Apple Institutes Security Questions for iTunes & App Store

| News

Apple began asking iTunes and App Store customers this week to choose and answer three security questions for their accounts. The questions are intended to be answered in the future for issues relating to account security.

The questions appear when downloading an app, song, or books through iTunes. The screenshot below was taken on iTunes on a Mac, but they will also appear on iPhone or iPad if that’s where you next access iTunes or the App Store (see note below on who’s seeing them).

Users are asked to enter their iTunes account password, and are taken to a screen where they are asked to choose three questions and provide the answers for those questions, as seen in the image below.

iTunes Security Questions

iTunes Security Questions
(Click the image for a larger, more legible version)

Subsequent questions change once you have selected a question. For instance, you might see difference versions of the questions in the screenshot above, such as, “Who was your least favorite teacher?” instead of “Who was your first teacher?”

In addition, some news outlets have said that Apple is requiring a “Rescue Email Address.” As of this writing, this is optional, and not required. If you enter an address, Apple will use that if needed when resetting your password. We should also note that this must be a different address from the one used for your iTunes account.

Apple appears to be rolling out the security questions in stages, as not everyone reports getting asked to set up their questions. Internally, only a quarter of The Mac Observer’s staff available for testing inside TMO Towers on Friday afternoon encountered the questions.

This could be an issue of Apple targeting only those accounts that have been flagged at some point in the past as potential security risks, or it could be that Apple is rolling the questions out to different waves of users in order to manage server capacity.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

Duncan

The security “lark"just lost apple not only respect but ?198, perhaps not a lot however in the past I would shazam listen and BUY tonight I shazam and get security questions.
Seemed like a Microsoft bug so did not buy
Now I know that I have to give even more details of my life ( or make them up and remember them ,,,) I figure HMV, Charity shops Etc
I was happy with what I had, my bank wasn’t .... So now my bank will be happy and I will shazammmm but not buy
Adios iTunes where is the jail breaking mag
Night
Dsw

Lancashire-Witch

” Click the image for a larger, more eligible version “

Eligible for what, Bryan, more kissing questions?  .....  grin

Bryan Chaffin

I guess I have being eligible on the brain…

Thanks. wink

Lee Dronick

? Click the image for a larger, more eligible version ?

Eligible for what, Bryan, more kissing questions?

I have turned off autocorrect spelling.

Aftermac

Hopefully, this is just the beginning of security improvements for the iTunes/App Stores.

wab95

As a person who usually pegs security metres, I seem to have eluded this one (Customs people are often concerned about some places I have been or what I may be carrying - deservedly so; and my bank frequently locks up my credit card if I hit too many locations in too short a time - again understandably). Perhaps I either already encountered this new protocol and was too busy to notice (unlikely), or Apple just find me uninteresting (more likely).

In any case, I concur with the sentiment that it is good to see Apple stepping up its security measures.

David

I don’t mind security questions, but I want to pick my own. Apple’s are always lame.

There is not a single question there that I would know the answer to instinctively. I’m not even sure I ever knew the answers to some.

It’s as if they are targeting 15 year olds to whom these questions might be relevant.

So what I have to do is make up answers, and then save the question and the answer for when I need them. And because I may need these anywhere, I store them in Dropbox. So anyone who happens to break into a computer or get hold of my iPhone will know the answers. Really, really secure Apple!

:-(

Lee Dronick

I don’t mind security questions, but I want to pick my own. Apple’s are always lame.

Pick your own answers. If the question is “What was was the first car you owned?” enter Musk Ox, or some other non automotive answer. Just make sure that you record the questions and answers on paper and tuck them away someplace safe.

wab95

I don?t mind security questions, but I want to pick my own. Apple?s are always lame.


In fairness, some of these questions are not unique to Apple, e.g. ‘first or favourite teacher’ and ‘first car’, but yes, they do tend to favour either a younger demographic (which comprise the fastest growing sector of Apple’s clientele) or those with more agile minds.

 

Pick your own answers. If the question is ?What was was the first car you owned?? enter Musk Ox, or some other non automotive answer.

Agreed. One needn’t be concrete in formulating responses. Indeed, security experts sometimes suggest such non-intuitive responses to these, as David describes them, ‘lame’ questions, so long as you have a method for recalling your answers.

Steve A

I don’t have a big problem with the security questions, but I don’t understand why I would need to have a different email address for a Rescue Email Address.  Questions and Answers I can remember, but I have to make up an email address and password for that email address.  That I will have a problem remembering if the time ever comes that I need to access it.

Bob

NO WAY would I know the answers to these laame ass questions much less remember the answers at a later date. I’m 62 years old, My 1st kiss? how the hell do I know… You can keep your app before I answer this crap…

John

Apples security questions encourage bad behavior - like recording the answers to their questions online where I can find them later.  Apple is engaged in followship rather than leadership. This is the same kind of pathetic “look secure” approach that I expect of less mature enterprises.

John

I want a way to opt out of this.

Better yet, how do I get apps for my iPhone and iPad without going through Apples store?

Colm

Surely all of these extra security settings are little more than window dressing?  If accounts are being hacked, it’s going to be due to poor data encryption and security at their end?  Adding reams of new password and security questions are doing little more than making their customers lives more inconvenient.  To be honest, with these new questions, I won’t be bothering to download apps. Or update them for that matter.  Not if I have to jump through all those hoops, remember yet more passwords etc.  It’s a bit like a shop requiring passwords before they will let their customers in the door because they keep their money in a drawer.

Lee Dronick

Most accounts are hacked by social engineering. What are most common passwords?

Now as someone who has purchased and updated a number of apps after the new security questions went into effect I can tell you that I have yet had to use them.

Aftermac

I’d like to see Apple require activation codes sent to email to access iTunes accounts (whether from the web, iTunes, or App stores) from a non-authorized device. As well as device authorization required for purchases and use of Apps and content.

I’d also like to be able to change my Apple ID to something that isn’t an email address… though I’m using an email redirect setup through my godaddy account as my current Apple ID, so I can change it on the fly if I run into any more problems and not have to sign up for a new email address.

I also no longer keep my credit card on file with iTunes, I’ve added it and removed it for a couple purchases, but I mostly download free content/apps.

Lee Dronick

I mostly use prepaid iTunes cards.

Good point on the activation code for unauthorized devices. Maybe that is what would trigger the security questions.

JNZY

I’ve completed the 3 security questions, but I can;t complete the page as I’m being told that ‘my year of birth must be between 1880 and 2010’, but there’s no date field in the pop up box!  GRRR!  Frustrating!!!

MarkJ

I stopped buying music from Apple because of these Security Questions. Here’s how ridiculous this is. I opened a new iTunes account, bought a few songs. Went back the next day and Apple insisted I was using a different computer (which I wasn’t and I have a dedicated IP address) so enter the infamous security questions which of course I forgot.

I call Apple and they can’t help me, too many failed login attempts. Huh? Support can’t override a lockout like that? Additionally, the Tier 1 Apple support operator wanted me to verify information that I never gave them to begin with! What was he going to verify it against?

Hi Amazon I’m here to buy music….One click and the music is on my Desktop? Thank you!

Log-in to comment