Illogical Apple ID Password Rules

I have exactly the same problem, the password I want to use meets the requirements but it still tells me its not complex enough!

Did you get an answer to this problem?

Oh forget Apple and their arcane password just to post to this forum...WRITE THE PW DOWN IN THE LITTLE ADDRESS BOOK IN YOUR WALLET - THE ONE MARKED SECRET PASSWORDS....as if it really matters

There is really no satisfactory answer and some people like Ralph is saying to move on, these are not the droids you are looking for.

For my part, I will continue to argue for long passphrases using spaces or symbol delimiters. This is the ONLY solution. All Apple or your bank or whomever has to do is require a 16+ character passphrase with at least 3 delimiters. No other rules necessary.

Apple could be a leader rather than a follower on this front.

Until then, come up with your own passphrase using Apple's rules.

For example: "B0ehner!is!a!wimp" satisfies the rules, is "strong" by Apple standards, would take 1.34 billion trillion centuries to guess, and is easy to remember because it's so obviously true.

HI,

There is one obvious problem with 16 + character passwords of any sort.

Apple IDs issued by Apple (@mac.com, @me.com and @icloud.com) are also valid AIM names and the AIM servers will only pass 16 Characters or LESS ones.

7:48 PM Thursday; May 16, 2013

 iMac 2.5Ghz 5i 2011 (Mountain Lion 10.8.3)
 G4/1GhzDual MDD (Leopard 10.5.8)
 MacBookPro 2Gb (Snow Leopard 10.6.8)
 Mac OS X (10.6.8),
 Couple of iPhones and an iPad
"Limit the Logs to the Bits above Binary Images."  No, Seriously

Assuming that the user doesn't care about AIM then it's not really an issue correct?

Apple itself has no prohibition on 16+ character PWs. I use one longer than that myself.

Well, it looks like apple is now offering 2-factor authentication: http://goo.gl/WpHZL (Life Hacker)

I use 2F with google and thus far am happy with it. It also allows you several options like app specific PWs and trusted devices. And it can be managed well on their auth managment page.

So if Apple continues with 2F, it may make all this moot.

-- Owen

Ahh,

I didn't realise we were assuming this month.

It tends to leave a lot of iChat users in Lion and earlier and Messages users with something to think about.

8:26 PM Thursday; May 16, 2013

 iMac 2.5Ghz 5i 2011 (Mountain Lion 10.8.3)
 G4/1GhzDual MDD (Leopard 10.5.8)
 MacBookPro 2Gb (Snow Leopard 10.6.8)
 Mac OS X (10.6.8),
 Couple of iPhones and an iPad
"Limit the Logs to the Bits above Binary Images."  No, Seriously

Actually even XKCD are wrong - as are Apple.

Password strength only has to be barely above really basic (eg monkey1 - uber common so bad password - blackbooks55 would be fine).

Passwords can only be easily cracked *if the database containing the passwords is stolen*. Hackers can't get in by brute forcing a password through a web interface. This is partly as this would trigger protection mechanisms very quickly - and partly because bandwidth is too limited.

A full explanation here:

http://usabilityhell.com/post/51654631936/why-strong-passwords-dont-matter

In short - Apple can have much looser password requirements. As long as they stop users using the most common, say, 10,000 passwords, and enforce, say, 8 characters - that's enough.

If the Apple database is stolen *the bad guys already have all your data*.

Remember - recent hacks into Apple were not because of weak passwords - they used social engineering and exploited flaws in the 'forgotten password' process (since fixed).

The only golden rule to remember is - use a different password on every site.

The operative word in the OP was "kids". When Bruce T. designed the User Interface he had a simple rule, "Design for your Grandmother so the experts will have no problems!"

Today the "hip kids" have taken over and lack experience and Usability savy - they just like to be "cool" and laugh when the User-Customers have problems....and then pretend to be knowledgeable. But they are still kids.

After 40+ years in security I can easily design passwords that can only be hacked by stealing the database - in which case even a 5000-character password falls to the hackers as easily as a 5-charater password. Problem is the "kids" are too in control to admit they are not all sitting at the "genius bar".

Bottom Line: The inmates are running the asylum.....so just put your passwords in a little book that you will eventually lose....😁

I made my username LL62 and it seems to be working.

What I find utterly lacking in intelligence, is the password generator in safari (their own product) cannot be used in their account system. for example the passwords it generates are both upper and lower case and consist of 4 sets of 3 characters, which yields 2668424446233 possibilities, yet I cannot make my password one of these randomly generated values. and am forced to either use a common word found in the dictionary, and not have unity with my other accounts.

I've three Apple IDs which I've had for the best part of 20 years; each has a number of .mac., me and .icloud aliases.

Apple (on 23 February 2015 - 19 days ago) broke (and can't fix) my Apple mail (gmail works just fine in the Apple Mail application). Trying to fix this problem, one of their senior (second level?) "geniuses" had me change my nice simple Apple ID password to something that they generated and was, according to them, safe.

Now, for this one account, I've got this really complicated password - they'll not be doing anything in the other two!

Crikey, I understand security and all that, as I've worked for the government and NATO for 30 years, but I'd have thought it should be my choice what password I choose. If I want it to be weak, and understand the risk inherent in that choice, then what's the problem. It has nothing to do with Apple.

Besides which, what the heck am I protecting, an Amazon order? An e-mail to my Aunty Mary? At work I can see the need and sense to have something strong, but it's a real pain the rear to continually get Apple's in-your-face insistence that I should enter the password for my Apple ID on my iPhone and iPad. On a keyboard this is somewhat easier, but the rubbish keyboard interface you get with an iPhone or iPad makes such gymnastics a real pain.

Sure, I can change my Apple ID password to something less cryptic, but it still insists I've got to have an uppercase letter and a number.

Thanks for the non-help, Apple.

Apple is not protecting you - an obviously intelligent, reasonable adult. It is the vast majority of the rest of its demographic that needs saving from themselves. http://appleinsider.com/articles/12/03/28/half_of_all_american_households_own_an _apple_product

If the safeguards all across the board wee not in place, it would be Apple that would be blamed AND this place would be unusable for real technical issues.

ÇÇÇ

crliege wrote:

Besides which, what the heck am I protecting, an Amazon order? An e-mail to my Aunty Mary? At work I can see the need and sense to have something strong, but it's a real pain the rear to continually get Apple's in-your-face insistence that I should enter the password for my Apple ID on my iPhone and iPad. On a keyboard this is somewhat easier, but the rubbish keyboard interface you get with an iPhone or iPad makes such gymnastics a real pain..

Your Apple ID can give people access to more than just your email. It can give people access to your App/iTunes Store account, to unlocking your phone from activation lock and other things. Apple tightened security requirements to protect both the users and themselves.

Read this article for some perspective:

http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/all/

Best of luck.

Hi,

These Communities/forums are run by Apple (they employ the few Hosts and have them on their Servers).

Other than that very few Apple People actually spend time here looking at the issues or reading the comments.

From there your post might be regarded as a Rant with no real question about solving anything.

You of course read this - Apple Support Communities Use Agreement when you singed up and you know a rant may well disappear.

As in reality the most experienced posters here have normally come across most issues at some point, either directly or have been here long enough to read about most things, I suggest posting in the Community that deals with your current OS version and tag it for Mail if that is what you need to sort out.

9:30 pm Saturday; March 14, 2015