Comment by xp84
15 days ago
> of course people thought that when they changed jobs, cable companies, or whatever... they needed to create a new Apple ID with their new E-mail address.
This belief is rampant amongst 90% of the general public. I had to spend an hour helping a friend last week who had created a new Cash App account to do their taxes, because they didn't prefer the old email address that was on their longstanding Cash App account. So now they have to keep 2 Cash App accounts forever. And to make things more fun, they're obsessed with phone numbers there, so adding the phone to the second account pulls it off the other account.
Oh, and digression but I have to vent: their login process on the web is, in some order: an SMS to your phone, another numeric to your email, and your password. All in succession, on every login.
Thanks for the anecdote backing up my longstanding suspicion on that.
This is also why using E-mail addresses as user IDs is monumentally stupid: People will think that they need to use their E-mail password, too. So now any entity with this ID policy becomes a gatekeeper not only to their own site or service, but the user's E-mail account.
One poor security regime or disgruntled employee at one obscure Web site can now enable identity theft on a grand scale, by exposing E-mail addresses and passwords.
There's a reason that banks and brokerages don't employ this ignorant policy. It's disappointing that Apple set such a poor example by implementing it. Then they had to run around trying to mitigate the harm with 2FA and other measures, after high-profile "hacking" attacks on journalists and celebs.