Why does iTunes requires complicated passwords?

[HarryPot]

Today I was trying to change my iTunes account password. Currently my password has lowercase letters and numbers.

To my surprise, the new passwords now need to have at least one uppercase, one lowercase and one number. Why?

I've always hated to use uppercase in passwords.

 

[GGJstudios]

Today I was trying to change my iTunes account password. Currently my password has lowercase letters and numbers.

To my surprise, the new passwords now need to have at least one uppercase, one lowercase and one number. Why?

I've always hated to use uppercase in passwords.

Because more complex passwords, such as those with upper and lower case letters and numbers, are harder to guess and your iTunes account is less likely to be hacked. It's a good habit to always use complex passwords.

 

[firestarter]

Er... because it's supposed to be a strong password to keep your credit card safe?

 

[HarryPot]

I know. But, why make it a requirement?

I use complex passwords for most of my mail/computer/bank accounts. But for iTunes, I prefer a simple password. I don't have a credit card registered, I just buy Gift Cards.

And a combination of letters and numbers can be quite difficult to hack.

 

[RaceTripper]

I use 1Password to create really complicated passwords, and I don't use the same one twice.

Recently, I changed my MobileMe password. I still have auth errors as a result. Apple needs to manage/fix single-signon password changes better.

 

[S.B.G]

You should consider using Lastpass to manage and generate strong passwords. Identity theft is the biggest threat to users through their computers/Internet more-so than viruses.

Security Now >>podcast<< on Lastpass.

 

[HarryPot]

I use 1Password to create really complicated passwords, and I don't use the same one twice.

You should consider using Lastpass to manage and generate strong passwords.

I have considered using those kind of software before. But how do they work in the iTunes store in the iPhone? My bigger problem is entering the passwords there. I do change between two accounts quite frequently, and using uppercase is just an extra hassle.

 

[S.B.G]

I have considered using those kind of software before. But how do they work in the iTunes store in the iPhone? My bigger problem is entering the passwords there. I do change between two accounts quite frequently, and using uppercase is just an extra hassle.

I've used both 1Password and Lastpass; I prefer Lastpass, but neither will work directly with iTunes. They integrate with your web browser. Lastpass will even work on the iPhone, but not with iTunes... I think.

It's your decision of course, but the more convenient the password you have, the less secure it is. Go ahead, use an easy to guess password that can be cracked with a brute force dictionary attack. You may only use gift cards now, but you may change your mind someday and enter CC info. If so, I sure hope you use a more secure password to protect yourself.

 

[chrono1081]

As others have stated not only is it important for your safety, but if someones account gets hacked on iTunes it blows up in the media since its Apple related and then makes Apple look bad when in reality its the fault of the person with the weak password.

 

[bobr1952]

There are threads here about iTunes and how some accounts have been compromised. Perhaps by weak passwords???? Makes sense to require ones that are a bit more robust.

 

[RaceTripper]

As others have stated not only is it important for your safety, but if someones account gets hacked on iTunes it blows up in the media since its Apple related and then makes Apple look bad when in reality its the fault of the person with the weak password.

Now that would matter if I cared about Apple's standing in the media. In reality I care about security, but couldn't care less about Apple looking good or bad.

 

[miles01110]

I know. But, why make it a requirement?

Because it costs them less to make a complex password a requirement than it does to deal with all the people that get their accounts broken into on account of having weak passwords.

 

[roadbloc]

Most online companies make it a requirement to have a decent password.

 

[bobr1952]

This is another good reason for a strong password:

http://news.yahoo.com/s/afp/2011010...sZV9zdW1tYXJ5X2xpc3QEc2xrA2hhY2tlZGl0dW5lcw--

 

[RaceTripper]

This is another good reason for a strong password:

http://news.yahoo.com/s/afp/2011010...sZV9zdW1tYXJ5X2xpc3QEc2xrA2hhY2tlZGl0dW5lcw--

Ever heard it bit.ly?

 

[monaarts]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5)

If apple allowed easy passwords but didn't offer credits to people with hacked accounts, you would probably be bitching about that when your account got hacked.

 

[adt100]

Because more complex passwords, such as those with upper and lower case letters and numbers, are harder to guess and your iTunes account is less likely to be hacked.

Complex passwords are only harder to guess in a situation where Apple's servers are compromised giving hackers offline access to the password file.

In an online attack (where hackers simply try entering you password at an Apple logon page) as long as you do not use a stupid password like 'password' or the name of your dog a simple random lower case word is just as hard to guess. Apple blocks your account after a small number of incorrect guesses (see http://support.apple.com/kb/TS2446) so unless the hacker is incredibly lucky your account is safe.

Of far more importance is the difficulty of your password reset security question and that you never log in via a link sent in an email.