swa66 - 5:02 pm on Mar 25, 2013 (gmt 0)
There's a generic problem all password based systems have: people forget their password (which was your only way to authenticate them). So you need to allow them to recover their password ... and this is much easier to attack than the front door - as you cannot authenticate them properly for obvious reasons.
Hackers know this and they'll continue to bang on the side door instead the front door. It can be used to trick any too helpful staff member with the proper rights to reset a password that should not be reset.
The latest attack reported in the press on apple was one where an outright vulnerability was discovered in their reset password website - apple took the website off line before most of us read anything about it in the media at all. And knowing apple - they'll have by now investigate each and every change made between it became known there was a problem and the time they took it offline.
Apple ID : you have one if you have an itunes account, an apple developer account, ... all those different accounts got merged into an appleID: it's simply a password associated with any email address used as identifier. It's best to have only one, or a few if you have a good reason to need more than one.
What do you get with it: syncing ability between your apple devices, access to developer tools if you sign up for it, access to pas purchases in the app stores, your itunes account (including any credit you might own), your icloud account (including "find my iphone" (or mac) and "lock my mac" (or iphone)).
The warning you get if it's being used to sign in on a device that was not previously associated with your account is actually kinda nice I find. It really only comes once for every device - even after a complete wipe of a mac it does not get sent a second time if you log in on it again.