Illogical Apple ID Password Rules

Hi,

It really does not matter how much people go on about this.

For a long time those "in the know" have said that we need more secure Passwords.

There are obviously many ways of doing this,

Apple have picked one method to "educate' people about this.

They are unlikely to change this in the near future.

Move on.

8:54 PM Monday; August 6, 2012

Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

 iMac 2.5Ghz 5i 2011 (Lion 10.7.2)
 G4/1GhzDual MDD (Leopard 10.5.8)
 MacBookPro 2Gb (Snow Leopard 10.6.8)
 Mac OS X (10.6.8),
"Limit the Logs to the Bits above Binary Images."  No, Seriously

I agree...back in 1967 I had a 21-character password that I had to be able to remember and verbally give over a radio in enemy territory in Viet Nam in case I was shot-down, injured, at night (no lights), and scared. This password was to "guarantee" a pick-up chopper coming into the last mile that he was not coming into an ambush.

We all had to develop a password and have it "passed" by a commitee of Intel Officers only after we explained to them the significance of the password to our personal lives - to prove it was "deep in our DNA and always remembered". Mine was 17-letters and 4-numbers.

Most of my crew-buddies had their first and second passwords rejected as too simple or for other reasons such as birthday or Mom's name - all things that could be ferreted out by enemy Intel. When I showed mine to the Intel Officer and explained it to him he could hardly stop laughing - but he "passed" it immediately.

Truly Secure Passwords are long and meaningful only to a specific person - so meanigful that they reach into the indelible memory yet can not be rooted out by even the most exhaustive human research, let alone a machine.

I could not agree more. I am a very busy person and could not be bothered with the more and more inflationary militant securitism of Apple. It should definitely be left to the costumer to decide what degree of security they want.

Besides, the opposite effect can easily happen. I just got my iPhone stolen, and had no tracking system installed. This inflationary password security made the use of the Apple ID impractical, and I stopped using it.

There is really no satisfactory answer and some people like Ralph is saying to move on, these are not the droids you are looking for.

For my part, I will continue to argue for long passphrases using spaces or symbol delimiters. This is the ONLY solution. All Apple or your bank or whomever has to do is require a 16+ character passphrase with at least 3 delimiters. No other rules necessary.

Apple could be a leader rather than a follower on this front.

Until then, come up with your own passphrase using Apple's rules.

For example: "B0ehner!is!a!wimp" satisfies the rules, is "strong" by Apple standards, would take 1.34 billion trillion centuries to guess, and is easy to remember because it's so obviously true.

Well, it looks like apple is now offering 2-factor authentication: http://goo.gl/WpHZL (Life Hacker)

I use 2F with google and thus far am happy with it. It also allows you several options like app specific PWs and trusted devices. And it can be managed well on their auth managment page.

So if Apple continues with 2F, it may make all this moot.

-- Owen

Actually even XKCD are wrong - as are Apple.

Password strength only has to be barely above really basic (eg monkey1 - uber common so bad password - blackbooks55 would be fine).

Passwords can only be easily cracked *if the database containing the passwords is stolen*. Hackers can't get in by brute forcing a password through a web interface. This is partly as this would trigger protection mechanisms very quickly - and partly because bandwidth is too limited.

A full explanation here:

http://usabilityhell.com/post/51654631936/why-strong-passwords-dont-matter

In short - Apple can have much looser password requirements. As long as they stop users using the most common, say, 10,000 passwords, and enforce, say, 8 characters - that's enough.

If the Apple database is stolen *the bad guys already have all your data*.

Remember - recent hacks into Apple were not because of weak passwords - they used social engineering and exploited flaws in the 'forgotten password' process (since fixed).

The only golden rule to remember is - use a different password on every site.

The operative word in the OP was "kids". When Bruce T. designed the User Interface he had a simple rule, "Design for your Grandmother so the experts will have no problems!"

Today the "hip kids" have taken over and lack experience and Usability savy - they just like to be "cool" and laugh when the User-Customers have problems....and then pretend to be knowledgeable. But they are still kids.

After 40+ years in security I can easily design passwords that can only be hacked by stealing the database - in which case even a 5000-character password falls to the hackers as easily as a 5-charater password. Problem is the "kids" are too in control to admit they are not all sitting at the "genius bar".

Bottom Line: The inmates are running the asylum.....so just put your passwords in a little book that you will eventually lose....😁

What I find utterly lacking in intelligence, is the password generator in safari (their own product) cannot be used in their account system. for example the passwords it generates are both upper and lower case and consist of 4 sets of 3 characters, which yields 2668424446233 possibilities, yet I cannot make my password one of these randomly generated values. and am forced to either use a common word found in the dictionary, and not have unity with my other accounts.

I've three Apple IDs which I've had for the best part of 20 years; each has a number of .mac., me and .icloud aliases.

Apple (on 23 February 2015 - 19 days ago) broke (and can't fix) my Apple mail (gmail works just fine in the Apple Mail application). Trying to fix this problem, one of their senior (second level?) "geniuses" had me change my nice simple Apple ID password to something that they generated and was, according to them, safe.

Now, for this one account, I've got this really complicated password - they'll not be doing anything in the other two!

Crikey, I understand security and all that, as I've worked for the government and NATO for 30 years, but I'd have thought it should be my choice what password I choose. If I want it to be weak, and understand the risk inherent in that choice, then what's the problem. It has nothing to do with Apple.

Besides which, what the heck am I protecting, an Amazon order? An e-mail to my Aunty Mary? At work I can see the need and sense to have something strong, but it's a real pain the rear to continually get Apple's in-your-face insistence that I should enter the password for my Apple ID on my iPhone and iPad. On a keyboard this is somewhat easier, but the rubbish keyboard interface you get with an iPhone or iPad makes such gymnastics a real pain.

Sure, I can change my Apple ID password to something less cryptic, but it still insists I've got to have an uppercase letter and a number.

Thanks for the non-help, Apple.

Apple is not protecting you - an obviously intelligent, reasonable adult. It is the vast majority of the rest of its demographic that needs saving from themselves. http://appleinsider.com/articles/12/03/28/half_of_all_american_households_own_an _apple_product

If the safeguards all across the board wee not in place, it would be Apple that would be blamed AND this place would be unusable for real technical issues.

ÇÇÇ

crliege wrote:

Besides which, what the heck am I protecting, an Amazon order? An e-mail to my Aunty Mary? At work I can see the need and sense to have something strong, but it's a real pain the rear to continually get Apple's in-your-face insistence that I should enter the password for my Apple ID on my iPhone and iPad. On a keyboard this is somewhat easier, but the rubbish keyboard interface you get with an iPhone or iPad makes such gymnastics a real pain..

Your Apple ID can give people access to more than just your email. It can give people access to your App/iTunes Store account, to unlocking your phone from activation lock and other things. Apple tightened security requirements to protect both the users and themselves.

Read this article for some perspective:

http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/all/

Best of luck.

You think that's bad? I can log in on the computer but NOT when I'm on my phone? Personally I think the password rules are much too complicated to use on a phone keyboard. I can't get anything to work on my phone because of the complexity of the passwords.

Untill today I was forced to change my 6 digit numerical only Apple ID password i have had for the past 7 years i honestly do not worry about being "Hacked" but considering how may friggin times I have to put this password into all of my apple products the simpler the better it not like anyone can do much if they did log into your Apple ID keychain has a different password so we should at least have a choice how strong we want our password

Exactly WHAT forced you to change your password? (BTW, I have had a 7 character password here in the past) I think that Apple has adopted what all responsible membership sites have done and now require a password that contains at least 1 of each - lowercase, UPPERCASE & numeral.

Did you get an official 'looking' email purportedly from Apple? Something about Account Security being compromised and - Click HERE ??

If so - AND you actually followed the path to somewhere that did NOT end in "... apple.com" - you have not been 'hacked' - you have been CONNED into giving them your Apple ID credentials.

lol I love how you jump to I was hacked via a dodgy email but no it was a iTunes internal pop up when I logged into a new iTunes update and it said for security reasons you need to update your password I then said pifft bugger off I like mine hit cancel then iTunes locked my account forcing me to update to a silly over protective password with no choice then I had to enter it no less than 17 times consecutively to update the passwords on all my devices not including the times I incorrectly typed the password and if I ever want to download an app gone from 7 key presses to 14 key presses with shift and char select

iPhone - phone, iTunes, iCloud

iPad Air - iPad, iTunes, iCloud

iPad Air 2- iPad,iTunes,iCloud

Apple Tv - home sharing, App Store

MAcBook Pro - iTunes, iCloud, iMessage, App Store

WIndows - iTunes, iCloud

15 key presses to sign in 17 times equals 255 key presses it just frustrated me as I enter this password a lot I wanted it simple and fast

ps

IF it was just being responsible it would simply tell you how secure your password is not be overbearing and force you to use the specified encryption

What is next?Manditory for a phone unlock a alphanumeric with capital letter special char and 8 digits minimum