back to article iTunes fanbois outraged by Apple's sex-life quiz probe

Apple iTunes users are peeved at being made to answer a three-part questionnaire about their cars and where they had their first kiss as part of a compulsory security regime. The new measures sparked outcry on the support forums with punters deriding the interrogation as easy to guess and inappropriate. Fanbois are required to …

COMMENTS

This topic is closed for new posts.
  1. JDX Gold badge

    I got forced to setup similar things when I lost my iPad password. My problem was they only had a very limited set of questions and many of them I had no answer, or didn't know the answer... I've only ever owned one car, I didn't have a favourite or hated teacher, etc.

    1. frank ly

      er ....

      You're not supposed to give the 'correct' answers. These are just reminders for what are effectively a set of passwords.

      What was my first car?: Rolls Royce Silver Turd

      Where was I first kissed?: On my arse

      ....

      etc

      1. Elmer Phud

        Re: er ....

        'Where were you on 1st January 2000?'

        Not a clue, I was absolutley rat-arsed.

      2. LaeMing
        Go

        Re: er ....

        I imagine I was first kissed in a hospital, but I will have to check that with my mum.

      3. Syd
        FAIL

        Re: er ....

        No, of course, but you ARE supposed to give the EXACT same answer.

        Will you really remember in 5 years time whether you typed "On my arse" or "On the arse"?

        (Security questions aren't silly in principle, but ones with ambiguous answers are!)

      4. Robert Carnegie Silver badge

        They don't say that.

        In fact, some services have a contractual condition that you must provide true information.

        Another service I've used wants to know the name of my favourite actor AND wants me to log in regularly and change the answer. What, so now I'm obliged to appreciate culture whimsically? Presumably they want me to be their loyal customer, but I can't be loyal to Ashton Kutcher? (...For example.) Also, presumably I have to keep the answers secret... the love that dare not speak its name... What if I secretly become a stalker (of whichever favourite actor we're talking about), and then, through no fault of my own, I get caught? Maybe I should just put down Glenn Beck no one will guess that.

      5. JDX Gold badge

        You're not supposed to give the 'correct' answers

        Yes but unless there is an obvious answer, I WILL forget. Ending up playing guessing games with myself "what would I have said here" is a waste of my time :)

        1. Dan 55 Silver badge
          Happy

          Re: You're not supposed to give the 'correct' answers

          Answer to "What was my first car?" is "123apple456wwmfc789".

          Repeat as many times as required. It's probably the only reliable way I've got of remembering hundreds of annoying security questions.

          1. Anonymous Coward
            Anonymous Coward

            Re: You're not supposed to give the 'correct' answers

            It's quite simple. If you don't like their questions, give the answer "Fuck off" for each one.

            I'm sure you'll remember that.

  2. Anonymous Coward
    Anonymous Coward

    Surely some better questions for Apple owners.

    What coffee shop do you work in?

    what is your favorite colour of plastic device

    Who is your favorite fashion designer

    what is your favorite Instagram filter

    1. AndrueC Silver badge
      Joke

      Re: Surely some better questions for Apple owners.

      What first made you deify Steve Jobs?

    2. Anonymous Coward
      Anonymous Coward

      Re: Surely some better questions for Apple owners.

      ... what are these plastic devices you speak of? All mine are glass and aluminium.

    3. Graham Marsden
      Devil

      Re: Surely some better questions for Apple owners.

      Or "Have you ever jail-broken an Apple device?"...

      1. Steven Roper
        Devil

        @ Graham Marsden

        Not really a good question, since it's a yes-no answer, giving crooks a 50% chance of getting it. Oh wait, scratch that: you're pretty guaranteed to get it right by simply answering "no", since given Apple's track record of deliberately bricking jailbroken devices, no fanboi would actually admit to having jailbroken one to Apple, even if they have.

        1. Graham Marsden
          Facepalm

          Re: @ Graham Marsden

          @Steven Roper

          Consider what would Apple would be likely to do you you if you answer "yes" to that question...

  3. alain williams Silver badge

    Least favourite job

    For plenty of people that question is a complete non starter, it implies that they have had at least 2 jobs ... what about the lazy arses who have never bothered to work ? Ditto cars - unless you count the ones that they have nicked, or even know who their father is.

    I suppose that they do need to provide a list of questions, most people would not be able to come up with things themselves - although it would be nice for those who are more able.

    1. Invidious Aardvark
      Headmaster

      Re: Least favourite job

      Actually "least favourite" would mean you had had at least 3 jobs, since least is a superlative. If you'd only had 2 jobs it would be "less favourite job", less being a comparative.

    2. Steven Roper

      Re: Least favourite job

      >implying chavs buy Apple gadgets...

  4. Tim Parker
    Joke

    Sex life

    iTunes fanbois have a sex life ? Who'd have thought.....

    1. Anonymous John
      Unhappy

      Re: Sex life

      You beat me to it. You don't expect to find all those words in the same sentence.

    2. toadwarrior
      Trollface

      Re: Sex life

      More than android owners by what I've read.

      1. JDX Gold badge

        Re: Sex life

        Indeed given that Apple fans are the cool kids, and we all know girls are too stupid to prefer brains over cool :)

        Note to self: perhaps calling them "too stupid" is a bad move...

        1. ItsNotMe

          "Note to self: perhaps calling them "too stupid" is a bad move..."

          Not to worry...probably aren't many "skirts" around here anyway.

    3. stanimir

      Re: Sex life

      it's iSex LIVE!

  5. Anonymous Coward
    Anonymous Coward

    For goodness sake - you don't have to give correct answers, just memorable ones ("Favourite car - Scalextric" or something)

    1. Anonymous Coward
      Anonymous Coward

      "Favourite car - Scalextric"

      Yes because nobody ever mistyped or mispronounced that as 'Scalectrix'.

  6. Anonymous Coward
    Anonymous Coward

    Verify or die

    The company I work for made us answer similar questions to verify our identities over the phone. They wanted the answers to six questions but we had to choose from their examples, a list they had to increase when people found it hard to pick good ones.

    Alas there was no validation on the input form they used to collect the answers, so you could have the same question multiple times (a facility I used when I could only think of answers to five questions). You could also have a different answer to the same question so it will be interesting to see if anyone attempted that - I was sorely tempted.

    That said I think a previous commentard said it best when they said you don't have to give "correct" answers. My first car was actually the space shuttle and my favourite music is the sound of a thousand tortured souls.

    No I don't work for Microsoft.

    1. Elmer Phud

      Re: Verify or die

      I know someone who puts in answers like that on forms at the local Job Center.

      So far he's never been asked to clarify why he would want to be a megolomaniac bent on world domination.

      1. AndrueC Silver badge
        Joke

        Re: Verify or die

        Rupert Murdoch has already signed on?

        Wow. That was quick :)

    2. ItsNotMe
      Coat

      Re: Verify or die

      My D.O.B. is always 01 January 1900. Not doing too bad for an old codger.

      Mine's the one hanging on the electric wheel chair.

      1. Steven Roper
        Thumb Up

        @ItsNotMe

        I always put my DOB as 20 July 1969 (the day of the Moon landing). It's only a few years+months after my actual birth date, so it doesn't arouse suspicion with regard to my physical age, and Dad getting me out of bed to watch Armstrong give his famous speech on the telly, is my earliest childhood memory - hence the day I was "born" to my own awareness.

        Only my bank and certain government agencies have my real DOB (which given said agencies' propensity for USB sticks, laptops and trains probably means world+dog have it by now anyway!)

        1. Anonymous Coward
          Anonymous Coward

          Re: @ItsNotMe

          Maybe you should have posted that anonymously.

  7. davefb
    FAIL

    re making stuff up

    well thats a genius idea isn't it.. because obviously in 6 months when asked for the answers again, I'm obviously going to know the same made up answers.

    Got the same questions last week, only the first set was usable , the second set, I think I could answer, though it depends on the mood which childhood friend I'd pick ( I moved and thats the only question I think has a memorable answer) and the 3rd , that was hopeless.

    grrreat..

    1. jai

      Re: re making stuff up

      Making stuff up is the only safe way to do it - if you give a real answer, then someone is going to be able to guess it or work it out.

      I've been doing it for years. By now, I have a set of answers for most of these types of questions, the answers are completely unrelated to my life, but I know them well. It's no harder than having to remember a dozen different passwords or differing complexity here at work. And at least these types of questions don't have to be changed every 30 days.

      1. FatGerman
        Gimp

        Re: re making stuff up

        "It's no harder than having to remember a dozen different passwords or differing complexity here at work."

        I've got a pretty good memory for facts, but I struggle to remember two passwords because they have to be made-up stuff with "at least one digit and one capital letter". If I start making up answers to security questions as well I'll start doubting my own identity pretty soon.

  8. jake Silver badge
    Pint

    ::giggles::

    This is going to become entirely too funny ...

    Marketards have absolutely no clue about TheRealWorld[tm].

    Beer, because it's afternoon somewhere :-)

    1. Steve Renouf
      Pint

      Re: ::giggles::

      Yes, here too - mine will be sliding down my throat with silky smoothness in about half an hour...

      Yum, yum...

      1. LoopyChew

        Re: ::giggles::

        That's what she said!

  9. Winkypop Silver badge
    FAIL

    I faced these questions last week

    I already have no clue as to what I answered...

    Fail for me too.

    1. Mike Richards Silver badge

      Re: I faced these questions last week

      And don't forget Apple's new password which requires upper and lower case letters as well as numbers. I'm not sure how many times I've changed that in the last few weeks after wholly forgetting the last one.

      Surely any true Apple fan will answer 'Who was your best childhood friend' with 'Steve Jobs'?

      1. JDX Gold badge

        Apple's new password requires upper and lower case letters as well as numbers

        I got screwed by this... as a new iPad user I didn't realise the "Caps-Lock button" was actually only for the next key, which meant I kept entering the password wrong!

        1. Anonymous Coward
          Holmes

          Re: Apple's new password requires upper and lower case letters as well as numbers

          If you double-tap it, it will lock on

        2. This post has been deleted by its author

  10. Matthew 3

    Also won't allow repeated answers

    If your parents happened to meet in the same city in which you had your first kiss, Apple - in their infinite wisdom - won't accept that as a possibility.

    1. Anonymous Coward
      Anonymous Coward

      Re: Also won't allow repeated answers

      ".....in their infinite wisdom,..."

      Bit rich?

      You bought the "i"device!

  11. Anonymous Coward
    Anonymous Coward

    Had one of these sets of security questions a few years ago on some site ... asked me where I went on my first holiday - however "Ireland" was rejected as not being a valid answer!

    Meanwhile Olympic ticketing site had "name of best friend" as backup question to get password reset. When I forgot what combination of capitalization/numeric/symbols I'd had to use in my password I had to go through the "forbot your password" routine and got asked the "name of best friend" ... my wife was not impressed that it took me a couple of wrong answers before I realized that I should be putting her name in!

  12. adamgarretty

    The older I get the less sympathy I have for people who continue to use products that aren't suited to them. Don't like iTunes or Facebook? Well, stop using them because it's the only way companies learn.

    Usability is rarely tested, we adapt to how the device works instead. I'm a sucker for it too but it's amazing how easy it is to stop using something if you shorten your fuse and decide to just stop using them - I just adapt like I did before.

    1. John Arthur
      Thumb Up

      Join the club!

      And I thought it was just me.

    2. The Baron
      Childcatcher

      That's all very well in principle, and I tend to agree with you, but I'd guess it's a bit of a bugger for people in the first month of a 24-month iPhone contract, say. Doubt you'd be able to hand it back for a full refund.

  13. Jedit
    FAIL

    "I literally cannot choose from the 2nd set of questions, none of them apply"

    Fascinating. For none of the second set of questions to apply, you would have to have had no friends as a child and never have had a job or gone to school. While I can see someone buying into Apple because they have no mates and are desperately seeking approval, surely it's unlikely that the others don't apply?

    1. Anonymous Coward
      Anonymous Coward

      Re: "I literally cannot choose from the 2nd set of questions, none of them apply"

      We don't need no education / we don't need no thought control

    2. Shaun 1

      Re: "I literally cannot choose from the 2nd set of questions, none of them apply"

      I don't drive

      I hated all my teachers

      I don't go to concerts

      I've not liked any of my jobs

      I was part of a large circle of frinds, but didn't class any as a "best" friend

      For example

      1. Tom Maddox Silver badge
        Headmaster

        Re: "I literally cannot choose from the 2nd set of questions, none of them apply"

        And:

        I'm excessively literal-minded, so I am unable to make up a memorable answer to any of these questions without having a nervous breakdown.

    3. Anonymous Coward
      Anonymous Coward

      Also, you'd have to be 12 years old ...

      ... for the one about "where were you on 1st Jan 2000" not to apply.

      So why is this kid trying to rent a movie anyway? And whose credit-card was he planning to use, because he clearly can't have one of his own? Sound to me like these questions have just prevented a kid from ordering stuff from itunes on his parent's credit-card, which is exactly what they were supposed to do in the first place.

      So, everything is working exactly as intended and the questions are entirely fit for purpose.

      1. Steve Renouf
        WTF?

        Re: Also, you'd have to be 12 years old ...

        "Sound to me like these questions have just prevented a kid from ordering stuff from itunes on his parent's credit-card, which is exactly what they were supposed to do in the first place."

        You mean they let their kids know their 3D-Secure Code!?!?

  14. Anonymous Coward
    Anonymous Coward

    Oh look! Another excuse to bash apple!

    Never let it be said that El Reg lets an opportunity to take a snide swipe at Apple and use 'Fanbois' repeatedly in an article! This is no exception. A non issue if ever I heard one.

    There are billions of examples of crap password systems in the world, its just

    A) The Reg hate Apple

    B) THe Reg are Pro Android

    C) The Reg lacks integrity.

    Keep up the click bait fellas, you need to pay the bills somehow!

    1. Anonymous Coward
      Anonymous Coward

      Re: Oh look! Another excuse to bash apple!

      Idiot.

    2. Not That Andrew

      Re: Oh look! Another excuse to bash apple!

      Actually, Apple started it when St. Steve the Astonishing of Cupertino excommunicated The Register over a critiacal but honest review of the Beta of OSX many years ago.

      1. Anonymous Coward
        Anonymous Coward

        Re: Oh look! Another excuse to bash apple!

        Funny how they didn't excommunicate all the other publishers of critical reviews.

        1. This post has been deleted by its author

        2. Not That Andrew

          Re: Yes, it is rather puzzling

          It is rather puzzling, maybe St Steve's muesli was disagreeing with him, or something. Nonetheless St Steve did, and El Reg and the writer of the review (Ashley Vance, IIRC) have been on Apple's blacklist since.

        3. Tom Maddox Silver badge
          Headmaster

          Re: Oh look! Another excuse to bash apple!

          I believe the tone of the review may have had something to do with it. You'll have noted that El Reg often uses rhetorical devices like sarcasm and irony, the intent of which is frequently lost on Jobsian cultists, resulting in Aggravated Butthurt in the First Degree, from which Apple has clearly not recovered.

          1. Arctic fox
            Thumb Up

            @Tom Maddox RE: "I believe the tone of the review............"

            It is interesting. Most of the majors realise that one of the ways that El Reg attracts readers from amongst professional (and enthusiastic amateur) techies is precisely it's style of insouciant satire and cynicism. It is an observable fact that all of them end up on the receiving end of the "treatment" on a regular basis. Plus the fact that those of the readership who do have a strong affinity for this or that company (note how politely I expressed that, -:P) do adore seeing the one they in fact love to hate being subjected to an "El Regging". In sum, the style attracts one of the key potential customer groups that these companies wish to attract the attention of. However, the former CEO of A Famous Mobile Device Company was of the type to take these matters very personally, something which perhaps explains why they (still) have a tendency to react to El Reg's mischief in the way they do.

      2. This post has been deleted by its author

  15. Anonymous Coward
    Anonymous Coward

    Vaguley touching the honesty displayed

    People actually worry about and give correct answers to this stuff?

    Thanks to this kind of question I've been a serial liar on the internet for years, it amounts to three separate low security passwords nothing more

  16. ukgnome
    Windows

    Typical El Reg

    They do love to bait the apple users don't they.

    Even I am getting bored of their "fanboi, fruity, jobsian, jesus mobe" load of old balls.

    They do something to help protect missuse of iTunes, and the credit card details of it's users and they are branded pathetic or out of touch. A bit like El Reg of late!

    1. Anonymous Coward
      Anonymous Coward

      Re: Typical El Reg

      Oh my word. Another fruity jobsian jesus mobe holding fanboi idiot. El Reg write many articles about many companies with their tongue firmly in their cheek. It's funny. Read it, grin at it and move on.

      Failing that, go look at how 'amazing' your icons are on your new ipad.

      1. Anonymous Coward
        Anonymous Coward

        @AC

        Wow good catch AC. I can't believe Anna Leach missed out on "fruity", she practically used every other adjective.

      2. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: Typical El Reg

      "They do something to help protect missuse of iTunes, and the credit card details of it's users and they are branded pathetic or out of touch."

      I think you're missing the point; they aren't being slagged off for "doing something to help prevent misuse of iTunes"; they're being slagged off for doing it in a crap way.

      You could probably Google for a set of questions that produce reliable, personal, and secure answers; but instead they've done the "quirky" thing and produced a set of questions that give unreliable results or are easily cracked.

      1. Anonymous Coward
        Anonymous Coward

        Re: Typical El Reg

        > You could probably Google for a set of questions that produce reliable, personal, and secure answers

        Can you suggest some?

        Especially some which won't make people complain that Apple is probing too deeply into their personal lives...

    3. Skrynesaver
      Trollface

      Re: Typical El Reg

      They have been reusing the same put downs a lot, however you missed the new and exciting one in this episode "Foxconn-brander", that's definitely going into the list (say $apple_abuse_list[rand @apple_abuse] ;

  17. Richard Jones 1

    Dealing With The Silly Aspects of The World

    OK in this case Apple can easily be criticised for the silly irrelevant fixed questions, and sorry if that or the next bit upsets you 'ukgnome', but Apple stupidity has upset me often enough in the past so it is no worse than one all. Yes the questions are stupid, my iPod using disabled daughter will never have a car, first second or third. Nor will many of this type of irrelevant questions apply to her.

    However, several comments have already pointed out that stupid questions desire stupid answers and are only really a set of extra passwords. They may need to be recorded - and that probably breaks some rule or another, but hey so what?

    I have often resorted to the tag '<name of company>Cr*p'. Oddly enough I have no trouble remembering that one! Obscene or other suggestive responses are quite useful as long as you tie them into the negative aspects, (or positive if you are that way inclined) of the company in question.

    1. Syd

      Re: Dealing With The Silly Aspects of The World

      "I have often resorted to the tag '<name of company>Cr*p'. Oddly enough I have no trouble remembering that one!"

      Won't work - it demands a different answer to each question.

      1. Richard Jones 1

        Re: Dealing With The Silly Aspects of The World

        Cr*pI, then Cr*pII and so on down the list, use letters, Roman figures, Numbers according to taste.

    2. toadwarrior

      Re: Dealing With The Silly Aspects of The World

      Protip: there are quite a few question to choose from. You can easily find one that isn't car related.

  18. Tom Wood

    Create a scheme

    Choose a password e.g. "carrot"

    What is your favourite car? carrotcar

    What is your dog's name? carrotdog

    Where were you first kissed? carrotkiss

    etc.

    1. TeeCee Gold badge
      Coat

      Re: Create a scheme

      You are Peter Rabbit and ICMFP!

    2. Darryl

      Re: Create a scheme

      What is your favourite sexual aid? would be an easy one then

  19. Steve King
    Facepalm

    Security

    I know that prevention is better than cure, but it'd really help their security if they changed things so that once your account has been hacked and your computers de-authorised in favour of the hackers, you could either:

    1. De-authorise their computers without waiting 12 months (yes, you do really have to wait that long)

    2. Find some 'suspend this account' button to put a temporary halt on things while you got it sorted out

    3. Find an email address or phone number to report the problem (if Amazon can, why can't Apple?).

    4. Have a way to delete the account entirely as a last resort

    Yes, it did happen to me, and my password was not as easy to guess as Joe Average's might be.

    I changed the credit card and changed the account password to some random garbage and deleted iTunes from all my computers. I don't really miss it, but if they fix points 1-4 I might risk it again.

    1. Anonymous Coward
      Anonymous Coward

      Re: Security

      > 3. Find an email address or phone number to report the problem

      http://www.apple.com/support/itunes/contact/

      Have always answered me in under 24h.

  20. Anonymous Coward
    Anonymous Coward

    iPhone Users kissed?

    Really? Seems a bit far fetched.

    1. deadlockvictim Silver badge

      Re: iPhone Users kissed?

      Isn't there an app for that?

      1. This post has been deleted by its author

      2. Francis Boyle Silver badge

        Unfortunately

        there are several. I suppose that, in some obscure way, it balances out all the fart apps.

  21. Jeebus

    See what I mean when I said the entire Pro-Apple anon poster thing is just one person who patrols dozens of tech sites.

  22. hmmm

    Security questions are hard

    I know it's easy to laugh at Apple, but setting these sort of questions is difficult. I've worked in security, and I've had to set similar questions - particularly now in the era of Facebook and LinkedIn, it's harder and harder to find questions that are

    i) Memorable

    ii) Not available online or known to your friends

    iii) Unique

    iv) Won't change in the near future

    Give the security guys a break - they don't want to be asking you where your first kiss was, but if people insist on putting the details of their life online what else can they do ;)

  23. Anonymous Coward
    Anonymous Coward

    Apple are funny

    My daughter set the answers to our shared account (no credit card information on this account by the way so no fear of being made bankrupt by the little dear) and typically couldn't remember what she put (PS. Apple, my daughter doesn't have a favorite job, first car, first house, etc as she is 12!)..anyway I logged on a tried to reset the answers (no joy). I went on the support sites..."simple" they said, log on to you account and reset them at appleID...."ah, but you need to answer them first in order to change them...and ps you can;t make your own question up, like it suggests....". "Oh", they said "in that case we need you to send us some proof of who you are"......"Like, what" says me ......"Credit card, last purchase and answer one of the security questions" says they...."You don't know my credit card, I've never bought anything from Itunes and I DONT KNOW THE ANSWERS to the questions"...

    My final e-mail basically said "thanks for nothing" - to which they replied that they were happy that they managed to solve my problem and that I was thanking them, and this would be added to their 'job well done' stats... LOL

    What pisses me off the most was that the new questions were brought in without warning, and according to Apple, they would send an e-mail to confirm that you wanted to set/change the questions (i.e. that the e-mail owner would get a messages saying somebody was trying to change the answers, is this OK?) but no....they send a NOTIFICATION that the questions HAVE been changed....there's f**k all you can do about it after that.

    Ho hum - luckily it's easy just to create a few more accounts - but they still aren't getting my credit card number,

    PS. I recommend going for the theme suggestion somebody made earlier.

  24. Luke McCarthy
    FAIL

    Ahh, security questions

    The best way to undermine the security of a well-chose password.

  25. Anonymous Coward
    Anonymous Coward

    qwertyuiop

    is my answer to all such questions.

    1. The Baron
      Happy

      Re: qwertyuiop

      Not when you can't have the same answer to more than one question.

    2. Anonymous Coward
      Anonymous Coward

      Re: qwertyuiop

      At work we have a system that forces password changes periodically, and for "added security" you can't repeat a character in the same position as previous passwords (not just the previous password.) In addition to this meaning I have to write all the passwords down so I can successfully get a new password, I have had to come up with an easily guessable 'theme' (qwertyui1, wertyuq2 etc) so I can change my pw without having to work out acceptable character combinations with pen and paper like it's a bloody crossword puzzle.

      AC obviously as slagging work a bit.

      1. Anonymous Coward
        Anonymous Coward

        Re: qwertyuiop

        AC for the same reason.

        We have an automated password reset system. You get to choose three security questions from a list and provide the answers. When attempting to set it up, it forces that no common words be found in the answers and in the questions (a bug, I assume).

        It's impossible to choose three questions from the canned list of which at least two do not contain some of the same words.........<slow handclap>

      2. Anonymous Coward
        Anonymous Coward

        Re: qwertyuiop

        > for "added security" you can't repeat a character in the same

        > position as previous passwords

        Fantastic. That's password sadism.

        My favourite is being asked "what are the 3rd, 9th and 17th characters" of $whatever. I really can't imagine how you could do that without writing it down.

        Actually qwertyuiop works nicely in that case - the Nth character is right below the N key...

  26. Anonymous Coward
    Anonymous Coward

    I enjoy laughing.....

    ......at those whom can't even remember a simple password!

    What hope has society got? People can't even remember a password or even think of a way to use the same passphrase in different configurations on different services.

    Useless!

    1. Mr Young
      Happy

      Re: I enjoy laughing.....

      There is an other side to the coin - I don't consider myself useless because I have to dig out an old project folder as a reminder for example. I can't wait for the cyborg USB or Fibre Optic memory connnector - fucking ye

    2. Andy Christ

      And I enjoy laughing.....

      At those who misuse whom.

    3. Anonymous Coward
      Anonymous Coward

      Re: I enjoy laughing.....

      I, on the other hand, enjoy laughing at people who use "a simple password".

  27. sisk

    Wasn't iTunes already enough of a pain in the ass? I mean having to put in your password for every single purchase, even free ones, and not being able to adjust the security setting is bad enough. Especially for those of us who don't have a credit card attached to our iTunes accounts.

  28. Handler
    Facepalm

    Quite amazing that people will scream and shout, call out the authorities and file lawsuits when their data is exposed due to weak security, but will balk whenever an attempt is made to improve that security, inane questions notwithstanding. It doesn't matter what the questions are, just the answers.

    1. auburnman
      WTF?

      Of course it matters what the questions are: they help you remember the answers. If you didn't have a memory fault you wouldn't be trying to recover your password would you?

      I hate the ambiguity in the default questions same as others here; did I put down the answer to "my first job" as the shelf-stacking I did as a teenager, or my first salaried role when I moved to a city? Much better if you can set your own questions in a fill in the blanks style, i.e. "My first boss was Barry ______."

      1. Magnus_Pym

        "My first boss was Barry ______."

        Shitpeas? easy

  29. Anonymous Coward
    Anonymous Coward

    "Where were you on January 1, 2000".

    Well anything like most of us who remember something of it, probably flat out on lawn/floor/gurney of neighbour/brother/parents/police cell/A&E, lying in a pool of something yucky?

    1. Steve Renouf
      Facepalm

      Upvoted because

      quite apart from what you stated, there is also the assumption on their part that you were only ever in 1 location for the whole of that day!?! WTF! Some people make the rounds of visiting neighbours/family etc. on New Years Day FFS!

  30. toadwarrior

    I don't see what the issue is (aside from the reg gagging to anyway to mention apple) because all they did is create a positive & negative version of pretty much every standard reminder question.

    The reason being is that is what most people would pick anyway. It would be nice to have it being free text but that won't necessarily fix the problem unless you pick something really obscure.

    That's why I like the pre select question, you put something completely unrelated in and it will be much harder for them to get rather than your honest answer to "what colour are my mittens?" Or whatever you pick.

  31. Anonymous Coward
    Anonymous Coward

    Oh the outrage

    Yes it's somewhat stupid. But it's pretty standard industry practice on thousands of sites.

  32. Anonymous Coward
    Facepalm

    DOB

    Are any of these any sillier than the widespread practice of being asked your date of birth as a security question? ....because no-one apart from yourself could possibly know the answer to that one.

  33. disgruntled yank Silver badge

    Steve Jobs tribute?

    I recall from (I think) the book _Insanely Great_ reading about Jobs hassling some insufficiently cool candidate for a programming manager position with questions about his sex life.

    1. DiViDeD Silver badge

      Re: Steve Jobs tribute?

      Yes, and it was rather tastelessly chronicled in Pirates of Silicon Valley, a must see for anyone a bit hazy on the early life & miracles of St Steve

  34. Marty McFly
    Facepalm

    I like the ones where I get to make up the question. I actually had my bank's call center ask me:

    "How much wood would a woodchuck chuck if a woodchuck would chuck wood?"

    The poor girl barely got through it without busting out laughing. And no, I won't tell you the correct answer as it is memorable only to me.

  35. NoneSuch Silver badge
    Big Brother

    Obvious why the fanbois are unhappy.

    Every answer to the "where where you when" questions is "while on line at the iStore"

  36. oregonensis
    WTF?

    Blah blah complaining fanbois blah blah

  37. Anonymous Coward
    Anonymous Coward

    iFail

    You don't get subjected to crap like this on BitTorrent.

  38. PJI
    Thumb Down

    Customer respect.

    The thing stinks of some young yank who has been no further than his nearest McD coming up with a clever wheeze.

    Somebody should remind them that a lot of customers are over 16 and live a long way from USA. I abhor seeing American spelling and cultural assumptions used in my small country of jnearly 70 millions. I should have thought any yank firm should be able to translate to English just as well as they can to German or different dialects of Spanish, out of respect for customers often paying higher than USA prices.

  39. GoGlen
    Boffin

    I laugh at these simple "security" scenarios :(

    OK, not; I envy them. I work in the civilian healthcare industry for the US Military. Our security must comply with Department Of Defense requirements.

    15 character password, minimum 1 upper, 1 lower, 1 number, 1 special.

    Must change every 60 days

    Must change more than 4 characters/time

    No dictionary words embedded in the password

    Cannot re-use any of the last 24 passwords.

    Account is locked after 3 failed attempts within 1 hour - meaning a max of 71 attempts/day if you were timing it for a guess every 20.05 minutes.

    (so how can one "crack" a 15-char ugly password with 71 guesses/day?)

    Security questions? Must supply 6 questions, unique answers, min 4 chars each. Answer like 4 of them to initiate a reset.

    >means your first car better not be a BMW.

    >my favorite movie shifts, as does my favorite music, food, etc.

    >> Solution? Complex formula, I had to write a code for, so I can generate my pw. I'm a geek... how are doctors or nurses supposed to handle this? THEY WRITE IT ON A POST-IT NOTE.

    1. Richard 126

      Re: I laugh at these simple "security" scenarios :(

      I have a friend who works in a place with this sort of security. Every 2 months she changes her password 24 times in one day to clear the usage limits then reuses the password she started with and carries on. Not good but better than writing it down on a post it note.

      1. Anonymous Coward
        Anonymous Coward

        Re: I laugh at these simple "security" scenarios :(

        That's exactly what I used to do as well, then the bastards I worked for limited the number of changes per day to 1. Following that I wrote it on a post it note and stuck it to the monitor.

      2. GoGlen

        Re: I laugh at these simple "security" scenarios :(

        Ah, forgot one more rule - cannot change a PW more than 1x/day. Specifically for this reason.

        So, at "full speed", it would take 24 days to return to your original password.

  40. Smithson
    Thumb Down

    I fell afoul of this change myself a couple of weeks back, and despite the disbelief of several commentards above, I also had a selection of questions for which I had no answer. Don't drive, didn't hate a teacher (more than any other), wouldn't describe any particular friend as being "better" than the others, don't remember where I was on 1st Jan 2000, etc. But then if you remember it, you weren't really there, or so I hear.

    So if I ever come to forget my iTunes password, or whatever circumstance where you're expected to answer these questions, I'll have to guess at what my fictional answer/s were, undoubtedly get them wrong, and get banned for being no better than a News of the World account "hacker". There are several better ways to prevent children from running up big bills on iTunes. "Don't give them your sodding credit card number, you lunatic" being quite high on the list.

  41. Bilby

    As security gets tougher to crack, the legitimate user gets more and more likely to destroy it himself, by writing the password/passphrase/answers to security questions/etc. on a post-it stuck on his monitor.

    Increasing complexity is a diminishing returns game; the most secure system is therefore somewhere at the simple end of the spectrum. This is doubly true for 'unmonitored' security - the boss might come down on you for writing down your passwords at work, but no-one will know or care if you do the same with your iTunes passwords at home.

    The old system was likely more secure than the new one. If you were the only person who knew your password, all was good - until you were required by poor memory and mandatory 'improved' security to have the information needed for your children/spouse/flatmate/etc. to change that password written down next to your computer.

  42. The MaJiK Man
    Thumb Up

    Typical over blown non-issue by El-Reg

    Slow news day for Apple bashing so lets try this one (El Reg motto).

    If Apple had made it more difficult it would have been bashed for that.

    Simple if you don't like Apple, use the many alternatives available. No one is forced to use Apple.

    The questions are just a simple method to help you set up 3 new passwords. You can put any answer. If you can't remember 3 words then write them down some where and password protect that with any question you care to ask.

    Get a Mac, Get a life.

    Martin

  43. stanimir

    security questions

    1. copy/paste the text of security question.

    2. add salt - the number (or combination of the digits) of the "first" bank card (keep it private and safe, it has expired long time ago)

    2.5. use the salt in symmetric key algo like rc4

    3. put the result into some non-popular hash function like twister.

    ....??

    profit

  44. Andy Farley

    It's always an option

    to copy the question into the answer - apart from the obvious ones:

    "Least favourite job"

    Pulling lobsters out of Jane Mansfield's arse.

  45. janimal

    I used to be a developer at a chemical engineering firm.

    They used to enforce a set of rules for password construction and you had to change it every 60 days. This ended up being far too much work for the limited IT staff.

    They changed the system to remove the construction rules & enforced 60 day change and instead constantly ran brute force & dictionary attacks on everyone's passwords. If your password got cracked you had to change it.

    I was able to retain mine for the remainig 5 years I stayed at the company.

    1. Steve Williams

      Too sensible for any company I have worked for over the last 42 years.

      Even for an engineering firm. Would be interesting to know which one.

  46. jonathanb Silver badge

    City you were first kissed in

    Is most likely going to be the same place as the city you were born in

  47. Anonymous Coward
    Anonymous Coward

    Demonstrates three things which would otherwise be difficult to believe...

    1. That anyone would get worked up in the first place over such innocuous security questions.

    2. That an IT news site would consider it worth reporting what those worked-up asses were saying to each other.

    3. That the readers of said news site would consider it worth writing (currently) 117 comments about the story.

    Seem to be too many people in the IT business with not enough to do.

    1. FatGerman
      Facepalm

      Re: Demonstrates three things which would otherwise be difficult to believe...

      Well obviously, we all work in the IT industry because we're work shy hippy layabouts. What's your excuse?

      1. Mr Young
        Happy

        @FatGerman

        amen to that - I'd guess AC sounds like he needs to actually try and do some REAL stuff

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021