Advertisement

The only way to make your iCloud security questions actually secure

John-Michael Bond

Updated Wed, Sep 3, 2014, 5:30 PM·2 min read

The recent leak of nude photographs from some of America's biggest female celebrities has drawn attention to the security of Apple's iCloud. If there's one takeaway from this incident, other than people who share the private photos of other are scum, it's that sometimes it's the simplest things that betray our security. In this case, it was security questions.

According to Apple these leaks weren't caused through complicated computer hacking; instead, they were brought about through conventional (security question/username) password reset methods. All someone needs is your Apple ID (often an easily guessed common email) and some personal information. When you tell iCloud that you forgot your password it offers the option to use security questions to get the information. Once you enter your Apple ID it will ask for your birthday. Depending on your privacy settings on Facebook, anyone could have that.

That's all someone needs to gain access to your security questions. Obviously Apple should probably fix how easy this process is, but in the meantime there is a surefire way to keep your security question answers secure -- lie, lie, lie.

Lie in the answers to your security questions to make them unguessable. Here are some examples.

What was your first job? WillieNelsonDrugDealer4242
What was the first concert you went to? 777BuTTsAreFunny
What was the name of your first pet? 5GrandMasOldSocks5

Trust us. Lie in your security code questions. We understand why these questions exist, to aid people with crummy memory who often forget their passwords. For those of you who cannot keep track of your password, consider writing down the answer to security code question on a piece of paper and storing it in your home. Sure, someone might find it, but they'll just assume it's your normal password. No one assumes you've written down your security questions. You can also use password-secured apps like 1Password to store those made-up answers to your security questions instead of writing them down.

Until Apple finally introduces two-step verification for iCloud accounts this is the best way to be secure. It is also the silliest security measure we will ever recommend. We're in good company with this opinion, as shown by this xkcd comic.

What's your security code answer? Let us know in the comments if you missed the point of this article.

Engadget
Threads now lets you control who can quote your posts
Head of Instagram Adam Mosseri announced the update this weekend, saying he hopes it will “help keep Threads a more positive place.” Users can choose to turn off quotes entirely or limit them only to people they follow.
Engadget
Parrots in captivity seem to enjoy video-chatting with their friends on Messenger
A small study led by researchers at the University of Glasgow and Northeastern University compared parrots’ responses when given the option to video chat with other birds via Messenger versus watching pre-recorded videos.
Engadget
Google prohibits ads promoting websites and apps that generate deepfake porn
Google has updated its Inappropriate Content Policy to include language that expressly prohibits advertisers from promoting websites and services that generate deepfake pornography.
Engadget
X is using Grok to publish AI-generated news summaries
X is using Grok to publish AI-generated summaries of news and other topics that trend on the platform.
Engadget
Nintendo blitzes GitHub with over 8,000 emulator-related DMCA takedowns
Nintendo sent a Digital Millennium Copyright Act (DMCA) notice for over 8,000 GitHub repositories hosting code from the Yuzu Switch emulator, which the Zelda maker previously described as enabling “piracy at a colossal scale.”
Engadget
Helldivers 2 PC players suddenly have to link to a PSN account and they're not being chill about it
Helldivers 2 players have become frustrated after Sony suddenly required linking to a PSN account to play the game on PC. This was not necessary when the title launched in February.
Engadget
Redfall’s two DLC heroes are still MIA a year later
Microsoft may want to be more careful about leaving a trail of broken promises when games don’t go as planned. A year after Redfall landed with a thud, players are still waiting for the advertised post-launch DLC they already paid for.
Engadget
Instagram's 'Add Yours' sticker now lets you share songs
Instagram has released some new interactive stickers for use in Stories. One of these is a “Reveal” sticker that blurs content, so people have to DM the creator to get it unlocked.
Engadget
Apex Legends is getting a solo mode for the first time in five years
Apex Legends will have a solo mode for the first time in five years when the new season starts on May 7. Respawn said as recently as January it had no plans to bring back the single-player option.
Engadget
A four-pack of Samsung's Galaxy SmartTag 2 trackers is back on sale for $70
A bundle of Samsung's Galaxy SmartTag 2 Bluetooth trackers is back on sale for $70, matching the lowest price we've tracked.
Engadget
Research indicates that carbon dioxide removal plans will not be enough to meet Paris treaty goals
New research indicates a large “emissions gap” between what actions nations have committed to help remove carbon from the atmosphere and what’s required to meet Paris treaty goals.
Engadget
Rabbit R1 review: A $199 AI toy that fails at almost everything
The Rabbit R1 is a cute AI gadget, but at launch it’s riddled with issues and terrible battery life. When phones can handle similar AI tasks, the R1 doesn’t do enough to justify its existence.
Engadget
The Apple Watch Series 9 is back on sale for $299, plus the rest of this week's best tech deals
This week, we found deals on gear from Samsung, Apple, Bose, Anker and more.
Engadget
Boeing’s Starliner spacecraft may finally take its first crewed flight next week
Boeing's Starliner crew capsule is scheduled to launch from Cape Canaveral Space Force Station’s Launch Complex-41 in Florida on Monday, May 6. The launch window opens at 10:34PM ET. Astronauts Butch Wilmore and Suni Williams will be on board.
Engadget
Google says Epic’s Play Store demands are too much and too self-serving
Google has filed an injunction telling the court that it will not give Epic what it wants without a fight, because the company's asks "stray far beyond the trial record."
Engadget
The best gifts to upgrade your grad’s tech setup
College grads are probably using the same tech they started out with four years ago. Here are the best gadgets you can get them to upgrade their kit, including laptops, headphones, monitors and more.
Engadget
Boom's XB-1 supersonic jet has been authorized to break the speed of sound
Boom's supersonic XB-1 test jet has received Federal Aviation Administration (FAA) approval to fly past Mach 1.
Engadget
The Morning After: Peloton's grim post-pandemic reality
The biggest news stories this morning: Huawei has been secretly funding research in America after being blacklisted, The best noise-canceling earbuds, Olivia Rodrigo, Drake and other Universal artists return to TikTok.
Engadget
Engadget Podcast: Kill the Rabbit (R1)
The Rabbit R1 is finally here, and it's yet another useless AI gadget.
Engadget
The best password manager for 2024
Remembering dozens of passwords can be difficult for anyone. These are the best password managers you can use to keep your information safe and secure.