How often should I change Mac's and Apple's passwords?

[Adremagos]

Hello!

Mac Mini, El Capitan.

Is there any security rule of:

1) How often should I change my Apple Id password?

2) How often should I change Mac Mini's password?

3) Should I disconnect internet when changing Mac Mini's password?

4) After changing Mac Mini's password, should I make a restart before surfing Internet just in case for security reasons?

 

[Toutou]

Most people don't seem to understand this, but there's no real "technical" need to change your passwords, as long as you don't reuse them and don't tell anyone.

The idea behind changing a password regularly is that if somebody discovers your current one, they will only be able to use it until your next change.

In reality it always makes people use weak and stupid passwords that are easy to remember, and almost every attacker (whoever that might be) who's about to do you harm (not eavesdrop on you) will change your password immediately to prevent you from interrupting..

 

[glenthompson]

As Toutou said, there's little to be gained by regularly changing your password as long as you practice good security. That means unique passwords everywhere and not just simple variations on some password. That means using a password manager like 1Password or Lastpass.

There are 3 passwords I consider critical and need to be strong and memorized - your email, your password manager, and the storage location of your passwords if kept on the cloud or on a device like your mini. I can lose everything and as ling as I can get to email and my 1Password vault, I can get to pretty much everything.

 

[Adremagos]

Most people don't seem to understand this, but there's no real "technical" need to change your passwords, as long as you don't reuse them and don't tell anyone.

The idea behind changing a password regularly is that if somebody discovers your current one, they will only be able to use it until your next change.

In reality it always makes people use weak and stupid passwords that are easy to remember, and almost every attacker (whoever that might be) who's about to do you harm (not eavesdrop on you) will change your password immediately to prevent you from interrupting..

Oh, so if someone did get my password, they'd change it anways and I'd know. I never tell them to anyone and they're all unique and long. So that is acceptable safe behaviour?

As Toutou said, there's little to be gained by regularly changing your password as long as you practice good security. That means unique passwords everywhere and not just simple variations on some password. That means using a password manager like 1Password or Lastpass.

There are 3 passwords I consider critical and need to be strong and memorized - your email, your password manager, and the storage location of your passwords if kept on the cloud or on a device like your mini. I can lose everything and as ling as I can get to email and my 1Password vault, I can get to pretty much everything.

I keep my passwords stored outside of electronics actually. Partially in my head, partially noted down in confusing scrambled way.


So there is no security risk in changing Mac Mini password while internet connection is enabled? Nor need to restart after changing password

 

[Weaselboy]

Is there any security rule of:

1) How often should I change my Apple Id password?

2) How often should I change Mac Mini's password?

3) Should I disconnect internet when changing Mac Mini's password?

4) After changing Mac Mini's password, should I make a restart before surfing Internet just in case for security reasons?

1 and 2. I agree with the others. No need and a waste of effort. To be extra secure though, turn on two factor authentication for your AppleID. So even if someone did get your password, they would not be able to use it.

3 and 4. No need to disconnect from the Internet or reboot after.

 

[Adremagos]

1 and 2. I agree with the others. No need and a waste of effort. To be extra secure though, turn on two factor authentication for your AppleID. So even if someone did get your password, they would not be able to use it.

3 and 4. No need to disconnect from the Internet or reboot after.

Thank you!
Tech-n00b (me) painted bogeyman. I can now breath easier.

Sudden question that popped up - if someones knows my Apple Id (email address) can they hack in? Passwords and security questions are all long random letters and numbers. Email password is also random numbers and letters.

 

[Weaselboy]

Sudden question that popped up - if someones knows my Apple Id (email address) can they hack in? Passwords and security questions are all long random letters and numbers. Email password is also random numbers and letters.

Not if you have a complex password and security questions like you said. Plus, if you turn on two factor like I mentioned, there is no way they can get in even if they had your password. It really is a great security feature.

 

[Michael Scrip]

if someones knows my Apple Id (email address) can they hack in? Passwords and security questions are all long random letters and numbers. Email password is also random numbers and letters.

I agree with Weasel... complex passwords are nearly impossible to "hack"

Add in Two-Factor and you're even more secure.

My passwords look like this: KN9y2&YDsI5*ArT0

And I also have Two-Factor. I wish hackers good luck.

 

[Zazoh]

In reality it always makes people use weak and stupid passwords that are easy to remember, and almost every attacker (whoever that might be) who's about to do you harm (not eavesdrop on you) will change your password immediately to prevent you from interrupting..

100% agreement, in fact those that make you change and then don't repeat previous passwords are the worst. I work for a very large corporation and they are finally figuring out the above, we used to change every 30 days and they have extended to 90 days, but if they only required a complex password, they'd never have to change.

 

[Adremagos]

Not if you have a complex password and security questions like you said. Plus, if you turn on two factor like I mentioned, there is no way they can get in even if they had your password. It really is a great security feature.

I accidentally posted screenshot App Shop's account information that contain my Apple ID email and Billing Address
My Admin account name
Street name
[numbers] City name
(Numbers) Numbers

Well, they are nothing personal and to be honest, I did not give any real data when App Shop demanded it, but can anyone use this to get in? Like, they know my Apple Id and Apple would allow identification using this data?

It's gonna be few days before I can turn on 2 factor because I lack phones right now (likely strange sounding in electronics age, but what I had broke and right now I can't get new one right away).

I agree with Weasel... complex passwords are nearly impossible to "hack"

Add in Two-Factor and you're even more secure.

My passwords look like this: KN9y2&YDsI5*ArT0

And I also have Two-Factor. I wish hackers good luck.

Thank you!

100% agreement, in fact those that make you change and then don't repeat previous passwords are the worst. I work for a very large corporation and they are finally figuring out the above, we used to change every 30 days and they have extended to 90 days, but if they only required a complex password, they'd never have to change.

That was interesting to hear. Thank you!

 

[Weaselboy]

I accidentally posted screenshot App Shop's account information that contain my Apple ID email and Billing Address
My Admin account name
Street name
[numbers] City name
(Numbers) Numbers

Well, they are nothing personal and to be honest, I did not give any real data when App Shop demanded it, but can anyone use this to get in? Like, they know my Apple Id and Apple would allow identification using this data?

No.... without.your security questions, Apple won't allow someone to reset your password with just your AppleID and address.

 

[satcomer]

Thank you!
Tech-n00b (me) painted bogeyman. I can now breath easier.

Sudden question that popped up - if someones knows my Apple Id (email address) can they hack in? Passwords and security questions are all long random letters and numbers. Email password is also random numbers and letters.

Then learn to put in iCloud password to put in an Apple Symbol. This way anyone usin Windows or Linux hackers will have problems making that symbol!

 

[Adremagos]

No.... without.your security questions, Apple won't allow someone to reset your password with just your AppleID and address.

Thank you, that helps a lot! So only security questions (that are safely hidden from everyone but myself) work to reset password? Really good system.

Was afraid there would be more options to get in, like with gmail's account recovery/forgotten password option, where gmail asks things like "what address did you send your last mail, your full name, date of birth etc". And that doesn't sound very safe...

Basically knowing inside data ( in this case address or credit card/post index numbers) besides password and security questions helping to get in.
If Apple only allows security questions to reset password, then they really are heaps above google!

Then learn to put in iCloud password to put in an Apple Symbol. This way anyone usin Windows or Linux hackers will have problems making that symbol!

WOW! I had no idea about this!