Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Security gripes

M

moonman239

Cancelled
Original poster
Mar 27, 2009
1,541
32
I tried to make a purchase from my phone today, but couldn't remember how to answer the security questions. One problem is that I couldn't remember how I answered my first-teacher question. Another is that I misread the next question.

My main gripe is this: There are so many ways to phrase the answer to some of the questions. For example, for the first-teacher question, I could have typed in "Jane Doe," "Jane," "Mrs. Doe," or perhaps "Mrs. Jane Doe." (Don't even try any of those answers on my account; you'll fail if you do.) Or, if a city's involved, I could have put "Anytown, NY" or "Anytown, New York."

My point is that the server should be smart enough to know that Mrs. Doe is Jane Doe and that Anytown, NY is the same city as Anytown, New York.

Here's my second gripe: if I forget these answers, I have to contact Apple Support. Why can't I just have them send me an email to my rescue account, send a text message to my cell phone, and/or ask me when I was born?

Better yet, they could have me authenticate myself using the Touch ID sensor on my phone.
 
moonman239 said:
My point is that the server should be smart enough to know that Mrs. Doe is Jane Doe and that Anytown, NY is the same city as Anytown, New York.
Click to expand...
Such "guesswork" on the part of the server would make it easier to compromise your account. It's the user's responsibility to remember answers given to security questions. After all, the user gets to choose them.
moonman239 said:
Here's my second gripe: if I forget these answers, I have to contact Apple Support. Why can't I just have them send me an email to my rescue account, send a text message to my cell phone, and/or ask me when I was born?
Click to expand...
You're complaining that their security is robust. That's exactly what you should be wanting. Your email account and DOB can easily be compromised.

It's not Apple's fault that you forget your password or answers to security questions.
 
GGJstudios said:
Such "guesswork" on the part of the server would make it easier to compromise your account. It's the user's responsibility to remember answers given to security questions. After all, the user gets to choose them.

You're complaining that their security is robust. That's exactly what you should be wanting. Your email account and DOB can easily be compromised.

It's not Apple's fault that you forget your password or answers to security questions.
Click to expand...

I want robust security, but I also want the server to at least be smart enough to know that "Anytown NY" = "Anytown, NY" = "Anytown, New York." The point is, if I show that I know who my first teacher was, and where my favorite job was, that should be good enough.

Anyways, I'd be fine with a text message or Touch ID authentication (yes, it can be broken, but using it requires both physical access and a lot of time.)
 
Just found the answers:

-2-step verification
-Email to recovery email address if I forget my security answers. (via Website)
 
moonman239 said:
I tried to make a purchase from my phone today, but couldn't remember how to answer the security questions. One problem is that I couldn't remember how I answered my first-teacher question. Another is that I misread the next question.

My main gripe is this: There are so many ways to phrase the answer to some of the questions. For example, for the first-teacher question, I could have typed in "Jane Doe," "Jane," "Mrs. Doe," or perhaps "Mrs. Jane Doe." (Don't even try any of those answers on my account; you'll fail if you do.) Or, if a city's involved, I could have put "Anytown, NY" or "Anytown, New York."

My point is that the server should be smart enough to know that Mrs. Doe is Jane Doe and that Anytown, NY is the same city as Anytown, New York.

Here's my second gripe: if I forget these answers, I have to contact Apple Support. Why can't I just have them send me an email to my rescue account, send a text message to my cell phone, and/or ask me when I was born?

Better yet, they could have me authenticate myself using the Touch ID sensor on my phone.
Click to expand...

Why not use a program like 1Password, so that you can create secure notes and manage passwords etc? It would work well in instances like this, where you have 3 different questions to answer. That way you don't have to remember some obscure phrase answer and can easily retrieve it when being prompted by Apple.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back