Apple ID mail

JosueAlexander
JosueAlexander
Community Member
edited August 2014 in Lounge

Since my apple ID is now in my 1Password data and I cannot remember it since it is 30 digits long, Is the logical option not to use my apple ID email for dropbox? or is it safe to keep using it that way?

Comments

  • RichardPayne
    RichardPayne
    Community Member

    The email address isn't too critical. It's far more important not to share the share password and to have a strong master password.

  • danco
    danco
    Volunteer Moderator

    I haven't got into using diceware for passwords yet, but there have been plenty of discussions about using it for Apple ID and Dropbox, so that you can have a memorable but secure password for these.

  • khad
    khad
    1Password Alumni

    I use something strong and "memorable" for my own Apple ID, but I type it so infrequently ever since Touch ID that "memorable" ends up just being "easier to type" on those rare occasions I actually type it. :)

  • Fairgame
    Fairgame
    Community Member

    http://blog.agilebits.com/2012/08/19/more-than-just-one-password-lessons-from-an-epic-hack/

    See Lesson 1: Some might need more than one password in the blog from Jeff.
    It might not be exactly your question but it gives an idea what to memorize and what to leave for 1P4 to handle.

    Hope it helps.

  • JosueAlexander
    JosueAlexander
    Community Member
    edited August 2014

    Do you think that I should use the email I use for my apple ID to sign up at all the other services?

    I have a gmail account as my primary apple ID address, apple also gave an @me.com email address, that Ive been using for personal email, I intend to keep using this @me.com for recieving and sending email.

    But I cant decide if I should use my apple gmail address or a separate gmail address to sign up at dropbox evernote, simplenote, etc.

    I know I should not use my @me.com to sign up on dropbox because I need my apple ID password to get into mail, such mail being the key to access my password in dropbox, I hope Im making sense.

    im then left with these passwords to remember:

    1. 1Password, wich has the passwords for all my services
    2. dropbox: wich has a backup of the keychain file
    3. primary gmail account for my apple ID
    4. secondary gmail account for all the other services (dropbox, evernote, etc.)

    thats 4 passwords to remember, I would like to use just the one primay gmail address for all of the services, but Im not sure if thats gonna cause any conflicts if I use it for dropbox too.

  • khad
    khad
    1Password Alumni

    For whatever it's worth, @JosueAlexander‌, I don't know my email or Dropbox passwords. If I need to look up the passwords, I look them up on one of the devices I'm already syncing with. If I lost all of my computers and devices, I would restore my data from one of my Time Machine, CrashPlan, or SuperDuper backups, and then look up the password(s). :)

    If, for some reason, you can't even install 1Password, you can open 1PasswordAnywhere in any modern browser either from the Dropbox website (if you've been syncing via Dropbox) or from an offline backup.

    But, for many folks, memorizing more than one password is useful (and even necessary). I encourage you to read the blog post to which @Fairgame‌ linked above:

    More than just one password: Lessons from an epic hack

    All that said, I have this weird feeling that I'm not actually addressing your concern. Perhaps it would help to understand your concern better if you shared a specific scenario you're worried about. What are you worried will happen if you use a specific email address to log in to Dropbox (or wherever you are concerned about using it)?

  • [Deleted User]
    [Deleted User]
    Community Member

    Originally my email address was used everywhere.

    I created a new email address and changed my old Apple ID username to this separate new email address.

    I now use this email address for my Apple ID and it is not used for anything other than as an Apple ID.
    I have a password for the Apple ID that is complex but memorable.

    I have set up Apple to use Dual Factor Authentication DFA.....So the weaker, but memorable Apple ID password is, from a security perspective, 'bolstered' by the DFA.

    I added the new email address to my Mac email client so I receive Apple correspondence (eg receipts for App Store purchases etc) ok.

    I use iCloud to sync 1password and backup IOS devices (I have other non iCloud backups too).

  • JosueAlexander
    JosueAlexander
    Community Member

    Thank you khad, for your kind response, you´re right about that, not exactly my concern, but still I appreciate you sharing your method, thats something Im very interested in, knowing other people methods for handling passwords. At this point I have embraced the idea of having to remember more than 1 password, I even like the idea now that I know the reasons why.

    My real concern know is email accounts and the use of them, since every single service ask you for an email address Im wondering if I should use the same for all of them, since dropbox is in escense my key to all the other services (because it has my key file), and my apple ID has my purchases, suscriptions and credit card information. I dont know if I should use one email address for dropbox and my apple ID, (the most important accounts) and a different one for all of the other services??

    Say for example that someone gets a hold of my email address (username) or/and password that I use for evernote, wich I use at work, they will know what my apple ID is if I use the same for both services, and they will try to get into that, because of its value. Or they can go after my dropbox. They can not try to crack my apply ID password if they dont know the apple ID (email address) to it (I´m assuming this, not sure).

    Maybe you have better knowledge of this.

    I guess what I´m trying to do here is protect those accounts with anonymity. Is that gonna be useful?? Or should I not botter. My logic says that the fewer the people that now my apple ID the fewer the people that will try, or will be interested in cracking it.

    thanksss

  • JosueAlexander
    JosueAlexander
    Community Member

    that was long, maybe I should start a new discussion under that subject

  • JosueAlexander
    JosueAlexander
    Community Member

    sorry if that response is too long

  • Hi @JosueAlexander‌,

    I think we discussed this a bit in another thread, if memory serves.

    Honestly, email addresses as usernames are mostly because they are typically unique to one person. Let's take an example person, named Wendy Appleseed. Let's assume that Appleseed is as common of a last name as Smith is, so there would be lots of people with the last name Appleseed, and a fair chance that there are plenty of Wendy Appleseeds out there.

    Wendy goes to sign up for various sites, and she really prefers the username wappleseed. And she is successful at claiming that username at several places. But then she goes to another site, and some other person, let's say Walter Appleseed, has already claimed the username wappleseed. Bummer.

    If services use an email address as the username, it can be assumed that is unique to an individual everywhere. Wendy is the sole owner wappleseed@me.com, and Walter can never claim that from her.

    At this point, I don't think trying to keep a single email address private is much of a security gain. Your worry that someone may discover the address then try various passwords at various services against that email as a username would be a pretty targeted attack. And honestly, if you have posted that email address anywhere on the internet, it's out there. There is very little private about an email address itself.

    I like to think of an email address as a home address. If you have a landline, and haven't requested your phone number be excluded, you name, phone number, and home address are listed publicly in a phone book. And your home is a pretty valuable thing. What keeps your home safe is the lock. The passwords you use on various sites are your locks. Knowing an address doesn't make things vulnerable. But having a less than secure lock does. That's why you should have strong passwords, and especially strong, unique passwords.

    I personally would not worry about using your me.com address as a username elsewhere. But don't re-use the password you use for logging into iCloud anywhere else. So while you may have the same username of the me.com address at both iCloud and Dropbox, have separate passwords.

    Finally, to address the idea of not knowing those passwords, but having an external reference outside of Dropbox, consider keeping a copy of the 1Password Emergency Kit in your home safe, or a safety deposit box.

  • JosueAlexander
    JosueAlexander
    Community Member

    @chrisdj thank you for the response, I really liked that analogy of the home address. I feel like I have a clearer idea of this now. iM gonna look into that emergency kit you mentioned.

    thankss

  • You're very welcome, @JosueAlexander‌!

This discussion has been closed.