iTunes Store Security = fail.
So it seems that Apple doesn’t require email verification or even a secret question to be paired with the creation of an iTunes account. This is nasty.
I never realised how nasty it could be until an unsuspecting Irishman decided that his email address was in fact, a mirror image of mine.
The lesson of the day: DO NOT PUT A RANDOM EMAIL ADDRESS IN YOUR ACCOUNT INFORMATION LINKED TO A CREDIT CARD! You’d think this is obvious…
Here’s where another problem lies- you can either choose to have a password reset link sent directly to your email address, OR select your date of birth/secret question… My question to Apple is, why not make all of the above mandatory? It’s just lazy!
Now I could have been all naughty and run up a massive bill, but that’s not my style. I’m currently trying to get in contact with Apple, but this is harder than you think!
So the question is- who is at fault here? The user? Apple? Me?
*Update: I’m trying to email Apple, but can’t find an address or form to actually speak to a real person*
July 9th, 2009 at 3:47 pm
Apple Fail!! Everyone knows you cant trust users to get things right.
July 9th, 2009 at 3:48 pm
Apple is at fault, they should have e-mail address verification at a minimum for details that pertain to financial details. Secondly, they should have a secret question.. while that one is not as important, it’s still a fairly decent security measure (and none of this drop down list with pre-made question shit, unless they’re really hillarious).
July 9th, 2009 at 3:50 pm
I know you can’t trust users to get things right, but I can’t help but think that the user is at least responsible for providing a correct email address. I assume you have to type it twice to verify there are no typos…
July 9th, 2009 at 8:03 pm
“DO NOT PUT A RANDOM EMAIL ADDRESS IN YOUR ACCOUNT INFORMATION LINKED TO A CREDIT CARD!” -> DUH
Please Marian
July 9th, 2009 at 8:06 pm
You do not deserve using my fine products, bow down before me, love - Steve