Can I change my Apple ID to Rumpelstiltskin?

Posted on by Mike Evans

Generally I don’t give much thought to my Apple ID. In the past seven years since I became a Windows apostate and converted to Macianity, it has become a cozy fact of life. I’ve never had to reset my password because I use it so often that typing it has become second nature. Today, though, my thoughts are definitely dwelling on my Apple ID and considering all sorts of “what if” possibilities. I certainly don’t want to experience Mat Honan’s angst any time soon.

This morning I changed around my credit cards. No longer is the Amazon credit card the same as my Apple card; and I’ve made sure the Apple account is linked to a card that I never use elsewhere online. It’s worth getting a spare credit card for precisely this reason.

But last week’s Honangate incident raises important questions. Why, for instance, must the crucial Apple ID be an email address? More and more companies, including Amazon and Dropbox, use an email address as the user ID. Would it not be better to allow the user to choose a form of logon that is not public knowledge?

This is especially so of an Apple ID. Anyone seeing an @me address published anywhere, particularly in a long list of spam addressees, knows that behind that innocuous-seeming detail is a valid credit card and a way into the owner’s life. Is it time for Apple to divorce the vital Apple ID from the public email system.

If I could change my Apple ID to Rumpelstiltskin instead of I would do so in a flash. That would be one less easily obtained part of the Apple ID jigsaw. And if I were Apple I would be introducing two-part identification as soon as possible. Even a “secret question” such as the make of my first car would be a help.

At last count Apple had 150 million credit cards on file. All are linked to easily-obtained Apple email addresses. All are now as vulnerable as hell. We are encouraged to commit our whole life and our financial wellbeing to the cloud; the least we can now expect is that our partner companies protect that data with all means at their disposal.

∞ Permalink