Illogical Apple ID Password Rules

Question

Level 1

23 points

Illogical Apple ID Password Rules

Hello,

I am pulling my hair out about Apple's illogical way of thinking.

I tried for minutes to create a password for a new Apple ID, of course the session had timed out a couple of times 😠 until I realized that a "capital letter" does not qualify as a "letter".

I may add that I have a Ph.D in physics and that I thought that I knew what logical thinking was.

So,

"A1234567"

or

"AB123456"

are not accepted.

It has to be

"aB123456"

I would have expected that the following logics apply:

1. Assumption:

The main set is "letters" which contains two sub-sets, "upper case letters" and "lower case letters".

2. Conclusion:

Because "upper case letters" are members of the set "letters", "upper case letters" are "letters".

Obviously, the Apple "kids" are not making the same assumption.

Am I missing the point ?

Regards,

Twistan

Mac mini (Mid 2010), Mac OS X (10.7.3)

Posted on Mar 7, 2012 1:42 AM

Reply

Answer 1

Best reply

Twistan Author

Level 1

23 points

Mar 8, 2012 2:26 PM in response to léonie

Hi (moin, moin),

good on you, mum's the word !

I have a primary Apple ID which I created only a few weeks ago and that has a password with only cyphers.

Regards,

Twistan

Reply

Answer 2

léonie

Level 10

194,377 points

Mar 8, 2012 12:49 PM in response to Twistan

Hello Twistan,

interesting, my password violates the rules - no capital letter - but it has been accepted.

Cheers

Léonie

Reply

Answer 3

léonie

Level 10

194,377 points

Mar 8, 2012 2:36 PM in response to Twistan

(moin, moin)

Hummel Hummel aus Hamburg!

Seems like just the opposite of the rules apply - "Though this be madness, yet there is method in't".

Regards

Léonie

Reply

Answer 4

HACKINT0SH

Level 5

5,804 points

Mar 8, 2012 10:29 PM in response to léonie

I've been getting a lot of complaints about apple's silly rules in configuring a password. So you're not the only one Twistan. I think Apple went over-board on their security, but then again, Apple is the most paranoid company out there.

Reply

Answer 5

Mar 8, 2012 11:13 PM in response to HACKINT0SH

HACKINT0SH wrote:

I've been getting a lot of complaints about apple's silly rules in configuring a password.

From who?

Reply

Answer 6

Twistan Author

Level 1

23 points

Mar 9, 2012 12:36 AM in response to shldr2thewheel

Given the fact that Apple ID's are among the most sought after ID's by CC fraudsters I do understand the need to protect the customers but the rules should be logical and not prevent users from using their own "sophisticated rules" as long as they comply with common sense. But again, what is common sense...

Regards,

Twistan

Reply

Answer 7

Miss Dee

Level 1

15 points

Mar 10, 2012 9:53 AM in response to Twistan

Well, of course, Twisten, what did you expect. This is the New World Order. Nothing makes sense. It doesn't have to. I have a MacBook Pro with Lion. After using a computer for 30 years, I feel the magic is gone because nothing makes sense, none of the commands, none of the video, nada.

Reply

Answer 8

Mar 10, 2012 9:59 AM in response to Twistan

It's quite logical, actually. You can't please everyone. If Apple removes some of these rules, you'll get a myriad of unhappy customers complaining that it is not secure enough. If Apple put the rules back, then people would complain that the rules are too strict.

I'm not saying that you're whining or complaining, I'm just trying to say that Apple can't do anything without upsetting someone, and I'm sorry their current rules aren't working out for you.

Reply

Answer 9

Mar 10, 2012 10:23 AM in response to Twistan

What Apple has done is moved closer to what is considered a "strong" password as defined by NSA. A strong password is 8-12 characters long, no ditionary look-up words, no consecutive numbers or repeated letters, at least one capitol and one lower case letter, at least one number and at least one special character (the shift-numeral characgters).

See: Best Practices for Keeping Your Home Network Secure, April 2011, NSA Creative Imaging - 48039.

Reply

Answer 10

Mar 10, 2012 2:09 PM in response to Twistan

Hi,

At first I thought your examples highlighted a need for the Uppercase (Capital) Letter had to be second.

Then I remembered my own password has two Capital letters and one of them is the first character.

The rules you post do make it clear there is a distinction between Letters and Capital Letters

This then Implies that there should be two "Letter" characters of which there should be one of each "Upper" and "Lower" cases to use your assumption.

The Rules also do not say for @mac.com names and iCloud names that you may want to use in iChat or the Messages Beta have to be 16 characters or less to work with the AIM servers or that those passwords cannot have some characters that are not Letters (both sorts) or Numbers.

10:08 PM Saturday; March 10, 2012

 iMac 2.5Ghz 5i 2011 (Lion 10.7.3)
 G4/1GhzDual MDD (Leopard 10.5.8)
 MacBookPro 2Gb (Snow Leopard 10.6.8)
 Mac OS X (10.6.8),
"Limit the Logs to the Bits above Binary Images."  No, Seriously

Reply

Answer 11

Twistan Author

Level 1

23 points

Mar 10, 2012 9:31 PM in response to Ralph-Johns-UK

Hi,

the problem is not that there is a distinction between "letters" and "capital letters", the problem is that the "kids" doing the programming work don't care about giving proper definitions or they are not given the time for such unimportant matters.

My apologies to the non-scientific reader if I applied strict mathematical logics but I had always believed that computer programing was applied mathematics.

If you ever studied mathematics you will have learned that every subject starts with a precise definition of terms.

One of my favourite citations is the following:

"Définissez vos définitions !" (Voltaire)

(Define your definitions !)

Regards,

Twistan

Reply

Answer 12

John Galt

Level 10

140,790 points

Mar 10, 2012 9:34 PM in response to Twistan

correct horse battery staple

Reply

Answer 13

Twistan Author

Level 1

23 points

Mar 10, 2012 9:47 PM in response to Ralph Landry1

Hi,

of course, I do see the need for strong paswords, but how many passwords have de facto been cracked by hackers because of their weakness ? I would guess very few.

There are many other security holes.

Besides, that was actually not the point. The point was that the programmers do not care about supplying proper definitions.

And talking about the NSA: I do not know whether you are old enough to remember the Zimmerman case. In the 1990's Zimmerman distributed a free, easy to use, RSA-based, cross platform encryption software called "Pretty Good Privacy" (PGP) with a key that strong that it would have taken the NSA months to crack a single key. I do not want to go into any more details here because the interested reader can google up what happened to Zimmerman.

Rumour has it that commercial encryption software must have security holes that national security agencies can exploit to crack a key.

Regards,

Twistan

Reply

Answer 14

Twistan Author

Level 1

23 points

Mar 10, 2012 9:53 PM in response to Miss Dee

Hi Miss Dee,

I can fully sympathise here. I might be on my way to become a grumpy old man....

My first "computer" was a PET 2000 (always lost level 10 chess games) and I wrote code using Basic and Fortran on "mainframes".

Regards,

Twistan,

Reply

Answer 15

Twistan Author

Level 1

23 points

Mar 10, 2012 10:10 PM in response to stevejobsfan0123

Hi,

the problem is that nobody can memorise 100 different passwords.

So, what do we do ?

One approach is to devise just a few passwords for all purposes. Even if these passwords are pretty strong they might not be accepted by some sites, and then you have to think of a yet another password and add it to your stock of passwords.

I personally wrote my own (very professional) Filemaker database (yes, I know you can use Apple's KeyChain but it is not really comfortable to use) just in case of a "memory leak".

Regards,

Twistan

Reply