Home » Mac, Security

Apple lays Mac App, iTunes, iOS stores double authentication groundwork

13 April 2012 2,084 views 5 Comments

mac app store security questions

And the FlashBack security shockwaves continue to reverberate. Apple has released new Java updates for OS X Lion and Snow Leopard that include the Malware Removal Utility that detects and deletes “the most common variants” of FlashBack.

The obvious caveat there being, “most.”

But Apple has done more. After installing the Java updates for Lion and/or Snow Leopard, the first time you download any app from Apple’s Mac App, iOS and iTunes stores, you will be required to choose and answer three security questions to “help [Apple] verify your identity in the future.”

Additionally, Apple requires a Rescue Email Address, which “will only be used to send you instructions for resetting your security info if any security issues ever arise.”

And, of course, these measures only apply to Apple’s store — whatever you download and install (a.k.a. side load) from third parties leaves you wide open to all of that fun, open source, free range, unsecured stuff.

Double authentication coming to the Mac, iOS and iTunes stores? Apple’s ready to make it happen.

What is your quest?

That said, I’ve downloaded several items from the Mac, iOS and iTunes stores, and have tried logging out and then back in to see if Apple asks me (clip below the fold), “What is the air speed velocity of an unladen Swallow?”

They didn’t and I’m hoping Apple’s Mac, iOS and iTunes store security never gets to the point at some unknown time in the far distant future where Apple feels compelled to pepper me with questions that I surely will have forgotten, or remember differently, the answers to…

What’s your take?

5 Comments »

  • GC said:

    I have accounts on many web sites, banking and such, that use the challenge questions method for further authentication. I store the questions and answers in my Keychain with the account credentials so I have the answer handy anytime I need it. I do this mainly because I never answer them with proper truthful answers and instead make answers up so they aren’t likely to be guessed by a determined attacker who may do research about me in order to find out the answer to these security questions.

    # 13 April 2012 at 11:31 am
  • Apple ships stand-alone Flashback Malware Removal Tool | FairerPlatform said:

    [...] Flashback posts: — Apple’s Java patch removes Flashback, but not all variants — Apple lays Mac App Store double authentication groundwork — Top 10 free ways to secure your Mac — Mother of all Mac botnets? BackDoor.Flashback.39 [...]

    # 14 April 2012 at 12:32 am
  • Save $40 when you buy Parallels, Kaspersky together | FairerPlatform said:

    [...] Malware Removal Tool — Apple’s Java patch removes Flashback, but not all variants — Apple lays Mac App, iTunes, iOS stores double authentication groundwork — Office for Mac 2011 Service Pack 2 now available — OpenDNS blocks Flashback Trojan [...]

    # 18 April 2012 at 7:41 pm
  • Dr Web data underscores need to get, apply OS X, Java updates | FairerPlatform said:

    [...] doom recedes for now — Apple’s Java patch removes Flashback, but not all variants — Apple lays Mac App, iTunes, iOS stores double authentication groundwork [...]

    # 30 April 2012 at 12:42 am
  • Barb said:

    I enjoy farting!

    # 29 July 2012 at 1:49 pm

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.