Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Adremagos

macrumors newbie
Original poster
Dec 25, 2016
5
1
Hello!

Mac Mini, El Capitan.

Is there any security rule of:

1) How often should I change my Apple Id password?

2) How often should I change Mac Mini's password?

3) Should I disconnect internet when changing Mac Mini's password?

4) After changing Mac Mini's password, should I make a restart before surfing Internet just in case for security reasons?
 

Toutou

macrumors 65816
Jan 6, 2015
1,083
1,579
Prague, Czech Republic
Most people don't seem to understand this, but there's no real "technical" need to change your passwords, as long as you don't reuse them and don't tell anyone.

The idea behind changing a password regularly is that if somebody discovers your current one, they will only be able to use it until your next change.

In reality it always makes people use weak and stupid passwords that are easy to remember, and almost every attacker (whoever that might be) who's about to do you harm (not eavesdrop on you) will change your password immediately to prevent you from interrupting..
 

glenthompson

macrumors demi-god
Apr 27, 2011
2,983
844
Virginia
As Toutou said, there's little to be gained by regularly changing your password as long as you practice good security. That means unique passwords everywhere and not just simple variations on some password. That means using a password manager like 1Password or Lastpass.

There are 3 passwords I consider critical and need to be strong and memorized - your email, your password manager, and the storage location of your passwords if kept on the cloud or on a device like your mini. I can lose everything and as ling as I can get to email and my 1Password vault, I can get to pretty much everything.
 

Adremagos

macrumors newbie
Original poster
Dec 25, 2016
5
1
Most people don't seem to understand this, but there's no real "technical" need to change your passwords, as long as you don't reuse them and don't tell anyone.

The idea behind changing a password regularly is that if somebody discovers your current one, they will only be able to use it until your next change.

In reality it always makes people use weak and stupid passwords that are easy to remember, and almost every attacker (whoever that might be) who's about to do you harm (not eavesdrop on you) will change your password immediately to prevent you from interrupting..

Oh, so if someone did get my password, they'd change it anways and I'd know. I never tell them to anyone and they're all unique and long. So that is acceptable safe behaviour?



As Toutou said, there's little to be gained by regularly changing your password as long as you practice good security. That means unique passwords everywhere and not just simple variations on some password. That means using a password manager like 1Password or Lastpass.

There are 3 passwords I consider critical and need to be strong and memorized - your email, your password manager, and the storage location of your passwords if kept on the cloud or on a device like your mini. I can lose everything and as ling as I can get to email and my 1Password vault, I can get to pretty much everything.


I keep my passwords stored outside of electronics actually. Partially in my head, partially noted down in confusing scrambled way.


So there is no security risk in changing Mac Mini password while internet connection is enabled? Nor need to restart after changing password
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
34,491
16,218
California
Is there any security rule of:

1) How often should I change my Apple Id password?

2) How often should I change Mac Mini's password?

3) Should I disconnect internet when changing Mac Mini's password?

4) After changing Mac Mini's password, should I make a restart before surfing Internet just in case for security reasons?

1 and 2. I agree with the others. No need and a waste of effort. To be extra secure though, turn on two factor authentication for your AppleID. So even if someone did get your password, they would not be able to use it.

3 and 4. No need to disconnect from the Internet or reboot after.
 
  • Like
Reactions: Adremagos

Adremagos

macrumors newbie
Original poster
Dec 25, 2016
5
1
1 and 2. I agree with the others. No need and a waste of effort. To be extra secure though, turn on two factor authentication for your AppleID. So even if someone did get your password, they would not be able to use it.

3 and 4. No need to disconnect from the Internet or reboot after.

Thank you!
Tech-n00b (me) painted bogeyman. :D I can now breath easier.

Sudden question that popped up - if someones knows my Apple Id (email address) can they hack in? Passwords and security questions are all long random letters and numbers. Email password is also random numbers and letters.
 
Last edited:
  • Like
Reactions: Weaselboy

Weaselboy

Moderator
Staff member
Jan 23, 2005
34,491
16,218
California
Sudden question that popped up - if someones knows my Apple Id (email address) can they hack in? Passwords and security questions are all long random letters and numbers. Email password is also random numbers and letters.

Not if you have a complex password and security questions like you said. Plus, if you turn on two factor like I mentioned, there is no way they can get in even if they had your password. It really is a great security feature.
 
  • Like
Reactions: Adremagos

Michael Scrip

macrumors 604
Mar 4, 2011
7,975
12,678
NC
if someones knows my Apple Id (email address) can they hack in? Passwords and security questions are all long random letters and numbers. Email password is also random numbers and letters.

I agree with Weasel... complex passwords are nearly impossible to "hack"

Add in Two-Factor and you're even more secure.

My passwords look like this: KN9y2&YDsI5*ArT0

And I also have Two-Factor. I wish hackers good luck. :D
 

Zazoh

macrumors 68000
Jan 4, 2009
1,518
1,122
San Antonio, Texas
In reality it always makes people use weak and stupid passwords that are easy to remember, and almost every attacker (whoever that might be) who's about to do you harm (not eavesdrop on you) will change your password immediately to prevent you from interrupting..

100% agreement, in fact those that make you change and then don't repeat previous passwords are the worst. I work for a very large corporation and they are finally figuring out the above, we used to change every 30 days and they have extended to 90 days, but if they only required a complex password, they'd never have to change.
 
  • Like
Reactions: Adremagos

Adremagos

macrumors newbie
Original poster
Dec 25, 2016
5
1
Not if you have a complex password and security questions like you said. Plus, if you turn on two factor like I mentioned, there is no way they can get in even if they had your password. It really is a great security feature.

I accidentally posted screenshot App Shop's account information that contain my Apple ID email and Billing Address
My Admin account name
Street name
[numbers] City name
(Numbers) Numbers


Well, they are nothing personal and to be honest, I did not give any real data when App Shop demanded it, but can anyone use this to get in? Like, they know my Apple Id and Apple would allow identification using this data?

It's gonna be few days before I can turn on 2 factor because I lack phones right now (likely strange sounding in electronics age, but what I had broke and right now I can't get new one right away).



I agree with Weasel... complex passwords are nearly impossible to "hack"

Add in Two-Factor and you're even more secure.

My passwords look like this: KN9y2&YDsI5*ArT0

And I also have Two-Factor. I wish hackers good luck. :D

Thank you!



100% agreement, in fact those that make you change and then don't repeat previous passwords are the worst. I work for a very large corporation and they are finally figuring out the above, we used to change every 30 days and they have extended to 90 days, but if they only required a complex password, they'd never have to change.

That was interesting to hear. Thank you!
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
34,491
16,218
California
I accidentally posted screenshot App Shop's account information that contain my Apple ID email and Billing Address
My Admin account name
Street name
[numbers] City name
(Numbers) Numbers


Well, they are nothing personal and to be honest, I did not give any real data when App Shop demanded it, but can anyone use this to get in? Like, they know my Apple Id and Apple would allow identification using this data?

No.... without.your security questions, Apple won't allow someone to reset your password with just your AppleID and address.
 
  • Like
Reactions: Adremagos

satcomer

Suspended
Feb 19, 2008
9,115
1,977
The Finger Lakes Region
Thank you!
Tech-n00b (me) painted bogeyman. :D I can now breath easier.

Sudden question that popped up - if someones knows my Apple Id (email address) can they hack in? Passwords and security questions are all long random letters and numbers. Email password is also random numbers and letters.

Then learn to put in iCloud password to put in an Apple Symbol. This way anyone usin Windows or Linux hackers will have problems making that symbol!
 
  • Like
Reactions: Adremagos

Adremagos

macrumors newbie
Original poster
Dec 25, 2016
5
1
No.... without.your security questions, Apple won't allow someone to reset your password with just your AppleID and address.

Thank you, that helps a lot! So only security questions (that are safely hidden from everyone but myself) work to reset password? Really good system.

Was afraid there would be more options to get in, like with gmail's account recovery/forgotten password option, where gmail asks things like "what address did you send your last mail, your full name, date of birth etc". And that doesn't sound very safe...

Basically knowing inside data ( in this case address or credit card/post index numbers) besides password and security questions helping to get in.
If Apple only allows security questions to reset password, then they really are heaps above google!



Then learn to put in iCloud password to put in an Apple Symbol. This way anyone usin Windows or Linux hackers will have problems making that symbol!

WOW! I had no idea about this!
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.