I have too many passwords to track on too many devices. With my apple devices & services, it would be easier for me if both my iCloud and Apple ID passwords were the same.
Should this be ok or is it bad security practice? Is there a recommendation? What do most people do?
Best Answer
First, you usually don't need a different Apple ID for iCloud:
If you do have two Apple ID's, Apple has this to say about reusing passwords:
Password reuse is problematic because all your security depends on the "weakest link", the less secure –or more exposed– service. Once that service is compromised, all your services are.
XKCD has this to say about the subject:
On the matter of remembering passwords, XKCD –sorry, again– has some iconic graphical input, analyzed and validated here by the people at InfoSec SE.
In a nutshell, passwords must be difficult to guess and easy to remember, and he proposes the use of passphrases instead of short, complicated passwords.
Yet others think that
which is my philosophy by the way.
In order to achieve this apparent nonsense, you use a Password manager, (iCloud Keychain, Keepass, 1Password, LastPass), and generate different random secure passwords for every service. You only have to remember one master password –where you could apply XKCD's idea.
People have different opinions on how secure password managers are; if you are a bit paranoid or have very sensitive data you may want to have an eidetic memory instead, although one known cryptographer and security expert advocates the use of at least one –not cloud synced, though.