They certainly need to go much further than they have already, IMHO. However, it is a welcome change that you can use your old password for 72 hours to get into your Apple ID (with the caveat that I'm hoping it works as has been stated).That's great advice for someone who doesn't live in the real world where criminals target people and actually follow them around just waiting for the right moment. The "simplest thing" would be measures like scrambling the keypad so that a numeric passcode can't be guessed so easily, but Apple refuses to even acknowledge the issue.