Generally I donโt give much thought to my Apple ID. In the past seven years since I became a Windows apostate and converted to Macianity, it has become a cozy fact of life. Iโve never had to reset my password because I use it so often that typing it has become second nature. Today, though, my thoughts are definitely dwelling on my Apple ID and considering all sorts of โwhat ifโ possibilities. I certainly donโt want to experience Mat Honanโs angst any time soon.
This morning I changed around my credit cards. No longer is the Amazon credit card the same as my Apple card; and Iโve made sure the Apple account is linked to a card that I never use elsewhere online. Itโs worth getting a spare credit card for precisely this reason.
But last weekโs Honangate incident raises important questions. Why, for instance, must the crucial Apple ID be an email address? More and more companies, including Amazon and Dropbox, use an email address as the user ID. Would it not be better to allow the user to choose a form of logon that is not public knowledge?
This is especially so of an Apple ID. Anyone seeing an @me address published anywhere, particularly in a long list of spam addressees, knows that behind that innocuous-seeming detail is a valid credit card and a way into the ownerโs life. Is it time for Apple to divorce the vital Apple ID from the public email system.
If I could change my Apple ID to Rumpelstiltskin instead of gullible.one@me.com I would do so in a flash. That would be one less easily obtained part of the Apple ID jigsaw. And if I were Apple I would be introducing two-part identification as soon as possible. Even a โsecret questionโ such as the make of my first car would be a help.
At last count Apple had 150 million credit cards on file. All are linked to easily-obtained Apple email addresses. All are now as vulnerable as hell. We are encouraged to commit our whole life and our financial wellbeing to the cloud; the least we can now expect is that our partner companies protect that data with all means at their disposal.
The make of _your_ first car?? Why, that could be anything from major to minor!!! ๐
Even older than a Morris Minor, I’m afraid.
I use Google apps to run the email for my personal domain. Just like GMail, this allows me to "tag" email addresses. So, instead of using MYNAME@MYDOMAIN.COM for my Amazon login, I can use MYNAME+AMZ2012@MYDOMAIN.COM. I can create a new tag each year and I don't need to setup a new email account in Mail.app. I use a different email for every login and save them all to 1Password.