Apple enhances Apple ID account security in iTunes, on iOS devices, confusing some users

“In the past 24 hours, Apple appears to have started prompting iOS device owners and those with Apple IDs within iTunes to make their accounts more secure, requiring them to pick three security questions and enter their answers when they download a new app,” Matt Brian reports for The Next Web.

“The company is also asking users to enter a backup email address, in order to better protect their device but also their account (which is tied to Apple’s Retail website and all of its media services),” Brian reports. “Once the user has entered their questions, answers and a backup email address, they are sent an email to verify the changes.”

Brian reports, “Whilst the new prompt will undoubtedly help secure accounts, many Apple device owners are confused by the new pop-up message and believe it is a phishing attempt… but in this case it’s nothing to be worried about.”

Read more in the full article here.

38 Comments

  1. More stupid shit we all have to go thru, because government are too stupid and incompetent to go after the hords of criminal bands and hackers roaming the Internet.

    Mass hacking and phishing is comparable to using weapons of mass destruction. I have absolutely no problem with the death penalty for this human trash, waste of skin and pittyfull sewage that affects the life of millions of people! Cost billions in damage and turns he while world into a shitpile.

    1. Whoa! These are just valid precautions. Apple safe-guarding access to my account is a valuable stance.

      I first was asked for the increased security at the Mac App Store. I don’t answer the questions truthfully, because these days Google probably already knows the real answers. I go into Keychain Access and make a secure note, entering the questions I chose and the answers I gave.

    2. WTF are you smoking, or shooting or snorting ?
      You really think they’re not going after these people ? Do you have any idea how difficult it is to trace them ? Most of the serious hacks come from foreign countries like China. Good luck with that.
      For each one you catch, 10 more will succeed. Its like trying to control drug trafficking. Its futile!
      The reality is, just like you need to lock your house, you need to lock your online information. Do you think the government is incompetent because you need a lock on your house ?

    3. “Mass hacking and phishing is comparable to using weapons of mass destruction.”

      …hmm, hacking computers is just like being at Ground Zero at Hiroshima? Man, you need to take some StressTabs® and chill.

    4. Here’s how you game the system to get this piece of shit to allow an easy to remember password somewhat short password. Your first initial, in caps, followed by your second initial, in lower case, then your 7 digit phone number (area code not necessary). It should accept it because it has one upper case, one lower case, and one digit, and is of moderate strength, with no illegal characters (according to its anal retentive rules).

  2. Hasn’t happened to me yet. I’m kinda feeling left out. 😉
    Maybe it’s because I have an industrial-strength password with upper and lower case letters, numbers AND non-alphanumeric characters?

  3. I’ve already been through the password reset routine, and though it is necessary, I do have one beef – Apple *requires* the use of at least one numeral, one capitalization, and at least eight letters. Knowing these three things are required greatly reduces the odds for code breakers. Mere human nature will prompt most to place a capital at the beginning and a “1” at the end (or date of birth, etc). Apple should have simply recommended a better password be used but not required it.

    1. Not sure how you figure that it “reduces the odds for code breakers”? Maybe someone better at math can be more precise than my quick calculation, but here goes:

      Using only 8 lowercase letters there are over 208 billion combinations for a password. However, requiring numbers and capitals bumps it up to over 218 trillion possible 8 character combinations. If the password has more than 8 characters, it’s even better.

      1. You have calculated this for “allows upper, lower and numbers” without factoring in the “requires” restriction – for a number requirement you are only selecting from 10 values – not 62; and similarly for the lower or upper requirement. This significantly reduces the combinations

    2. I’m betting one of the reasons for the change is due to the high number of compromised accounts with iTunes.
      Go to the iTunes discussions… There are a few threads going back 18 months about people’s accounts being hacked, there has been numerous articles on the Townsend hack etc.. Which is of no fault of the user.

      This may be apples way to combat the problem.

    3. Its called a “strong” password and almost everyone requires that level of password security these days. Many also require a non-alphanumeric character as part of the pwd. Its good common sense.

      1. Ah, good old “common sense.” Too bad that actual security analytics says that a better, stronger, easier-to-remember password is to require a simple space-separated 4-word phrase. That fixes two VERY annoying things about what Apple requires: phrases are easier to remember AND they don’t require switching back-and-forth between alpha and numeric keyboards on the iPhone.

        Read it and weep: https://xkcd.com/936/

  4. Silly question… This “backup email address” — it’s not required, is it? I wouldn’t think it would be, but the article seems to imply that it is.

    I only have one email address. I have absolutely ZERO desire to get a second one. If this does turn out to be required, I’ll have to use my wife’s email. That should be fun.

    ——RM

  5. This whole move from Apple is BS. I do not mind the fact they want to beef up security, but I do not see any reason that they need information like the year we were born. There is no reason they need this information.

    They have an Apple ID. That is good enough unless they want to admit that the system was hacked. Apple has us over a barrel and I finally woke up. I am voting on this issue by returning a new iPad and Apple TV. They can unilaterally change the conditions of purchase and use and this can yield their products unusable. How far does it go? Suppose they claim they need to know other private information in order to keep purchasing. Suppose they impose other requirements to keep purchasing their items for use on their iPad, Apple TV, or iPhone? Where does it it stop?

    If my Apple ID is not good enough, that should be my problem, not there’s unless they are careless with their network security. If I am stupid and use an ID that is too easy or simple to figure out, then that is my problem.

    Apple’s latest maneuver reeks of bad management. I have used their products willingly for 25 years, but no more. They can shove their supposed security. Will it be painful? Yes. I liked their stuff. It works pretty well for the most part. They went too far and they are not listening to customers. I would not be surprised if they sold the information from the answers such as what was your first car, or marketed demographic information based on your year of birth. Perhaps they can cross tabulate the information with other systems that have similar security questions so that they can compare data.

    At least Facebook is letting us know up front that they are intrusive. Apple was able to make a sneak attack after sucking us in.

    Good bye Apple.

    1. You’re joking, right? You do realize you can lie to these questions, don’t you? In fact, it’s much more secure if you lie (provided you can remember the lie). Security questions are not a new thing. Is my bank harvesting my personal information?

      I’d assume you were trolling, but that’s a lot of text for a troll.

      ——RM

      1. No, I am not joking. I think there implementation of this is stupid. While I realize that you can make up false information, there are going to be people that put in real information and these very questions are used by a number of financial institutions as well for their “security”.

        The less information you give out, the more secure most things are. There are at least five other methods Apple could use to improve security, however, they are relying on this junk. I find it offensive in the way they implemented it and the type of questions they are using. They do not need to know personal info. They could have used multiple passwords, key sequences, an encryption key, or redundant email with IP checks. There are a host of other things that could be done that would be more secure.

        I also do not really like the fact that they can just whip out new questions and we have no choice but to answer if we want to keep using the device. Security should be a personal choice as well.

        If you like their policy then by all means enter your data and keep buying. I do not like the policy and I apparently am in the minority with my view, and that is okay. I am not going to keep buying. As a matter of simple fact, I cannot keep buying because I absolutely refuse to enter the junk they are asking.

        Oh well.

        1. I also do not really like the fact that they can just whip out new questions and we have no choice but to answer if we want to keep using the device.

          BUT YOU DON’T HAVE TO ANSWER WITH THE TRUTH!

          And because of that, security questions are absolutely worthless for information gathering!

          You really believe this is a ploy by Apple to invade our privacy? Dude, I almost never say this on the Internet, ever. But on this one particular issue, you are a f***ing moron.

          ——RM

  6. I find it stupid that Apple chooses the questions. I’d rather make up my own questions that are much harder respectively impossible to find out. Favorite pets, maiden names, location of first kiss, etc. are just too simple. Thank god, I am not sharing anything like this with FaceBook. (I’m not on there at all.)

    1. Apple is not going to make sure that you enter the correct answer for these questions.

      Read Jim’s post above. If the ask you your mother’s maiden name, give a nonsensical answer that only you will know (like “47” or “blue”). Apple is not gaining any personal information from you, just making your account more secure.

      1. Asking questions that involve publicly available answers is a waste of time. Can a crook get your Mother’s maiden name? Hell ya. Your birthday? Oh yes. Your cat’s name? There are ways!

        Only obscure questions with answers residing strictly in your head are of any use in security.

        In general, I never give out my accurate birthdate anywhere anyway, nor mom’s maiden name, nor my pet mastodon’s name, etc. I also never write down critical passwords anywhere except within an encrypted file that uses a master password, which I never write down. But I blether…

  7. I set up an Apple ID for my son two days ago and all his info was required. I wasn’t surprised.

    I haven’t tried to download anything from iTunes or the Apps Store in a while. When I do, I guess I’ll have to go thru all this myself, and I’m not looking forward to it.

    I’ve had my Apple ID for well over a decade and consider this kind of additional burden when making a purchase to be aggravating. Apple’s system ought to be secure enough without it.

    What happened to Apple simplicity?

    1. I could not agree with you more. Maybe they do not want to admit to a breach.

      Oh well, as one of the Apple fan boy apologists on here asked about me saying good bye, I will bow out.

      I hope the group keeps making those Apple apologies.

      1. I have no need to apologize for Apple. And I said “get the hell out”, not bow out. I believe that to be a little more succinct, troll boy.

        1. The only Troll here is you. Bill is absolutely not alone in this. I dislike the questions. If I randomly answer the questions then they are useless to me and apple because a year from now I will have no idea what I wrote. I tried answering all three questions with f-off and and was flagged for invalid answers (try it). If I put all my answers in an encrypted password file, then a security breach for everything I access is one file. Defeating all reasons for the additional security.

  8. Third that. What a total bunch of horseshit. Any password I chose it rejects. You should be able to pick any password you want… this defeats the whole point of a password can be anything. But doing this horseshit, putting requirements that eliminate an ocean of passwords, they weaken password protection and make it a goddamn paint to have to type a long ass string everytime you want to update some bullshit software.

  9. Apple knows who I am because I’ve put a help request from this computer, now indelibly linking my ip address and my apple id. So cheers hope I receive a call from your guys soon to tell me why I shouldn’t be allowed to make my OWN security using itunes cards, and a non-specific email address rather than doing the dumb thing and giving my credit card ready for any hack to access. Thinking of giving up the iphone as I’m nearly locked out of my account from your stupid security questions.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.