Other Tags

ads
amazon
annoyances
annoying
apple
applications
aquarium
astronomy
at&t
autism
autobiography
bad_companies
bad_news
baidu
bank
banking
banks
bicycle
bicycling
biography
blackberry
blackjack
bluetooth
bontrager
book
book-reviews
bookshelf-project
business
calculus
captcha
car
cds
cell-phone
charity
china
cloud-computing
codabar
code
coding
coffee
comedy
comments
commerce
computer
cool-sites
corn
creationism
crypto
cycling
debugging
dell
diffie-hellman
discworld
disqus
diy
do-it-yourself
documentaries
documentary
drm
economics
efficiency
email
environment
environmnet
everymans-library
excel
extensions
facebook
fantasy
fedex
fiction
finance
firefox
fishing
flickr
food
free-software
fun
gadget
gadgets
games
gear
gmail
good-service
google
gps
graphic-novels
grousing
haloscan
hardware
harry-potter
hawaii
health
historical
historical-fiction
hotmail
humor
ideas
ieee
imap
insignifica
intel
internet
investing
ipod
itunes
james
japan
javascript
jokes
jott
kbps
kodak
kvm
laptop
lawsuits
legalities
links
linux
mac
magazine-articles
mail
manga
math
mathematics
max
me-on-the-web
medicine
microsoft
movie-reviews
music
mysql-woes
navigon
nerd-humor
networking
new-yorker
newspaper
non-fiction
nonfiction
nsa
nutrition
online
pdx-sf-bike-trip
ph.com
photography
physics
podcasting
poker
politics
portland
postgresql
privacy
product-reviews
productivity
prognostications
programming
projects
puzzles
python
real-estate
registry
repair
restaurants
reviews
ripoff
robots
rpn
running
science
science-fiction
seagate
security
self-improvement
shingles
sidebar
snow
software
sony
source-control
specifications
spy
storage
subway
sun
taxes
technology
television
tickets
toyota
trainster
travel
tri-met
tv
ubuntu
united
ups
usb
vacation-reads
vampire
vi
video
viral-marketing
virtualization
vista
vonage
watches
web2.0
web_design
webdesign
website
widi
wikipedia
windows
wireless
work
wusb
year-in-cities
youtube
zoho

APR 16
2011

I recently changed my password on apple.com using their "My Apple ID" web site. The site allows you to change your password, which is great. But there are two major issues.

First, Apple's URL naming system is horrible. This is the URL for logging in to My Apple ID: https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/

More seriously, Apple has a feature where the perceived strength of your proposed password is shown to you as you type it. Unfortunately, their algorithm is busted. I tried a password "welcome-wildlife-fuji-ski" and was told that it was considered a "weak" password. I can guarantee you that "welcome-wildlife-fuji-ski" is completely unhackable by brute force attempts.

Meanwhile, "Aaa123!!" was given the password score of "strong" even though it is a substantially weaker password than "welcome-wildlife-fuji-ski".

Apple should fix these two issues by adopting a user-friendly URL, such as https://apple.com/appleid" and updating their password strength recommendation engine beyond the simplistic one-letter-one-symbol-one-number algorithm that is all too prevalent these days.

permalink | comments | technorati

blog comments powered by Disqus