Comments | darth_tigger: Why iTunes security is crap

darth_tigger

Why iTunes security is crap

May 10, 2012 17:20

Trying to log into iTunes, it tells me I've got my password wrong, would I like to go through security and reset it. OK, go on then. We get to the choose a new password bit, and I put in the one I'd thought I'd already used but evidently not. Ooh, you can't do that, it says, you need a capital letter in it. OK then, I'll put the same password but ( Read more... )

rant

Comments 14

hawkida May 10 2012, 16:35:33 UTC

Exactly the thought process I went through. If they lock me out I've got pretty much no chance of getting back in.

darth_tigger May 10 2012, 17:13:33 UTC

If anyone's to stand half a chance of getting back in, they're going to have to write down their password and security answers and keep them in an easily-accessible place. How on earth is that more secure than letting me use a password I can actually remember?

makyo May 10 2012, 17:32:29 UTC

There is one school of thought (supported by, amongst others, Bruce Schneier) that says that picking a complicated password, writing it down and keeping the piece of paper somewhere safe, is actually quite a secure way of doing things. The reason is that most password thefts happen over the network, and almost none of them happen as a result of people breaking into your house/office/etc and reading a specific piece of paper - most of the time when people break into houses they're after expensive consumer electronics and jewellery, not a scrap of paper with a few random words written on it.

So one solution for your iTunes problem would be to choose some appropriate (not even necessarily true) answers for the "security" questions, then write them down somewhere safe.

darth_tigger May 11 2012, 09:53:45 UTC

That's actually rather sensible. Of course password theft is less likely to happen physically and in the house, and if someone dos break in they'd presumably nick the computer which has most passwords on autofill anyway.

Thread 6

johncoxon May 10 2012, 17:35:23 UTC

As far as I can tell from a brief look at the Apple ID website, you can choose to have an email sent to your alternate email address; but that's no substitute for allowing users to set their own security questions.

darth_tigger May 11 2012, 09:54:14 UTC

Well quite. Can't I set my own questions? I can guarantee I can pick something only I will know the answer to!

surliminal May 10 2012, 18:45:54 UTC

You're still doing better than me. Lord knows how many years on, two laptops later and despite infinite numbers of attempts to authorise new computers and one complete wipe of the ipod, it's still hit or miss if I can manually and exhaustingly manage to get new stuff onto my iPod. Apple? Don;t talk to me about Apple etc etc..

darth_tigger May 11 2012, 09:54:41 UTC

Mostly I find iTunes is pretty good, but the iTunes store (and associated logging in) sucks!

dorianegray May 10 2012, 19:53:52 UTC

Ah, another reason not to have an iAnything. :-)

(The comment has been removed)

darth_tigger May 11 2012, 09:55:11 UTC

This made me giggle more than it probably should :-)

nerosmaster May 10 2012, 22:00:51 UTC

As long as you can remember this post
Q: What was the first car you owned? A: "Be more specific".
Q: Who was your first teacher? A: "Miss, of course".
Q: What was the first album you owned? A: "I don't remember".
Q: Where was your first job? A: "Too many to choose".
Q: What was your childhood nickname? A: "Which one".

darth_tigger May 11 2012, 09:55:26 UTC

Excellent!