if they can't stand putting all their deepest darkest secrets on it.
Click to expand...

You would be amazed all the information people willing hand out and what a simple free background check from just knowing your name will turn up so, stop and think about everyone that knows your name. In fact, with the information you can dig up, you will know five numbers of a person's social security number provided you know how the numbers are chosen which just takes a little digging if you don't. You personal information is not even remotely as secure and hard to come by as you think it is. Granted some of the questions if answered accurately need a bit of gossip/word if mouth/banana phone (e.g. someone's first kiss as you pointed out) but just because you never told doesn't mean the other person didn't.

BTW finding out your first grade teacher would also be pretty simple if someone knows your name, your age (which they will know since they can get your D.O.B from knowing your name), and can deduce what school you went to. The answer will be in any given number of documents and yearbooks.


It's not a question of being able to find out the information. It's a question of if anyone would take the time to do so. Given the amount of fraud and scams out in the world, it's worth the effort to someone at some given point in time hence why xxEIEIOxx and I are somewhat dumbfounded that anyone would ever provide an accurate answer to a question that anyone with a few minutes to spare could answer. Far to many people blindly put their faith into additional security measures. Selecting an accurate answer is really no different than setting your password to 1234556.
 
mecra said:
I have an iphone and i guarantee that I make more than a ton of users in this Forum, and I'm in IT.
Click to expand...

Soapbox is that way>>>>
Go there and stroke yourself all you want.

mecra said:
The security questions? Who the eff cares!!!!

blah, blah, blah.......

Who cares. Answer the damn questions and move on.
Click to expand...

Lot of rage for someone who doesn't care.:rolleyes:

mecra said:
Not everyone who has this damn phone is a moron, or loser.....
Click to expand...

Maybe not, but you sure qualified yourself as one by your post.
 
Racer_J said:
You would be amazed all the information people willing hand out and what a simple free background check from just knowing your name will turn up so, stop and think about everyone that knows your name. In fact, with the information you can dig up, you will know five numbers of a person's social security number provided you know how the numbers are chosen which just takes a little digging if you don't. You personal information is not even remotely as secure and hard to come by as you think it is. Granted some of the questions if answered accurately need a bit of gossip/word if mouth/banana phone (e.g. someone's first kiss as you pointed out) but just because you never told doesn't mean the other person didn't.

BTW finding out your first grade teacher would also be pretty simple if someone knows your name, your age (which they will know since they can get your D.O.B from knowing your name), and can deduce what school you went to. The answer will be in any given number of documents and yearbooks.


It's not a question of being able to find out the information. It's a question of if anyone would take the time to do so. Given the amount of fraud and scams out in the world, it's worth the effort to someone at some given point in time hence why xxEIEIOxx and I are somewhat dumbfounded that anyone would ever provide an accurate answer to a question that anyone with a few minutes to spare could answer. Far to many people blindly put their faith into additional security measures. Selecting an accurate answer is really no different than setting your password to 1234556.
Click to expand...

Not only that but you are still assuming this person trying to hijack your account doesn't know you. It isn't always the person 2000 miles away trying to do this. It could be your brother who steals to feed a drug habit trying to get access to your bank account (talking about any site using questions not iTunes alone), could be the kid next door stealing information. Then of course there is anyone that is famous, if they like it or not their life's story is all over so it's even easier to get the answers to stuff for them.
 
you know when my dad died, I was really glad his security questions were easily answered on yahoo, his email gave me access to everything, which made cleaning up his estate a lot less of a headache than it could've been
 
Racer_J said:
Answering a secret question that anyone could answer with a few minutes of research entirely defeats the purpose of choosing a secret question and answer. The questions have to be limited and generic for the sake of practicality. The answer (which is by far the most important part) does not have to be generic and easily guessed by someone that has no business trying to access whatever they are trying to access..
Click to expand...
The claim you make that these are questions anyone could answer within "a few minutes" is a bogus one. You must answer two of the three security questions to gain access to an account, and, if you choose the questions wisely, they are questions only you will have the answers to, unless you are extraordinarily careless about protecting that information from others. The key is to choose the questions wisely, which is why Apple provides a number of them for you.

I provided the true answers to the questions I chose. If I were to provide you with my Apple ID email and befriend you on Facebook, you could not not gain access to my Apple account. Not in "a few minutes". Not in a few hours. Given the odds of a program guessing the correct answers, not in a few days. No amount of social engineering would assist you in your effort. So how exactly am I in error of providing true answers to these security questions?
 
You must log in or register to reply here.
Back
Top