I changed the password on my Apple ID a couple days ago. As a person who works with technology and user management and database design and—albeit cursorily—web security, this is something we preach that people should do with online accounts. Some systems even force you to do it every so often.
I’ve had my Apple ID for a long time. When I created it, I used a password that was short and not particularly strong, and I kept it that way for several years. I’ve heard all the horror stories of web sites being hacked and what happens if you use the same password everywhere, yadda yadda yadda. So, when I heard Apple was making two-factor authentication available, I decided that was probably an account that was worthy of it. I logged in and was forced to change my weak password to something stronger. That was a good idea regardless of two-factor. I’ve changed passwords for lots of services lately, and none of them has been a very big deal.
Here’s a list of all the things I’ve had to do (so far) since changing my Apple ID password. Keep in mind the two-factor things doesn’t kick in for three days, so this is just a straight up password change:
Home Mac (10.8.3):
- Update my password in System Preferences > iCloud > Account Settings
- Sign back into FaceTime
- Input password into Back To My Mac pop-up
- Input password into Fantastical for iCloud access pop-up
- Update my password in Settings > iCloud > Account
- Sign back into iMessages and rebuild my settings (I had lost email addresses attached and the default new conversation email setting). Note: I also didn’t know about this until someone else asked my why my message came in a different conversation thread.
- Update my password in FaceTime settings
- Update my password in iTunes & App Store settings
- Sign back into Find My iPhone
- Sign back into Find My Friends
Apple TV (5.2.1):
- Sign back into iTunes account (twice for some unknown reason)
Work Mac (10.7.5):
- Sign back into System Preferences > iCloud Settings > Account Details
In the meantime, any of those services I haven’t signed back into weren’t working. Shouldn’t I just be able to put those credentials into each device once? Why does every app and setting need its own sign in? This seems like a horrible detraction to me ever changing my password again, which is a horrible result for web security. I hope Apple cares about this real-life, boring stuff when they prioritize what to work on, because this is just dumb.