Counterintuitive Security from Apple

I'm sure everyone likes to think their data is secure, and when you work closely with numerous apple devices then you'll know how important it is to keep the information they contain secure, but there's a fine line between effective security and counterintuitive security.

Apple, once renowned for their security have crossed that line to such an extent that my strong alphanumeric password has been replaced with a short easily typed one just to mitigate the amount of time each day I have to spend re-entering it. Update some App's = Enter your password, Share Photo's = Enter your password, reboot the phone = Enter your password, download a free App = Enter your password, often several times and that's just the daily annoyance, added to which is "Your AppleID has been disabled for security reasons", "Your iCloud Session has expired", 'Verification is required","Your account has been accessed from another computer or device" or some other meaningless message that just wastes more of my precious time.

Can I turn this off = No. The only way around it is a simple, easily typed password. I once found that my contacts that I'd entered on my iPad weren't syncing to my iPhone which was extremely annoying as I really needed one of the contacts whilst I was out and can you guess why? Verify your iCloud password on the iPad. It doesn't say, verify it or I'll just stop syncing everything but I suppose I should have assumed as much. 

Then of course after this message appears, your @icloud email suddenly stops working with something like "Login to server failed." perfect. Now what are you supposed to do ? Unlock or Change the password again, via the long winded and time wasting password reset process at Yep. then what, well then you have to re-enter the new password on your iPads, iPhones, Macbook's and so on. I've stopped using my email now just to avoid one more annoyance. 

I did a little verbal survey in the office here of no more than 10 heavy Apple users, and not one person had a sensible password for their apple ID for the very reasons above. We all have to deal with this nonsense on a daily basis and it wears you down. 

So how much is too much? Well that's simple - anything that meets the criterial of ANNOYING is too much and that's every time for me. When I first turn on my device then fine, good idea. confirm the password, but then just REMEMBER IT! How hard can that be seriously? If some people want to have to re-enter their Apple id and password 20 times a day then let's have a setting for that so the rest of us can TURN IT OFF. I don't like having a weak password and it gives me a bad feeling but I simply cannot cope with the constant stupid pointless requests for the same password over and over again.


If you own a Macbook you'll be more than familiar with stupid dialogues popping up hourly like...


and even more annoying....

and Finally something like this...

The issue with repeated pointless requests for your password and the security code from your credit card (which I now have to write down in my wallet because apple asks for it that often) is that it just becomes a learned behaviour and when something asks for it you just put it in, don't even look to see what's asking anymore, just type it in. That's where counterintuitive comes into this sad story, you get so used to being harassed for your password over and over again that you'll type it into any dialogue asking for it without even thinking about it. On the other hand, if you had to enter it only once when your phone first turns on, then a random request for your password would immediately raise suspicion. This is why the Apple way is the wrong way to go about security. I've absolute confidence that I could write a program that would randomly pop-up a fake "verify your iCloud password" dialogue and everyone would just type it in without a second thought. I'm not going to, but I could, and If I can then so can anyone else is the point I'm trying to make. As I'm writing this article, an email has just arrived below (I've changed the email address)...


Your Account -


*Resolution Verification Request:* #TI8CHG10918-ID92

*Date:* 14 - October - 2015






Our users security means everything to us. That’s why we are contacting you 

today in reference to your Apple Account with us. The Apple 

Privacy Policy was updated on September 17, 2014 and now requires members to 

update the information we hold on them because of changes to our KYC (Know your 

Customer) terms and conditions.


We tried to contact you on 2 previous occasions to confirm this information 

before the deadline on the 17th of September and did not acknowledged a 

response. This will be the final email before termination of your iTunes ID 

within the next 48 hours and all associated data.


Please follow the link provided to your profile.


 >>> Validate My Apple/iTunes Ownership 




Apple Help


This is an automatically generated email – please do not reply to it.

*Copyright © 2015 Apple Inc.

3 Infinite Loop, MS 11172-DM, Cupertino, CA 93151.*


Now, I'm smart enough to know that's a scam just trying to obtain my AppleID and password, but I wonder how many people will just click it as they have done over and over again because its a learned behaviour. I doubt if we'll even know but I hope I've made the case? If it makes YOU think about it then my job is done. 


How many people have received another stupid apple message like 

When of course this isn't a new computer or a new device, its the same device you've been using for the last 3 years, but nevertheless your forced to re-enter your payment information, again and again. How counterintuitive is that? If your just used to Apple making the same stupid mistakes over and over, then no one every pays attention to the pointless email's they send out about 'a new device used xxx', you just assume its wrong like as usually it is. But if the Apple framework actually worked and it only produced these messages when a new device was used with you apple ID then that would actually be useful wouldn't it. 


Maybe I, and the rest of the office are alone on this one and everyone else in the world thinks its a good idea to have to re-enter your password and payment info again and again, tell me? comment and let us know? 

Where did the Apple go where everything just worked? Does anyone even remember that Apple ? I do!