You Must Verify Your Identity...Stronger Password

AX338

macrumors regular
Original poster
Dec 20, 2013
153
8
London
For the last 6 years I have used the same password to access my email, yesterday upon signing into icloud from my PC first I get asked to verfiy my ID with 2 security questions then get prompted to change my password from the current alpha/numeric one.

Why is this? Is everyone affected by this change?

Any ideas?
[doublepost=1462451567][/doublepost]So I have just changed my password as there seems to be no way around it and received an email confirming as much from:

appleid@id.apple.com

does this sound suspicious at all?....has some third party just infiltrated my Apple account?
 

cerberusss

macrumors 6502a
Aug 25, 2013
919
357
The Netherlands
Did you have a password that's in a dictionary? Or perhaps a dictionary word plus a year?

Alternatively perhaps they detected a brute force attempt on your account.

That does not need to be a personal attack on you (your account), the internet is a wild place nowadays. Just hook up any service to the Internet and watch automated attacks come in within minutes.
 

AX338

macrumors regular
Original poster
Dec 20, 2013
153
8
London
OK well have changed it to include special characters etc now....seems to have come from a legitimate source anyway.
 

Tech198

macrumors P6
Mar 21, 2011
15,190
1,988
Australia, Perth
Apple probably does this to help customers.. Never got this, and hopefully never will be required to change my Apple passwords.

I just hope Apple does not email you regardless to change your 2 year old password regardless how good it is..

That would be bad... I would hope there is some checks on their end *before* the user is required to change their password for a valid reason. My first complaint would be "its strong enough"
 

daniel1948

macrumors 6502
Oct 20, 2015
342
186
Spokane, WA
I frequently get emails from Apple saying "To change your password do thus-and-such." I presume this means that some hacker or bot has tried to hijack my account. The email always ends with "If you did not initiate this password change, disregard this email," or words to that effect.

I would use two-factor authentication, but I frequently travel to places without cell service, so that's out. And what if someone gets hold of your phone? Then they can get your authentication factor! I use passwords nobody is going to guess, but I get angry when for no reason a site requires me to change my password. Hard-to-guess passwords are also hard to remember. I'm willing to do the work of memorizing my passwords, but I don't want to have to change a perfectly good one just because some a$$hat has decided that passwords should be changed every three months.

My other pet peeve is when the list of security questions does not include anything I will remember the answer to next time I have to answer one. In one case, the only question in the list that I even had an answer for was "What's your favorite car?" Four or five years later, I had to answer the question. My favorite car had changed a few times and I could not remember when I'd originally given the answer, so I didn't know what answer I had given. And they won't let you create your own custom security question. Fooey! Too many web sites are administered by idiots.
 

Tech198

macrumors P6
Mar 21, 2011
15,190
1,988
Australia, Perth
all well and good but in theory *if i could fly to*.

The point being having 2 factor makes it stronger, as long as you are not careless, because nothing will be secure from yourself loosing stuff..

As long as u take some sort of stride in protecting 'key' information always and that includes your mobile, then there is no problem with 2 factor..

Its unlikely that someone would get your password *and* your phone just by sheer coincidence at the same time. Not impossible, but unlikely. It's not about being totally secure, its about being as secure as *you* can.

Google authenticatior iOS app doesn't need phone service to work..... This is why i prefer *it*. That way if u outside of cell coverage u can still access your account. As for the security questions. that defeats the purpose of having security.

I always like to use the term: If u can remember them, they are not secure,, because when u'r account is accessed by someone else, they would also know the answers... Some people obfuscate these a little, but for me, that's not enough.... I always make a point to never remember any of these, but that is good, because I'd rather trust myself over Apple any day.
 
Last edited:
  • Like
Reactions: Primejimbo

Primejimbo

macrumors 68040
Aug 10, 2008
3,295
131
Around
I frequently get emails from Apple saying "To change your password do thus-and-such." I presume this means that some hacker or bot has tried to hijack my account. The email always ends with "If you did not initiate this password change, disregard this email," or words to that effect.

I would use two-factor authentication, but I frequently travel to places without cell service, so that's out. And what if someone gets hold of your phone? Then they can get your authentication factor! I use passwords nobody is going to guess, but I get angry when for no reason a site requires me to change my password. Hard-to-guess passwords are also hard to remember. I'm willing to do the work of memorizing my passwords, but I don't want to have to change a perfectly good one just because some a$$hat has decided that passwords should be changed every three months.

Someone get your phone? Really? Some one would have to know my password, and the password to my phone to get in.

My other pet peeve is when the list of security questions does not include anything I will remember the answer to next time I have to answer one. In one case, the only question in the list that I even had an answer for was "What's your favorite car?" Four or five years later, I had to answer the question. My favorite car had changed a few times and I could not remember when I'd originally given the answer, so I didn't know what answer I had given. And they won't let you create your own custom security question. Fooey! Too many web sites are administered by idiots.
I never use real answers, anyone who knows me would know the real answers. Use a password manager and you don't have to worry about remembering the security questions. And ran by idiots? They are trying to keep you info secured.
 

Tech198

macrumors P6
Mar 21, 2011
15,190
1,988
Australia, Perth
Someone get your phone? Really? Some one would have to know my password, and the password to my phone to get in.


I never use real answers, anyone who knows me would know the real answers. Use a password manager and you don't have to worry about remembering the security questions. And ran by idiots? They are trying to keep you info secured.

I don't know any of my security questions answers for any of my accounts.... I know a few passwords by memory, but for the most past, i use Lastpass, and even the Masterpass i don't even know off hand,, its too complex,, but it's on USB that i carry round with me at all time. If i loose my wallet, then guess who's to blame :)
 
  • Like
Reactions: Primejimbo
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.