“So there I am in a hotel on spring break, getting a free iPhone app late at night, and all of a sudden, my iPhone is asking, nay, telling me that I must choose three security questions and provide answer,” Adam C. Engst reports for TidBITS. “It’s not a good time, but the iPhone won’t let me continue with the download until I do, so I buckle down, choose the questions, and provide answers. But I’m not happy about it.”
“I wasn’t the only one to be confused and irritated. Lots of people are being asked to provide these answers, and the process can range from a minor interruption to a creepy intrusion, thanks to the rather personal nature of many of the questions,” Engst reports. “Lex Friedman over at Macworld was able to confirm with Apple that the prompts are legitimate, though no other details were forthcoming. Apparently, purchases being made through iTunes may also prompt these questions.”
Engst reports, “The reason for these additional security questions and the separate email address is undoubtedly to provide a higher level of security on iTunes accounts. They should reduce the chance of evildoers guessing answers to security questions that are relatively easy to determine — mother’s maiden name and city of birth being the two most common I’ve seen.”
More info and screenshots in the full article here.
Confused? Really? It seems you knew exactly what they wanted immediately.
Confusion…. I just tried to email Tim Cook at tim.cook@apple.com and it bounced as not any longer on this server…
Anyone know the correct email address??
Another commenter on another MDN post said it was tcook@apple.com
Good luck.
I too hate all the questions, passwords, must change and remember every so often-just a basket of headaches.
We can thank all the crooks and thieves of this world for that.
yep, it’s not Apple etc we should be directing our headaches at…
When I saw the story a week or so ago about Apple was going to roll this out, was posted here on MDN, I sent a group iMessage out to every iOS owner i knew, letting them know that there is a change coming when they buy something off iTunes. and not to be alarmed when it pops up, it’s normal.
not one person complained… pretty much everyone thanked me for giving them the heads up.
If little old me knew this was coming.. but some blogger in the tech arena had no clue?..
“I’m pretty certain that the interruption is not due to some sort of malware, since Apple has locked iOS down tight, but I don’t like the fact that Apple failed to provide any rationale for why these questions are being asked or how they’ll be used in the future.”
It’s not Malware (the reason for the questions)
You know when you get a new iOS device/mac and you purchase something? Apple sends you the email to verify you did purchase it.. after it’s been charged to your account…
i’m betting you’ll need to answer the questions the next time you add a new Mac to your iTunes account, a new iOS device etc.
I answered my questions on the iPad, took a screenshot of the questions/answers and tucked it away on my iMac so i won’t forget 🙂
(I was away from WiFi so it never even got into photo stream and deleted the pic after I sent it via email.)
“… but I don’t like the fact that Apple failed to provide any rationale for why these questions are being asked or how they’ll be used in the future.”
I don’t get why the article’s writer was so concerned. If you don’t trust how Apple will use the information – just don’t give them the correct info. You just have to know what your answer was – it doesn’t have to be truthful.
Sorry but, its not just the crooks that are at fault. iTunes needs serious updating in the sales / credit card area. I detected several purchases on my account that I did not make. I tried to notify iTunes… guess what… you can not. You pose an email and they get around to it when they feel like it.
Well, they got back to me and told me that my card was bad for allowing those wrong purchases..!!!!!!!!! Then they disallowed my card for all future use.. Cause my card was bad…
Now if my card gets hacked, I call my bank and someone comes on the line 24/7 and can trace the charge – halt it – and correct things. Apple is still treating that portion of iTunes as a HOBBY.
I cannot update my apps without a credit card, I cannot buy items with out a card, my account is pretty much useless with out a card….. yet I cannot connect to iTunes, even Apple Care people CANNOT directly connect to iTunes people.
Everything about Apple is pretty great…… except for their iTunes credit card handling side. Its scary. Any one else have problems. ???
You strike mw as a bit confused. If your credit card gets “hacked,” your bank should CANCEL AND REPLACE it. Apple canceled it as far as iTunes is concerned, which is all they could do.
If your bank allows you to go right on using a compromised credit card, it is a pretty pathetic bank.
imppaul, I fear YOU might be a bit confused;
eldernorm never said his bank won’t cancel his card and issue him a new one.
eldernorm said that his bank can trace the charge – halt it – and correct things (which can include cancelling the compromised card, and issuing a new one).
If so, why hasn’t he linked his new card to iTunes?
Or simply gone out to a local store, picked up an iTunes card, and used that to cover transactions in iTunes?
The scenario he presented is easily resolved.
Adam Angst having a spring break? This guy’s older than the hills.
Spring break at the end of April? It’s just a week away from the local university’s graduation.
And confused? it sounds like he was just PO’ed because he didn’t want to spend two minutes reading the questions, deciding which one, then inputting the answer. Oh no, I want my free iPhone app right now! Sounds like he’s lonely for Tanya right about now…
No pit, Adam, no pity.
It’s not so much to increase security as to give you an option to recover your forgotten password securely.
I don’t have an issue with extra security, but I do have an issue with really dumb questions.
If they were gonna do that feature properly, you’d be able to choose your own questions, not be given a crap selection.
A wider choice of questions would have made the experience a whole lot easier
I just gave up. I bet they lose a lot of business.
I’ll take that bet.
Me too, and I’ll pay ten to one odds against it.
Learning to touch the iPad screen sends some users into a panic. A friend bought my iPad 1 and got an “IPad for Dummies” book. But he gave me my iPad back because “Obviously this book was written for computer experts.” I believe that over 50% of Americans are baffled by anything more difficult than a yo-yo.
Hey Tflint, you try playing the cello with a name like mine, huh? I just bow up and down the strings.
Oh! I didn’t notice the strings! I just been banging on the wood with a drum stick.
My work Wi-Fi screwed up the process. I had to turn of Wi-Fi and then I was able to proceed. There were plenty of questions to choose from. I was looking for “what is the length of your great left toe?” but was unable to find that one.
Yeah, took me about 90 seconds.
creepy and intrusive?
These techniques and this type of question has been used for years. In order for it to work, it has to be something that cannot be easily deduced.
This is the kind of story that should never be written.
These are all questions for retaeded adolescents. I don’t think about old cars or old teachers. I never made a point of memorizing when I bought what albums. There are no questions for grown ups on the list.
You got there ahead of me. My questions would have been best and worst wife. best pizza, best BBQ sauce, best pipe organist (well, maybe not that last one).
I see that I am locked out of iTunes forever because they won’t accept my e-mail address as my e-mail address. They want me to use a different address. I don’t have a different e- mail address!
Sign up for iCloud and you get a free .me account.
ITunes rejected my .me account as already in use.
I got a free iCloud account. ITunes rejected it.
“ITunes rejected it.”
Don’t enter an email address. It’s optional.
Totally understand. Its crazy how Apple can be screwing up such simple things and making such great products…
Maybe they hired an Apple anal–ysts to handle their iTunes side of the company. 🙁
I will stick with the apps I have and not buy into this nonsense. I refuse to make available an alternate email address for this purpose.
Bye!
“I refuse to make available an alternate email address for this purpose.”
The email address is optional. Don’t enter one if you don’t want to.
For me it is not confusing but annoying. I don’t like to have to choose from given questions. It is too risky. For my 70 year old dad it IS confusing. And he doesn’t have an alternative e-mail address.
I was confused because I answered the questions and gave a rescue email account (not my mac.com), but then a couple of days later got an email using my me.com address as a rescue email. I didn’t respond to the second email.
“… but then a couple of days later got an email using my me.com address as a rescue email”
Are you sure it was responding to your .me as a rescue account?
I received an email to my .me account, just letting me know that changes had been made. I didn’t give them a rescue email (as this was optional).
To some posters here, with snide, “it’s your own fault” remarks. Well, this is a real problem.
The commenter, “Marc” who posted on the original story, about his Mom’s online-only bank account not letting her access her account, has a worrying tale.
Using overly-complicated online security measures as an excuse to deny access to accounts, can easily be exploited by unscrupulous companies.
Right now a colleague is trying to access her savings locked away with an major investment company that her employer switched to.
This company has a customer service line with very limited access hours, and then a circular automated telephone answer tree, when the line is connected, that ultimately ends with, “Your selection is not allowed. Thank you for calling. Goodbye.”
The company mailing address is a P.O. Box.
Enquiries through the company’s Website are stymied by requests for a password she was never issued.
And this is a MAJOR financial institution, which is protected from penalty, by federal legislation.
Colleague is taking further action, but the process is draining her of time, energy, and finances. Many would keep postponing, or simply give up.
When companies take online payment for credits, like the iTunes store does with prepaid cards, and then refuses access to those prepaid credits, due to “security”, there is a real problem, and no, it’s not the customer’s fault.
I’m not at all intimating that Apple might be pulling some cheap scam. But Apple’s security issues here could appear to match the practises of a company with lesser ethics than Apple.
To paraphrase the famous quote about justice;
It’s not enough that Apple’s security practises be fair and convenient for their customers. Apple’s security practises must APPEAR to be fair and convenient for their customers.
This security stuff is getting to be a royal pain in the butt. I got the questions a week or so ago while buy a couple tunes. Confused me at first too.
Note that the backup email address doesn’t have to be YOUR email address. I used a relative’s email address. Think of it like “In case of emergency, who should we contact?” which nobody complains about. Markim, have your dad give your email address and you give his for your rescue address.
“Note that the backup email address doesn’t have to be YOUR email address…”
It’s also optional. Don’t enter anything at all, if you don’t want to.
But I do agree that Apple could do a LOT better with both security procedures and iTunes account management. I’ve lost count of how many times I’ve been frozen out of the iTunes store because of password problems. And try to set up an account for your grandkids that don’t have email accounts, and you don’t want to give them access to YOUR credit card – it took me hours of research, creating phantom email accounts and using a gift card to fund the kid’s accounts, and none of the info was available on Apple’s Support site!
While I figured it would hit it at an inconvenient time and mess something up, I did not really expect it to. It burped during the process and now I am in the midst of s second round of talks with iTunes representatives who are trying to figure out what happened.
Can not buy anything in iTunes until it gets fixed again. Have had purchasing power cut off twice.
Not happy, but I hope I am the exception.
Apple really blew this one! I first discovered they had decided to add me to the security list when I could no longer use my apple account. WTF?
THEN, after being locked out, I get a message on my iOS device that they wanted me to play ‘3 Questions’. Fine.
THEN, after all that, at long bloody last, I get their way late email telling me they are adding the ‘3 Questions’ security to my account.
That’s what you call ‘ass backwards’, an UNCOORDINATED roll out. NOT GOOD. No thank you Apple.
I just gave 3 fake answers. what’s the big deal?
Two of mine seemed to want to talk about my past cars. Problem there of course, is that I’ve never actually owned one. We don’t all live in Californian urban sprawl Apple.
The new security policies are a serious pain in the !$&…
Sure, we can all buckle down and deal with it, but really great security CAN be designed to be unobtrusive and still be secure… Instead Apple has take. The route of slapping the Fort Knox safe door on front of ITunes and we are all stuck dealing with it.