Epic failure: Apple security mismatches

Was trying to install an app on Saturday. Up popped a request for more information, including a second attempt at getting my password, and then 3 “security” questions, including “What city was I first kissed in.”

Um.

Ok.

That is an EPIC FAIL in and of itself, but lets go on to the real … BIG EPIC FAIL.

The security questions presented on the Apple app do not match those, or even come close to matching those on the appleid.apple.com site. Nope, no relation whatsoever.

One would think that, I dunno, a person confronted with something new like this, would first go to the web site over a secure link to set these things, rather than a cagy app-centric mechanism WHICH DOES NOT MATCH THE WEBSITE …

That is, you cannot be sure that your information is consistent across these two.

There are only two possibilities.

1) a phishing attack that got through the apple censors.

2) a very poorly thought out and implemented policy, which is internally inconsistent and effectively indistinguishable from #1.

Spoke to the customer service rep, and he was a nice guy. Lodged a complaint on this. I want to be able to set/configure all the security … ALL OF THE SECURITY … over a secure browser, and have the information EXACTLY match what any app is asking me for …

… that is … unless I like giving answers away to fixed questions, which are likely questions for phishers to want to know to attack other accounts.

This one is an EPIC FAIL Apple. You need to fix it … fast. I won’t buy another app until I am absolutely convinced that I can manage my security. I am not convinced of this, and long hard experience dealing with large companies shows me I shouldn’t trust them to do so either.

(gentle reader: please repost/retweet far and wide)Откъде да купя икона

Viewed 36389 times by 4772 viewers

Facebooktwittergoogle_plusredditpinterestlinkedinmail