How often should I change Mac's and Apple's passwords?

Discussion in 'Mac Basics and Help' started by Adremagos, Dec 25, 2016.

  1. Adremagos macrumors newbie

    Joined:
    Dec 25, 2016
    #1
    Hello!

    Mac Mini, El Capitan.

    Is there any security rule of:

    1) How often should I change my Apple Id password?

    2) How often should I change Mac Mini's password?

    3) Should I disconnect internet when changing Mac Mini's password?

    4) After changing Mac Mini's password, should I make a restart before surfing Internet just in case for security reasons?
     
  2. Toutou macrumors 6502a

    Toutou

    Joined:
    Jan 6, 2015
    Location:
    Prague, Czech Republic
    #2
    Most people don't seem to understand this, but there's no real "technical" need to change your passwords, as long as you don't reuse them and don't tell anyone.

    The idea behind changing a password regularly is that if somebody discovers your current one, they will only be able to use it until your next change.

    In reality it always makes people use weak and stupid passwords that are easy to remember, and almost every attacker (whoever that might be) who's about to do you harm (not eavesdrop on you) will change your password immediately to prevent you from interrupting..
     
  3. glenthompson macrumors 68000

    glenthompson

    Joined:
    Apr 27, 2011
    Location:
    Virginia
    #3
    As Toutou said, there's little to be gained by regularly changing your password as long as you practice good security. That means unique passwords everywhere and not just simple variations on some password. That means using a password manager like 1Password or Lastpass.

    There are 3 passwords I consider critical and need to be strong and memorized - your email, your password manager, and the storage location of your passwords if kept on the cloud or on a device like your mini. I can lose everything and as ling as I can get to email and my 1Password vault, I can get to pretty much everything.
     
  4. Adremagos thread starter macrumors newbie

    Joined:
    Dec 25, 2016
    #4
    Oh, so if someone did get my password, they'd change it anways and I'd know. I never tell them to anyone and they're all unique and long. So that is acceptable safe behaviour?




    I keep my passwords stored outside of electronics actually. Partially in my head, partially noted down in confusing scrambled way.


    So there is no security risk in changing Mac Mini password while internet connection is enabled? Nor need to restart after changing password
     
  5. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #5
    1 and 2. I agree with the others. No need and a waste of effort. To be extra secure though, turn on two factor authentication for your AppleID. So even if someone did get your password, they would not be able to use it.

    3 and 4. No need to disconnect from the Internet or reboot after.
     
  6. Adremagos, Dec 26, 2016
    Last edited: Dec 26, 2016

    Adremagos thread starter macrumors newbie

    Joined:
    Dec 25, 2016
    #6
    Thank you!
    Tech-n00b (me) painted bogeyman. :D I can now breath easier.

    Sudden question that popped up - if someones knows my Apple Id (email address) can they hack in? Passwords and security questions are all long random letters and numbers. Email password is also random numbers and letters.
     
  7. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #7
    Not if you have a complex password and security questions like you said. Plus, if you turn on two factor like I mentioned, there is no way they can get in even if they had your password. It really is a great security feature.
     
  8. Michael Scrip macrumors 601

    Joined:
    Mar 4, 2011
    Location:
    NC
    #8
    I agree with Weasel... complex passwords are nearly impossible to "hack"

    Add in Two-Factor and you're even more secure.

    My passwords look like this: KN9y2&YDsI5*ArT0

    And I also have Two-Factor. I wish hackers good luck. :D
     
  9. Zazoh macrumors 6502a

    Zazoh

    Joined:
    Jan 4, 2009
    Location:
    San Antonio, Texas
    #9
    100% agreement, in fact those that make you change and then don't repeat previous passwords are the worst. I work for a very large corporation and they are finally figuring out the above, we used to change every 30 days and they have extended to 90 days, but if they only required a complex password, they'd never have to change.
     
  10. Adremagos thread starter macrumors newbie

    Joined:
    Dec 25, 2016
    #10
    I accidentally posted screenshot App Shop's account information that contain my Apple ID email and Billing Address
    My Admin account name
    Street name
    [numbers] City name
    (Numbers) Numbers


    Well, they are nothing personal and to be honest, I did not give any real data when App Shop demanded it, but can anyone use this to get in? Like, they know my Apple Id and Apple would allow identification using this data?

    It's gonna be few days before I can turn on 2 factor because I lack phones right now (likely strange sounding in electronics age, but what I had broke and right now I can't get new one right away).



    Thank you!



    That was interesting to hear. Thank you!
     
  11. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #11
    No.... without.your security questions, Apple won't allow someone to reset your password with just your AppleID and address.
     
  12. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #12
    Then learn to put in iCloud password to put in an Apple Symbol. This way anyone usin Windows or Linux hackers will have problems making that symbol!
     
  13. Adremagos, Dec 27, 2016
    Last edited: Dec 27, 2016

    Adremagos thread starter macrumors newbie

    Joined:
    Dec 25, 2016
    #13
    Thank you, that helps a lot! So only security questions (that are safely hidden from everyone but myself) work to reset password? Really good system.

    Was afraid there would be more options to get in, like with gmail's account recovery/forgotten password option, where gmail asks things like "what address did you send your last mail, your full name, date of birth etc". And that doesn't sound very safe...

    Basically knowing inside data ( in this case address or credit card/post index numbers) besides password and security questions helping to get in.
    If Apple only allows security questions to reset password, then they really are heaps above google!



    WOW! I had no idea about this!
     

Share This Page