Apple ID password rant


The theatrical demand from OSX and iOS for constantly re-entering the Apple ID password is a substantial enemy of security. I just upgraded two laptops, a server, an iPhone, and restored an iPad. I think I had to enter the same passwords six times per device. In general use they’re no better, regularly nagging for a password for piddling tasks like updating an app or downloading a song.

For me with separation-of-concern accounts and 20+ character generated passwords this is a major annoyance, especially on a tablet keyboard. It’s also a joke when everything else I have of substance is using one-time passwords, two-factor tokens, key-based authentication &c.

But that’s not the elephant in the room.

The global issue is this: for most folks, the repeated nagging means they’re motivated to choose an easy-to-type, easily-remembered, perhaps easily written down password. In other words, easily guessed/cracked.

Hence Apple’s legacy of easily stolen accounts, and it’s entirely their own fault.