Apple Extends iTunes Account Security, Confuses Users
So there I am in a hotel on spring break, getting a free iPhone app late at night, and all of a sudden, my iPhone is asking, nay, telling me that I must choose three security questions and provide answers. It’s not a good time, but the iPhone won’t let me continue with the download until I do, so I buckle down, choose the questions, and provide answers. But I’m not happy about it. I’m pretty certain that the interruption is not due to some sort of malware, since Apple has locked iOS down tight, but I don’t like the fact that Apple failed to provide any rationale for why these questions are being asked or how they’ll be used in the future.
I wasn’t the only one to be confused and irritated. Lots of people are being asked to provide these answers, and the process can range from a minor interruption to a creepy intrusion, thanks to the rather personal nature of many of the questions. With all the coverage of malware and security-related topics, the abruptness of the prompt seemed suspicious to many, generating discussions on TidBITS Talk and the Apple Support Communities forum. Luckily, Lex Friedman over at Macworld was able to confirm with Apple that the prompts are legitimate, though no other details were forthcoming. Apparently, purchases being made through iTunes may also prompt these questions.
Along with the security questions, Apple asks you to provide an email address separate from the one associated with your Apple ID, presumably in case there’s some problem with your account and there’s concern that your main address may have been compromised. Unfortunately, the unexpected address verification email message also caused consternation among people whose spouses or children had answered the security questions for a family iTunes account.
The reason for these additional security questions and the separate email address is undoubtedly to provide a higher level of security on iTunes accounts. They should reduce the chance of evildoers guessing answers to security questions that are relatively easy to determine — mother’s maiden name and city of birth being the two most common I’ve seen.
What bothers me is that many of the questions Apple asks don’t have solid answers that I would necessarily give twice in exactly the same way, or answers that I could be certain of typing correctly. The classic questions of mother’s maiden name and city of birth have (for most people anyway) definite answers that won’t change and that can be typed reliably in response to an automated prompt. In contrast, here are some of the questions Apple asked (you could keep refreshing to get more questions, not that they ever improved):
- Which of the cars you’ve owned has been your favorite?
- Which of the cars you’ve owned has been your least favorite?
- What was the first car you owned?
- Who was your favorite teacher?
- Who was your least favorite teacher?
- What was the first concert you attended?
- In which city did your mother and father meet?
- Where was your first job?
- Where was your favorite job?
- Who was your best childhood friend?
- Where were you on January 1, 2000?
- What was the first album you owned?
- In which city were you first kissed?
I know I’m the sort of person who over-thinks questions like these, but I’m confident of my answers to only two. The favorite/least favorite questions are tricky, since I liked a number of my teachers and hated none, the cars I’ve owned have all been quite similar, and who my best childhood friend was depends on what years are considered childhood. Questions about firsts also bother me, since the albums and concerts I remember best weren’t my first ones, and questions about general locations have too many answers: where I was on Y2K could range from “Washington” to “Seattle” to “Issaquah” to “Tiger Mountain” to “with friends, tossing things I didn’t want to bring into the New Year into a raging
Worse, I don’t know how Apple plans to use these security questions. I could undoubtedly pick my answer from a multiple choice set, but I don’t know that I could enter the right one unprompted. And even if I was pretty certain of the actual answer, will I remember exactly how I typed it while sitting impatiently in that hotel room? Or will these questions be asked of me by Apple customer service in the event I call in for help? What happens if I get one wrong? What if you thought you were being clever by generating random strings of characters for each one using 1Password?
From a psychological standpoint, I’m also perturbed by the negative questions. It’s easy to imagine how being asked about your least favorite teacher or job — completely out of the blue, by a device that many people think of as intensely personal — could be extremely troubling to someone who had endured significant harassment or been fired for trumped-up reasons.
Don’t misunderstand — I think it’s laudable that Apple is taking additional steps to improve the security of iTunes accounts. I know from personal experience that dealing with compromised credit card numbers is a pain, and I’m sure working through a compromised iTunes account is similarly annoying.
But frankly, I think these questions are poorly designed to generate answers that many people will be able to produce on demand, and Apple has caused vast amounts of unnecessary consternation among millions of iTunes account holders by failing to provide a clear explanation of why the questions are being required and how they will be used. Perhaps in the future, Apple’s security folks can work with the team behind Siri to come up with a non-threatening and conversational way to elicit information that can be used to verify identity.
I was lucky enough that if I waited 12 hours after I first received these questions (on an iPad), I could at least answer on my desktop Mac. Still, these are not the best questions - because like you mention, my (initial) answers might be different in six months. My most fervent wish is that I never have to use these "security" questions
Yeah, hitting them late at night in an unfamiliar setting just added to the consternation, since I sort of thought I should write down my answers, but didn't really have any good way of doing that. And even then, writing down your security answers isn't the best of ideas.
I really think the security folks need to come up with better ways for people to prove who they are and prevent bad guys from masquerading as others.
Well said, Adam! I found the questions very hard to choose, because I knew that the chances of my being able to remember my "correct" answer in the future was weak.
I finally did a screen Grab of the questions I had chosen, and my answers and saved that in what I hope is a reasonably secure way so that, if I need to, I can answer the questions "correctly" in the future. How silly is that for security?
I have always hated this type of security question. But recent experience had me downright terrified. I called a big US bank to activate a new credit card. In order to activate they required that I confirm my identity by answering a few questions. The questions they asked had nothing to do with my account, but were questions about things in my past and family members--in other words, all questions that I had answered at some point somewhere as security questions for any number of unrelated accounts (not at that bank). When I asked how they would even obtain those answers to confirm my identity, the rep said that they used data mining services from common sources like Lexus-Nexus and the like. When I refused to answer the questions, they turned off my card until I went to a physical bank branch and presented my ID. It's scary (and should be illegal) for companies to share this kind of information in ways that allows it to all be connected to us, giving a much bigger picture of our lives
That's scary - it's one thing for these institutions to be able to access this information, but for them to then turn around and require us to play 20 questions with it... the mind boggles.
The bank's security team apparently assumes that although they can data-mine the answers, no one else can. Why is it that financial security (like transportation security) seems to attract such low-wattage talents?
Indeed - once I caught FIA Card Services asking me for my Bank of America savings account number. When I asked them how they had obtained this number to begin with, since I had not provided it, they said they had it "for the security of my account."
I happened to know that FIA Card Services is a BoA subsidiary, but they hide this fact pretty well.
Good article, Adam! I completely agree about the questionable nature of these questions.
My mother is currently having trouble with an online-only bank. It's an account she accesses only once or twice a year and she can't remember her password. When she tries the online password reset tool, it asks her questions like these and she fails them. It doesn't tell her which question is wrong, and each time she tries there's a slightly different mix. The odd thing is that she thinks she's answering the questions correctly so we aren't sure what is wrong (perhaps the bank has the wrong answers in their system).
Worse, sometimes the question is based on "public" information and it will do things like give her multiple choices of street addresses (or fragments of them) and ask her which one she has lived at in the past. The problem is that _none_ of them sound familiar to her!
Someone needs to come up with a better way to verify identities!
Ditto with my elderly mother's bank account. "Who was your favorite uncle?" Very frustrating.
Being sandbagged late at night with a demand for new access control information, without the option to cancel the transaction and come back in daylight with a clear head, would certainly raise my irritation level a few notches. But the concerns you express about the nature of the questions and your ability to remember the answers presumes you have to provide real answers to Apple's proposed questions.
As you hinted at with your reference to generating random answers via 1Password or the like, the only real requirement here is that you remember the questions you chose, and the answers you gave to them. In essence, any such Q&A is simply a set of alternate passwords to access your account. If you think of it that way, then it's clear that the answers shouldn't be actual information about you, they should be long, random character string pass phrases that are at least as strong as the password you usually use to access the account. Password generation and storage apps on iOS like 1Password or pwSafe should make it possible to treat them that way. Using "real" answers actually might make it possible for a close friend, family member, or colleague (or anyone else who knows, or can find out, personal information about you) to circumvent your creation of an excellent, strong password for your account by using the "forgotten password" feature.
The problem is, though, without knowing how these will be used, if random string passwords will be acceptable answers. Imagine you're talking to some random customer service person in Mumbai, trying to explain why you were in "%&^GjhgpJ%$#$5jjhb23" for January 1st, 2000. That strikes me as the sort of conversation that could very well devolve into chaos.
And, although I realize it's not that big of a deal with an iTunes account, imagine that you're on vacation and your wallet and iPhone are stolen while you're at the pool. You're already going to have enough trouble working with the credit card companies; if they're asking what your mother's maiden name is, and you don't have 1Password available to tell you that it's "hjg348nj2778!!w," it's going to be painful.
Hey, my mother's maiden name is also "hjg348nj2778!!w". Are we related? :^)
Yes, we're Internet cousins. :)
This is the most stupid thing I have yet encountered with Apple. The only one these questions will ever trip up is ME! Capitalization, specifics of all kinds and lots of other things. We need simpler security not more levels of complexity. Shame on you Apple for your moronic security additions.
Looks like apple has been taking security theater lessons from the TSA. 'Security' questions severely decrease security.
For those that answer honestly, especially with facebook etc where casual conversations are likely to disclose all of these answers to the world over time, it's now much easier to target someone.
For those of us who know better than to tell the truth online (favorite city=fer\eu\rit, worst car=picatype), it increases the hassle by more than just an extra three passwords, because on an ithing, I now need to go to my password keeper, write down all three new Qs/passwords on paper, then go back and try to download whatever again, painfully pecking out characters, possibly while remote onlookers watch. Then I have to eat the paper (anyone know where to get mint flavored notepads?
In practice, I'll buy a lot less stuff due to hassle. I've already avoided a few purchases in hopes of putting off the silliness.
Apple chose amazingly horrible Qs.
The older one gets, the less likely one is to remember things like fave/least fave teachers (if you even had ones you liked or disliked enough to rate them like that).
Also even the Qs I picked -- I've only had two cars, so RIGHT NOW it's easy to remember fave/least fave -- I have to think about (did I put the make? model? both?). And I plan to buy a car next year, so.....sigh.
The best security Qs are the ones where you get to pick the QUESTION as well as the answer.
As I was filling out the required questions for what is undoubtedly the worst airline site in the world (THY—great airline, wretched website), it asked for my favorite teacher: Miss Fox, 4th grade, no doubt about it. It refused to accept the answer because the answer had to have 4 letters!!! The drugs these security folks must be using have serious long-term side effects, it's clear!
Unfortunately, if you used "Vulpine" instead of Fox, you might forget your Latin. ;)
usually i like providing some kind of memorable answer then add a fixed string to the end, usually some numbers and a symbol (always the same so I don't have to rely on 1password)
Unfortunately as the person with the 3 letter teacher name I keep running into answer restrictions "can't contain a number", "can't contain a special character". bah.
American Express used to use the data mining method. I ran into it years ago, creeped me the hell out. Asking me our address when I was 5 -- I can't remember that (we moved out soon after), jeez.
Hmm. Security questions are fundamentally flawed. I usually ignored them if it's an option or answer with rubbish.
Q: What's your mother's maiden name?
A: Unicorn farts.
Yes! Exactly. Do not give out personal info that matches the question. This is the stupidest security they could have come up with and most just follow along.
I complained to a bank I have a credit card with about the questions. It is an option on my account and I chose to turn it off. However, when I try to login, it asks questions they did not even ask me and of course the answers would be wrong, because I DON'T HAVE ANY QUESTIONS. I told them that and they agreed, I have no questions to answer but could not explain why it asks ones I did not even know answers to.
I closed the account.
The problem I am having with this is that even after entering the information I am greeted with an error that says "your request can not be completed - please try again later" I've been on to iTunes technical support for the last week, and each time I am getting a different answer to a different problem, none of which is related to the issue I am having. It's utterly ridiculous at this point. I can't purchase from iTunes or th eApp store because I can't get passed the security questions
Is there any way to "occupy iTunes security?"
I find it unconscionable that Apple would launch this requirement without warning (or justification for such an unwarned, immediate requirement), and then, when I enter "Security Info" as a search string in the iTunes Help, I get no response. I immediately wrote to iTunes help, expecting I stumbled onto a security breach and an Apple announcement might be imminent. Wrong. They actually did do this, without warning or "help."
I am beginning to imagine I must look elsewhere. The course of Apple is shifting in a direction I cannot support.
The best way to answer these questions is to LIE! However, always be consistent with your lies. Such as favorite car I owned. Answer, Edsel, though I never owned one. Or answer NONE, if you never disliked a teacher or canT remember a name. This way you don't answer with something on your Facebook page.
I'm not buying from iTunes until Apple fixes it. "Security questions" are not secure and should be optional or they should let me supply my own question. They also need to start doing anti-phishing by letting me pick an image an word that ive picked that they show me to prove the messages are legit. Naturally my image and word can't be cached on the device. Some banks do this.
Why care? just make up answers. they have no idea what the real answer is and you are a complete idiot if you actually do give them the correct answer. I make answers up by mixing words and numbers together. Easy to remember and very hard to figure out without capturing it.
As for banks asking questions that they data-mined? Stop using them and show them with your refusal to do business with them. there is no way you should accept (like one poster said, "they locked the card until I went into a branch and showed identity", ever! I would have told them to shove the card and applied for another one somewhere else.
Be proactive, not reactive. Complain every time they ask stupid questions and refuse to do business with them.
This really ticked me off! It reminded me about when the passwords we we were using that were only six characters long stopped working with no warning.
I don't mind beefing up security, but this whole no warning thing is getting rediculous.
I hate this, I answered truthfully what my first car was, "Pinto". Another question that I thought I could remember was my least favorite car, and you guessed it "Pinto". Did this work? Oh hell no, can't have the same answers for two questions... I have no idea what I eventually chose for the answers, and I did this early this morning.
I am not ready for this. Why dont they keep it just as it is, there have been no problems from what I see.
Good heavens, Apple, you can do better than that.
Leave it ALONE!
If it aint broke,,,,,,,,,you know the rest.
Well, to be fair, it is somewhat broken because there have been instances of iTunes accounts being hacked. See this Macworld article for an example:
I haven't seen this yet, but if I do my answers will all be "NOYFB"
Oh, for the Y2K ? you could answer "home", "Earth", etc.
I completely agree. The questions are inappropriate and poorly designed for accurate future recall. I was hit with this unexpectedly while traveling as well. Poor show, Apple.
I also got mine late in the evening, and my first thought was, who is this, is this a scam. Logged out and logged back in, got them again, and must agree not being home, I have made no note of which I answered, and would rather have chosen my own questions, that way I could have remembered them. Think this may come back to haunt us later....I do so hope not.
It's typical of Apple's general arrogance. Bastards!! I love their computers and I do appreciate that (I think) I might be able to update apps without repeatedly having to input my Apple ID password (although I did have to put it in several times when they sprung that lot on me in the middle of the night.
I also hope their interpretation of 'answers' will have some flexibility. For e.g. I noticed on the screen clip I took that my first car* had been altered from 'Morris 8' to 'Morris8' and what will happen if a year or so if when asked I enter 'Morris Eight?'
I'd love Adam to answer this question - seriously:
1 Does Apple listen/act upon anything we say?
Another legitimate question for me would be:
2 In the 21st century and with all the security. fraud etc. problems - is this the best that the human mind can invent?
It's very hard to know the extent to which Apple listens, but I have heard from sources that we should not take the lack of response as indication that Apple is ignoring us. (In this case, the "us" is the media - the more distanced you are from Apple, the less they pay attention. So, it probably goes in roughly this order: media, developers, customers, non-customers.
As far as your answer to #2, no, of course not. Security questions like this are an example of sloppy thinking, in my opinion.
I recently opened an account at a local credit union. They had a notebook of security questions that was something like 7 single-spaced pages long! I was required to choose three. It's only been a couple of months, but I couldn't tell you what they were - although this list of questions from Apple reminds me of it, so perhaps it's the same list.
The problem with making up answers is that as years pass, especially as we get older, we won't remember - or be able to find the list - with our fake answers. It is hard enough, as Adam pointed out, to remember the real ones. As this stuff seems to be stored forever and shared out, it will come back to haunt us - not the companies as they could care less. I also got these intrusive questions at a bad time on my iPhone, but could put off my download until I was back at my desktop and could pick the least annoying ones. iTunes is awkward anyway, this doesn't make me love it more.
I'm starting to think that these kind of surprises, along with how Facebook, Google et al add and drop things without any warning, or explanation is a form of Digital Bullying. Apple was once the relief from the corporate computer grey suited company. Now they've traded the turtleneck and jeans for Louis Vuitton.
What if you only have one email address, and when you give it to apple as the "recovery address," it is rejected by Apple as already in use? Of course it's in use, it's my address, with which I communicate with Apple and everybody else! That's some catch, that Catch-22! Am I missing some crucial detail? I can't be the only poor Luddite with only one email address, can I?
There are two common solutions to the multiple email address problem.
* Add "+something" to your username, as in [email protected] for [email protected] Many email providers support this, including Gmail, which is free and easy.
* Since iCloud accounts are free, I think anyone could sign up for a second one, if your Apple ID was your sole email address.
And I think many people don't have the problem simply because they have one email address from their ISP and another from school, work, Apple, Gmail, or whatever.
Thanks for the coverage of this oh-so-annoying downloadus interruptus; such juvenile questions [could the same people have made up questions for my credit union's online banking service? (:-( ]
Hey, Apple, you could up the frustration factor even more with *yet another* ill-timed novella-length license agreement update. (;-) Oh, come on; I dare you.
Sigh... I'm typing this on a 5 year old Mac running Snow Leopard. This afternoon I ran into Mac's request for new security questions while grabbing an app on my iphone 3gs. Clearly, I'm not at the hardware cutting edge, but I'm beginning to wonder how much I'm going to have to change when one of these gives up the ghost. I'm not sure I want the cloud, but I may be forced into it before long.
Thanks for the heads-up. At least I was ready for Apple's nonsense.
Read this article, linked from another TidBITs article, went to my iTunes account, and saw I could change my questions. Naturally, it asked me one. I failed on several attempts. There is a reset option with link sent to secondary email account. Still...
Where is the reset part? I am locked out because I dont know the answers to their questions when that is what I am trying to change? Thank you.
HOW DO YOU CHANGE SECURITY QUESTION AND ANSWERS?? I got an email saying changes had been made to my security question/answer. I did not change anything. I went in and changed my password. I then tried to change my security answers and it is requiring me to answer security questions which I dont remember the answer to - first car, etc. It then locks me out. How can you change the question and answer if you dont remember the answer to the existing questions?? Thanks. I also dont remember ever being asked to do this before.
I think you'll have to contact Apple to find this out, unfortunately - try the Express Lane approach mentioned in http://tidbits.com/article/12977
As it turns out my son had created the questions/answers last week when he bought something on iTunes, so hopefully when they unlock me, I can get in there and change the questions/answers to something we both can remember. I think this is a pretty stupid thing Apple has done. My son remembers the answers. My daughter apparently created the questions/answers on my wife's account when she was downloading. I have not had the courage yet to go try and see if she can answers the questions on that. While my problem may be solved (for now), Apple needs to post some place how you fix it if you can't remember the answers. I was fully logged in to my account via user ID and password and Apple throws this additional stuff at you. I understand the purpose, but I think this is going to cause lots of headaches if not fixed. I dont buy anything off of itunes so I am not worried about getting stumped by a question. I just fell into it because of the email alert I got.
Stupidest move by Apple ever! Nobody could remember the answers to these crazy questions! I made my answers unrelated to the questions; a three word sentence. Won't be any use to them if they use the info anyway but at least I know what they are.
Help! I'm stuck in 3 question hell!!!!!
I'm trying to redeem a Starbucks song pick of the week using iTunes on my MacBook. After entering the code, it responds with a message telling me I need to choose three security questions. Where, I wonder...
Logged in to appleid.apple.com and selected the PW and security tab. But I'm presented with ONE question. I set it up and try iTunes again - no joy.
So I try it on my iPhone. I enter the code and press "redeem". I get a popup that says "Improve Apple ID Seurity" with the only option being "OK". I press OK and I'm back at the redeem screen.
Of course, I've also been communicating with apple support. Two days ago she tells me the necessary steps as outlined above. the next day she tells me it's OK that I only get one question. And this morning I get the same response as on the first day, telling me to do the above steps.
It seems my daughter has filled these questions in for me while playing on the iPad.
I want to change my password, but can not get by security, as the only answer she remembers is Lady GaGa, whether that's her favourite pet or first concert she's not sure.
How can I get these questions reset, anybody know?
I fear that Apple Support is the only venue for this sort of help - they've created a system that no one else can help with in any way. :-(