PDA

View Full Version : Why does iTunes requires complicated passwords?




HarryPot
Jan 5, 2011, 04:30 PM
Today I was trying to change my iTunes account password. Currently my password has lowercase letters and numbers.

To my surprise, the new passwords now need to have at least one uppercase, one lowercase and one number. Why?

I've always hated to use uppercase in passwords.:(



GGJstudios
Jan 5, 2011, 04:32 PM
Today I was trying to change my iTunes account password. Currently my password has lowercase letters and numbers.

To my surprise, the new passwords now need to have at least one uppercase, one lowercase and one number. Why?

I've always hated to use uppercase in passwords.:(

Because more complex passwords, such as those with upper and lower case letters and numbers, are harder to guess and your iTunes account is less likely to be hacked. It's a good habit to always use complex passwords.

firestarter
Jan 5, 2011, 04:33 PM
Er... because it's supposed to be a strong password to keep your credit card safe?

HarryPot
Jan 5, 2011, 04:36 PM
I know. But, why make it a requirement?

I use complex passwords for most of my mail/computer/bank accounts. But for iTunes, I prefer a simple password. I don't have a credit card registered, I just buy Gift Cards.

And a combination of letters and numbers can be quite difficult to hack.

RaceTripper
Jan 5, 2011, 04:36 PM
I use 1Password to create really complicated passwords, and I don't use the same one twice.

Recently, I changed my MobileMe password. I still have auth errors as a result. Apple needs to manage/fix single-signon password changes better.

SandboxGeneral
Jan 5, 2011, 04:37 PM
You should consider using Lastpass (http://lastpass.com/) to manage and generate strong passwords. Identity theft is the biggest threat to users through their computers/Internet more-so than viruses.

Security Now >>podcast<< (http://media.grc.com/sn/sn-256.mp3) on Lastpass.

HarryPot
Jan 5, 2011, 04:46 PM
I use 1Password to create really complicated passwords, and I don't use the same one twice.


You should consider using Lastpass (http://lastpass.com/) to manage and generate strong passwords.

I have considered using those kind of software before. But how do they work in the iTunes store in the iPhone? My bigger problem is entering the passwords there. I do change between two accounts quite frequently, and using uppercase is just an extra hassle.

SandboxGeneral
Jan 5, 2011, 04:50 PM
I have considered using those kind of software before. But how do they work in the iTunes store in the iPhone? My bigger problem is entering the passwords there. I do change between two accounts quite frequently, and using uppercase is just an extra hassle.

I've used both 1Password and Lastpass; I prefer Lastpass, but neither will work directly with iTunes. They integrate with your web browser. Lastpass will even work on the iPhone, but not with iTunes... I think.

It's your decision of course, but the more convenient the password you have, the less secure it is. Go ahead, use an easy to guess password that can be cracked with a brute force dictionary attack. You may only use gift cards now, but you may change your mind someday and enter CC info. If so, I sure hope you use a more secure password to protect yourself.

chrono1081
Jan 5, 2011, 04:54 PM
As others have stated not only is it important for your safety, but if someones account gets hacked on iTunes it blows up in the media since its Apple related and then makes Apple look bad when in reality its the fault of the person with the weak password.

bobr1952
Jan 5, 2011, 04:55 PM
There are threads here about iTunes and how some accounts have been compromised. Perhaps by weak passwords???? Makes sense to require ones that are a bit more robust. :)

RaceTripper
Jan 5, 2011, 04:56 PM
As others have stated not only is it important for your safety, but if someones account gets hacked on iTunes it blows up in the media since its Apple related and then makes Apple look bad when in reality its the fault of the person with the weak password.

Now that would matter if I cared about Apple's standing in the media. In reality I care about security, but couldn't care less about Apple looking good or bad. ;)

miles01110
Jan 5, 2011, 05:32 PM
I know. But, why make it a requirement?

Because it costs them less to make a complex password a requirement than it does to deal with all the people that get their accounts broken into on account of having weak passwords.

roadbloc
Jan 5, 2011, 05:42 PM
Most online companies make it a requirement to have a decent password.

bobr1952
Jan 6, 2011, 10:47 AM
This is another good reason for a strong password:

http://news.yahoo.com/s/afp/20110106/tc_afp/chinaitinternetcrimeretailtaobaoapple;_ylt=AvmaRSKEpVvHw9YjE74dyn4jtBAF;_ylu=X3oDMTNjYjdwbjBsBGFzc2V 0A2FmcC8yMDExMDEwNi9jaGluYWl0aW50ZXJuZXRjcmltZXJldGFpbHRhb2Jhb2FwcGxlBHBvcwMxMgRzZWMDeW5fYXJ0aWNsZV9 zdW1tYXJ5X2xpc3QEc2xrA2hhY2tlZGl0dW5lcw--

RaceTripper
Jan 6, 2011, 11:11 AM
This is another good reason for a strong password:

http://news.yahoo.com/s/afp/20110106/tc_afp/chinaitinternetcrimeretailtaobaoapple;_ylt=AvmaRSKEpVvHw9YjE74dyn4jtBAF;_ylu=X3oDMTNjYjdwbjBsBGFzc2V 0A2FmcC8yMDExMDEwNi9jaGluYWl0aW50ZXJuZXRjcmltZXJldGFpbHRhb2Jhb2FwcGxlBHBvcwMxMgRzZWMDeW5fYXJ0aWNsZV9 zdW1tYXJ5X2xpc3QEc2xrA2hhY2tlZGl0dW5lcw--

Ever heard it bit.ly? ;)

monaarts
Jan 6, 2011, 11:15 AM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5)

If apple allowed easy passwords but didn't offer credits to people with hacked accounts, you would probably be bitching about that when your account got hacked. :-P

adt100
Jan 6, 2011, 12:16 PM
Because more complex passwords, such as those with upper and lower case letters and numbers, are harder to guess and your iTunes account is less likely to be hacked.

Complex passwords are only harder to guess in a situation where Apple's servers are compromised giving hackers offline access to the password file.

In an online attack (where hackers simply try entering you password at an Apple logon page) as long as you do not use a stupid password like 'password' or the name of your dog a simple random lower case word is just as hard to guess. Apple blocks your account after a small number of incorrect guesses (see http://support.apple.com/kb/TS2446) so unless the hacker is incredibly lucky your account is safe.

Of far more importance is the difficulty of your password reset security question and that you never log in via a link sent in an email.