Skip navigation

Illogical Apple ID Password Rules

67687 Views 70 Replies Latest reply: Jul 16, 2013 7:46 PM by LLH62 RSS
  • Beeblebrox Level 1 Level 1 (95 points)
    Currently Being Moderated
    Jul 28, 2012 4:03 PM (in response to Ralph Landry1)

    The problem with thinking that substituting an "@" for an "a" or the typical "1" for an "i" is that this is what is expected by hackers.

     

    The key is LONG passphrases with symbols to pad the words, eg: rain.hockey.rabbit (or use spaces instead of dots)

     

    Either way, this passphrase would take 24 million trillion centuries to hack by brute force.

     

    Meanwhile 4@Market would take 2000 centuries. Still a long time but several of orders of magnitude easier than rain.hockey.rabbit.

  • sebastiaan69 Calculating status...
    Currently Being Moderated
    Aug 4, 2012 5:30 AM (in response to Beeblebrox)

    Beeblebrox - if that would the 2 rules, then that wouldn't actually be safer. Not if the hacker knows the rules.

     

    Since 2 spaces are required, users would choose 3 random words. As a result, the most effective brute force strategy would be randomly guess 3 dictionary word sentences.

  • Beeblebrox Level 1 Level 1 (95 points)
    Currently Being Moderated
    Aug 4, 2012 11:03 AM (in response to sebastiaan69)

    Foreknowledge about the rules doesn't really help when we're talking about long passphrases that include at least 2 padding symbols.  The hacker doesn't know what the padding character is or the length of the passphrase. The key is not  to make a more complex needle (such as doing symbol substitutions for letters) but make the haystack bigger.

     

    The normal assumptions about "dictionary" words don't apply if we're talking multiple words in a long passphrase.  Each additional character adds huge complexity.  My understanding of the argument for long pronounceable paraphrases is that the combination of symbols and letters and a requirement for something like 15 or 20 characters makes it infinitely more complext to crack than coming up with a password like Un1vers@l.  Any competent dictionary attack is going to include commonly used substitution symbols.

     

    In the end the successful password will 1.) be at least 16 letters and symbols and 2.) something you don't ever have to write down.

  • Ralph Johns (UK) Level 9 Level 9 (66,840 points)
    Currently Being Moderated
    Aug 4, 2012 2:01 PM (in response to Beeblebrox)

    HI,

     

    Currently this can be restricted by the need for some Apple IDs (@mac.com and @me.com) needing to be kept to 16 Characters that work with the AIM Servers for Logins with iChat and Messages

     

     


    10:00 PM      Saturday; August 4, 2012


    Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

     

      iMac 2.5Ghz 5i 2011 (Lion 10.7.2)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb (Snow Leopard 10.6.8)
     Mac OS X (10.6.8),

    "Limit the Logs to the Bits above Binary Images."  No, Seriously

  • danas_blia Calculating status...
    Currently Being Moderated
    Aug 6, 2012 7:17 AM (in response to John Galt)

    John Galt wrote:

     

    the problem is that nobody can memorise 100 different passwords.

    So, what do we do ?

     

    Post-it® Notes stuck to the monitor.

     

    I'm only being half facetious. When password requirements become so arcane this (or something like it) becomes common.

     

    As dumb as they are, Apple's new password rules hardly the worst I have encountered. One such site requires twelve characters that must include both upper and lower case alpha, at least two non-consecutive numbers, at least two non-alphanumeric characters, and none of them consecutive or repeated. It cannot repeat any of the characters in the same position as the previous password, and must be changed every 30 days. Oh it cannot be one of the past 24 passwords used either.

     

    Good luck.

     

    Having to write it down obviously reduces a password's security, but it also absolves the agency of any blame for allowing trivial passwords. Write it down and it's your fault. The irony is surely lost on the idiots who require such things.

    100% !!!

    The world of internet security is becoming complex to stupidity... It's not just Apple - many websites require ridiculously complex passwords, even those, that really don't need it, but Apple are the worst. So of course I write them down - some of the important ones I encrypt in my own way to remember, but most of those I don't care, I just write down normally, cause there is no way I can encrypt Apple password in any way I can understand!!!

  • seventy one Level 6 Level 6 (8,525 points)
    Currently Being Moderated
    Aug 6, 2012 8:16 AM (in response to Ralph Johns (UK))

    Perhaps its time to approach the problem from a different direction.   What if the camera lens was adapted so that a thumb or finger print could be read?

  • Ralph Johns (UK) Level 9 Level 9 (66,840 points)
    Currently Being Moderated
    Aug 6, 2012 12:54 PM (in response to seventy one)

    Hi,

     

    It really does not matter how much people go on about this.

     

    For a long time those "in the know" have said that we need more secure Passwords.

    There are obviously many ways of doing this,

     

    Apple have picked one method to "educate' people about this.

    They are unlikely to change this in the near future.

     

    Move on.

     

     


    8:54 PM      Monday; August 6, 2012


    Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

     

      iMac 2.5Ghz 5i 2011 (Lion 10.7.2)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb (Snow Leopard 10.6.8)
     Mac OS X (10.6.8),

    "Limit the Logs to the Bits above Binary Images."  No, Seriously

  • zafer farooqui Calculating status...
    Currently Being Moderated
    Dec 31, 2012 5:53 AM (in response to Twistan)

    Guys i cannot enter my face time and imessage apple id and password.

    its says "the user name or password for (your apple id) was incorrect. Try again.

    Please help...

  • Ralph Johns (UK) Level 9 Level 9 (66,840 points)
    Currently Being Moderated
    Dec 31, 2012 1:02 PM (in response to zafer farooqui)

    HI,

     

    https://iforgot.apple.com/iForgot/iForgot.html

     

     

    3Sigcopy2.png
    9:01 PM      Monday; December 31, 2012


    Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

     

      iMac 2.5Ghz 5i 2011 (Mountain Lion 10.8.2)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb (Snow Leopard 10.6.8)
     Mac OS X (10.6.8),
     Couple of iPhones and an iPad

    "Limit the Logs to the Bits above Binary Images."  No, Seriously

  • backspaces Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 7, 2013 8:59 PM (in response to Twistan)

    Does Apple ID allow either 2-factor authentication or OpenID?

  • Jellytoes Calculating status...
    Currently Being Moderated
    Feb 18, 2013 7:26 AM (in response to Twistan)

    I agree...back in 1967 I had a 21-character password that I had to be able to remember and verbally give over a radio in enemy territory in Viet Nam in case I was shot-down, injured, at night (no  lights), and scared. This password was to "guarantee" a pick-up chopper coming into the last mile that he was not coming into an ambush.

     

    We all had to develop a password and have it "passed" by a commitee of Intel Officers only after we explained to them the significance of the password to our personal lives - to prove it was "deep in our DNA and always remembered". Mine was 17-letters and 4-numbers.

     

    Most of my crew-buddies had their first and second passwords rejected as too simple or for other reasons such as birthday or Mom's name - all things that could be ferreted out by enemy Intel. When I showed mine to the Intel Officer and explained it to him he could hardly stop laughing - but he "passed" it immediately.

     

    Truly Secure Passwords are long and meaningful only to a specific person - so meanigful that they reach into the indelible memory yet can not be rooted out by even the most exhaustive human research, let alone a machine.

  • John Galt Level 7 Level 7 (33,110 points)
    Currently Being Moderated
    Feb 18, 2013 8:52 AM (in response to Jellytoes)

    Every company and the websites they create has sunken to the default position of requiring passwords so complex and arcane as to be useful to no one Jellytoes. It disappoints me that Apple has joined them in this race to the bottom, though as I pointed out in my post from March 11 they are far from the worst offender.

     

    If I were to be shot down and in extremis the last thing I would remember is any of the 150+ passwords that I need for the various services I use. Clearly these password requirements are not intended for my benefit.

     

    Eventually, someone will have to realize this requirement benefits no one other than lazy IT managers, and propose something better. That someone should be Apple. Until then we just have to play this stupid game.

    MacBooks  iMacs  iPads  AirPorts, OS X Mountain Lion,  28 years Apple!
  • gesinecresspahl Calculating status...
    Currently Being Moderated
    Mar 1, 2013 1:30 PM (in response to John Galt)

    I could not agree more. I am a very busy person and could not be bothered with the more and more inflationary militant securitism of Apple. It should definitely be left to the costumer to decide what degree of security they want.

     

    Besides, the opposite effect can easily happen. I just got my iPhone stolen, and had no tracking system installed. This inflationary password security made the use of the Apple ID impractical, and I stopped using it.

  • gesinecresspahl Level 1 Level 1 (0 points)
    Currently Being Moderated
    Mar 1, 2013 1:34 PM (in response to gesinecresspahl)

    PS: I will now buy a Samsung product.

  • Ralph Johns (UK) Level 9 Level 9 (66,840 points)
    Currently Being Moderated
    Mar 1, 2013 1:36 PM (in response to gesinecresspahl)

    You mean one of those devices with the alledged Apple Patents in them ?

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.