Never, Ever Change Your Apple Password.

header-cover

I admit it, I’ve had the same password on my Apple account for a few years. “Pretty stupid”, you might say, and I’d agree, but I’ll do it again given the hassle involved with changing it.

Last night I made a change to my Apple account, and to make the change Apple forced me to pick a more secure password (yeah, it wasn’t that great of a password, either). So I choose something longer, with caps, numbers, special characters, etc. Then the fun begins.

Mac: “Your iCloud password for your Apple account is incorrect”. No problem, I’ll just type that in.

Mac: “Your FaceTime password for your Apple account is incorrect”. Annoying, but I can type fast so a minor inconvenience.

Mac: “Loser, your App Store password for your Apple account is incorrect”. Come on, these are all stored separately?

Mac: “Hey bonehead, type in your Apple account password twice if you want iTunes to work.”

So I’m a little annoyed, but get over it until I pick up my iPad.

iPad: “I believe that you have stolen Dave Douglas’s iPad. Please type his password multiple times to return it to full functionality.” A little more annoyed, until I realize that I have to type this complex password into a touch keyboard. Of course I have to do this multiple times, also.

iPhone: “I see from our records that you were able to type a complex string into an iPad keyboard multiple times. Now try it on a phone keyboard, sucker.” This sucks.

Finally, I think I’m all back on-line, and I turn on my TV.

AppleTV: “Congratulations, you have advanced to the final challenge. You must now attempt to type your new password in using a child-like TV remote. Hahahahaha!”

Two conclusions:

  1. Apple is still not serious about security. Making it painful for people to change their password will have the expected result.
  2. Apple is going to fast. We’ve all seen the increase in buggy software (e.g. text messages barely work on my phone right now), and this is the kind of thing that they used to identify early and come up with a clever solution for. An opportunity for multi-factor auth, maybe? Losers.