Advertisement

Apple's additional security steps could be better

As we've been hearing, Apple is rolling out some "additional security" for App Store customers. When you go to purchase an app, as I just did (it was the free Pocket app, incidentally), you may be prompted to answer three security questions and provide a second email address in case your primary account is compromised. Unfortunately, this 20th century form-based method of enhanced security is just poorly done. Apple, an innovator in so many ways, can do better.

I knew it was coming but I wasn't quite prepared for the stupidity of the questions. "What was your first car?" is a good example. This weekend I was getting an app for my 8 year-old son and had to answer this. I guess I should have said "Hot Wheels"? "Who was your first teacher?" is a question I simply couldn't remember for me or for my son (are we talking preschool or what?). "Where was your first kiss?" -- really? You mean we might have to be able to accurately type in "In the back seat of a smelly 1990's muscle car"? Possibly on an iOS device? You're kidding us, right Apple?

Again, while I appreciate the effort, this seems like a stopgap measure and it has been confusing quite a few customers -- we have received a few confused emails asking if it was some attempt at phishing. Sigh. Apple has our emails, our account info, access to iOS in ways no other developer can access... Surely this could have been done better.

Instead, we pick three fake answers and had to write them down so we'll remember them. Great security, not. Plus, now we have to remember whether we capitalized our answers, and we have to deal with natural typos, and of course our recovery email is already being used for our alternative Apple ID. Did I mention that all humans must now have two email addresses? Yep, that's a thing now. Tell your kids.

I inadvertently used my @me address when I answered these questions for my son, who, at the time, only had one email account. Where do I change this? You'll have to go to your Apple ID account page here. It baffles me that Apple would manage security this way, however. The business lately hasn't been so much "Think Different" but "target people who are not tech-savvy at all." Guess what? People who don't like technology tend to have ONE email address. Probably one they set up over a decade ago! Now you're asking them to hunt around for another service, or magically suss out that they can create one using iCloud potentially weeks or months after purchasing their iOS device.

We've got another layer of fail slathered over iTunes now, and the chances of our accounts being compromised haven't necessarily been lessened. Instead, our chances of recovering our accounts after they're compromised just got worse.

Here's some free ideas for you, Apple. How about three or four images (like the stock images for accounts on a Mac), asking someone their favorite? Or, by using the technology of touchscreens, have someone draw a simple geometric shape like a parallelogram. There's a microphone and camera on most iOS devices, perhaps something utilizing these technological marvels?

Are Apple's additional security steps frustrating to you, or are you enjoying the feeling of enhanced security?