iTunes fanbois outraged by Apple's sex-life quiz probe

Surely some better questions for Apple owners.

What coffee shop do you work in?

what is your favorite colour of plastic device

Who is your favorite fashion designer

what is your favorite Instagram filter

Least favourite job

For plenty of people that question is a complete non starter, it implies that they have had at least 2 jobs ... what about the lazy arses who have never bothered to work ? Ditto cars - unless you count the ones that they have nicked, or even know who their father is.

I suppose that they do need to provide a list of questions, most people would not be able to come up with things themselves - although it would be nice for those who are more able.

For goodness sake - you don't have to give correct answers, just memorable ones ("Favourite car - Scalextric" or something)

Verify or die

The company I work for made us answer similar questions to verify our identities over the phone. They wanted the answers to six questions but we had to choose from their examples, a list they had to increase when people found it hard to pick good ones.

Alas there was no validation on the input form they used to collect the answers, so you could have the same question multiple times (a facility I used when I could only think of answers to five questions). You could also have a different answer to the same question so it will be interesting to see if anyone attempted that - I was sorely tempted.

That said I think a previous commentard said it best when they said you don't have to give "correct" answers. My first car was actually the space shuttle and my favourite music is the sound of a thousand tortured souls.

No I don't work for Microsoft.

Also won't allow repeated answers

If your parents happened to meet in the same city in which you had your first kiss, Apple - in their infinite wisdom - won't accept that as a possibility.

Had one of these sets of security questions a few years ago on some site ... asked me where I went on my first holiday - however "Ireland" was rejected as not being a valid answer!

Meanwhile Olympic ticketing site had "name of best friend" as backup question to get password reset. When I forgot what combination of capitalization/numeric/symbols I'd had to use in my password I had to go through the "forbot your password" routine and got asked the "name of best friend" ... my wife was not impressed that it took me a couple of wrong answers before I realized that I should be putting her name in!

The older I get the less sympathy I have for people who continue to use products that aren't suited to them. Don't like iTunes or Facebook? Well, stop using them because it's the only way companies learn.

Usability is rarely tested, we adapt to how the device works instead. I'm a sucker for it too but it's amazing how easy it is to stop using something if you shorten your fuse and decide to just stop using them - I just adapt like I did before.

Oh look! Another excuse to bash apple!

Never let it be said that El Reg lets an opportunity to take a snide swipe at Apple and use 'Fanbois' repeatedly in an article! This is no exception. A non issue if ever I heard one.

There are billions of examples of crap password systems in the world, its just

A) The Reg hate Apple

B) THe Reg are Pro Android

C) The Reg lacks integrity.

Keep up the click bait fellas, you need to pay the bills somehow!

Vaguley touching the honesty displayed

People actually worry about and give correct answers to this stuff?

Thanks to this kind of question I've been a serial liar on the internet for years, it amounts to three separate low security passwords nothing more

Dealing With The Silly Aspects of The World

OK in this case Apple can easily be criticised for the silly irrelevant fixed questions, and sorry if that or the next bit upsets you 'ukgnome', but Apple stupidity has upset me often enough in the past so it is no worse than one all. Yes the questions are stupid, my iPod using disabled daughter will never have a car, first second or third. Nor will many of this type of irrelevant questions apply to her.

However, several comments have already pointed out that stupid questions desire stupid answers and are only really a set of extra passwords. They may need to be recorded - and that probably breaks some rule or another, but hey so what?

I have often resorted to the tag '<name of company>Cr*p'. Oddly enough I have no trouble remembering that one! Obscene or other suggestive responses are quite useful as long as you tie them into the negative aspects, (or positive if you are that way inclined) of the company in question.

Create a scheme

Choose a password e.g. "carrot"

What is your favourite car? carrotcar

What is your dog's name? carrotdog

Where were you first kissed? carrotkiss

etc.

iPhone Users kissed?

Really? Seems a bit far fetched.

See what I mean when I said the entire Pro-Apple anon poster thing is just one person who patrols dozens of tech sites.

Security questions are hard

I know it's easy to laugh at Apple, but setting these sort of questions is difficult. I've worked in security, and I've had to set similar questions - particularly now in the era of Facebook and LinkedIn, it's harder and harder to find questions that are

i) Memorable

ii) Not available online or known to your friends

iii) Unique

iv) Won't change in the near future

Give the security guys a break - they don't want to be asking you where your first kiss was, but if people insist on putting the details of their life online what else can they do ;)

Apple are funny

My daughter set the answers to our shared account (no credit card information on this account by the way so no fear of being made bankrupt by the little dear) and typically couldn't remember what she put (PS. Apple, my daughter doesn't have a favorite job, first car, first house, etc as she is 12!)..anyway I logged on a tried to reset the answers (no joy). I went on the support sites..."simple" they said, log on to you account and reset them at appleID...."ah, but you need to answer them first in order to change them...and ps you can;t make your own question up, like it suggests....". "Oh", they said "in that case we need you to send us some proof of who you are"......"Like, what" says me ......"Credit card, last purchase and answer one of the security questions" says they...."You don't know my credit card, I've never bought anything from Itunes and I DONT KNOW THE ANSWERS to the questions"...

My final e-mail basically said "thanks for nothing" - to which they replied that they were happy that they managed to solve my problem and that I was thanking them, and this would be added to their 'job well done' stats... LOL

What pisses me off the most was that the new questions were brought in without warning, and according to Apple, they would send an e-mail to confirm that you wanted to set/change the questions (i.e. that the e-mail owner would get a messages saying somebody was trying to change the answers, is this OK?) but no....they send a NOTIFICATION that the questions HAVE been changed....there's f**k all you can do about it after that.

Ho hum - luckily it's easy just to create a few more accounts - but they still aren't getting my credit card number,

PS. I recommend going for the theme suggestion somebody made earlier.

qwertyuiop

is my answer to all such questions.

I enjoy laughing.....

......at those whom can't even remember a simple password!

What hope has society got? People can't even remember a password or even think of a way to use the same passphrase in different configurations on different services.

Useless!

Wasn't iTunes already enough of a pain in the ass? I mean having to put in your password for every single purchase, even free ones, and not being able to adjust the security setting is bad enough. Especially for those of us who don't have a credit card attached to our iTunes accounts.

"Where were you on January 1, 2000".

Well anything like most of us who remember something of it, probably flat out on lawn/floor/gurney of neighbour/brother/parents/police cell/A&E, lying in a pool of something yucky?

I don't see what the issue is (aside from the reg gagging to anyway to mention apple) because all they did is create a positive & negative version of pretty much every standard reminder question.

The reason being is that is what most people would pick anyway. It would be nice to have it being free text but that won't necessarily fix the problem unless you pick something really obscure.

That's why I like the pre select question, you put something completely unrelated in and it will be much harder for them to get rather than your honest answer to "what colour are my mittens?" Or whatever you pick.

Oh the outrage

Yes it's somewhat stupid. But it's pretty standard industry practice on thousands of sites.

Steve Jobs tribute?

I recall from (I think) the book _Insanely Great_ reading about Jobs hassling some insufficiently cool candidate for a programming manager position with questions about his sex life.

iFail

You don't get subjected to crap like this on BitTorrent.

As security gets tougher to crack, the legitimate user gets more and more likely to destroy it himself, by writing the password/passphrase/answers to security questions/etc. on a post-it stuck on his monitor.

Increasing complexity is a diminishing returns game; the most secure system is therefore somewhere at the simple end of the spectrum. This is doubly true for 'unmonitored' security - the boss might come down on you for writing down your passwords at work, but no-one will know or care if you do the same with your iTunes passwords at home.

The old system was likely more secure than the new one. If you were the only person who knew your password, all was good - until you were required by poor memory and mandatory 'improved' security to have the information needed for your children/spouse/flatmate/etc. to change that password written down next to your computer.

security questions

1. copy/paste the text of security question.

2. add salt - the number (or combination of the digits) of the "first" bank card (keep it private and safe, it has expired long time ago)

2.5. use the salt in symmetric key algo like rc4

3. put the result into some non-popular hash function like twister.

....??

profit

It's always an option

to copy the question into the answer - apart from the obvious ones:

"Least favourite job"

Pulling lobsters out of Jane Mansfield's arse.

I used to be a developer at a chemical engineering firm.

They used to enforce a set of rules for password construction and you had to change it every 60 days. This ended up being far too much work for the limited IT staff.

They changed the system to remove the construction rules & enforced 60 day change and instead constantly ran brute force & dictionary attacks on everyone's passwords. If your password got cracked you had to change it.

I was able to retain mine for the remainig 5 years I stayed at the company.

City you were first kissed in

Is most likely going to be the same place as the city you were born in

Demonstrates three things which would otherwise be difficult to believe...

1. That anyone would get worked up in the first place over such innocuous security questions.

2. That an IT news site would consider it worth reporting what those worked-up asses were saying to each other.

3. That the readers of said news site would consider it worth writing (currently) 117 comments about the story.

Seem to be too many people in the IT business with not enough to do.