Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple to Require App-Specific Passwords For Third-Party Apps Accessing iCloud

iCloud Mess

is it me or is this all getting to be a mess.

Steve was all about simplifying things. iTunes is an utter mess. It doesn't even have an identity of purpose now.

Plug in syncing, wireless syncing, management of syncing through itunes on both wireless and wired, manual management of content that gets rid of previous said options. icloud downloading of content, itunes match, home sharing (which never works), now account sharing between people in your family, iphoto streaming, iphoto library with video and photo backup, icloud 2 question authentication, icloud 2 factor authentication, app specific password, icloud keychains.

HONESTLY?? Can we not do a better job of simplifying this? Then you get constant backup error messages saying icloud couldn't backup guilting you into buying more icloud storage.

Now every time you change something on your account you get 5-10 emails in a row telling you something changed and a message popping up on every device telling you something changed.

This is a complete mess. and NO MERE MORTAL will understand what this all means.

Seriously. The whole Spirit of Steve was to do better on issues like this.
 
macMD said:
Are you kidding on that? Apple has the cash hoards to buy companies, staff and figure out how to scale. There is no excuse for their utter lack of real security, celebs or not. Google has done it better for longer because they actually know what they are doing.
Click to expand...

WTF? Do you not understand what you just said is what I said?

It doesn't matter how much money Apple has (or anybody else), as long as they don't have the right experience or skills, they can't scale as well and as fast as other companies. Companies with smaller budgets like Google and Amazon has done it better than Apple.

I already said Google knows what they're doing and they don't need to have a cash horde either.


rdlink said:
Or here's another reason: Apple wants to make sure their users' experience is predictable and as simple as possible.

App specific passwords, and setting up 2FA in Google is a kludgy mess, and has run inconsistently at times, to the point that many people I have recommended do it end up going back to simple password authentication out of pure frustration. Their experience has been similar to mine (and I know what I'm doing). But I recognize the risk involved with using gmail without 2FA, so I have put up with it.
Click to expand...

So far, what Apple's doing is not better than Google and other 2FA processes.
 
tYNS said:
Seriously. The whole Spirit of Steve was to do better on issues like this.
Click to expand...

Unfortunately Steve is dead and so is his spirit.

I mean the Adobe guy who said the iPhone would FAIL because it doesn't do flash and trashed Apple because they didn't want his crap on their devices - now is the head of the Watch division.

Steve is really, really dead.
 
Last edited:
jreed91 said:
It feels like apple had all of these securities measures built but just never released for various reasons.
Click to expand...

Probably for simplicity's sake. This system is somewhat complicated for the average user, but security is a higher priority right now.
 
rdlink said:
Or here's another reason: Apple wants to make sure their users' experience is predictable and as simple as possible.

App specific passwords, and setting up 2FA in Google is a kludgy mess, and has run inconsistently at times, to the point that many people I have recommended do it end up going back to simple password authentication out of pure frustration. Their experience has been similar to mine (and I know what I'm doing). But I recognize the risk involved with using gmail without 2FA, so I have put up with it.
Click to expand...

Wow, some of you really like just making stuff up on these forums huh?

As long as you sound like you know what you're talking about, and praise Apple, no one will really question you.

Gotta support the team, I guess. :apple:
 
Of course, these app specific password are only for non-Apple, third party apps that don't support Apple's two factor authentication.

MacRumors said:
[url=http://cdn.macrumors.com/im/macrumorsthreadlogodarkd.png]Image[/url]


Apple is now offering app-specific passwords for third-party apps that access iCloud, allowing users to generate unique one-time use passwords to sign into iCloud securely. In a support document, Apple describes app-specific passwords as a feature of two-step verification and states that app-specific passwords will be required to sign into iCloud when using a third-party app beginning on October 1, 2014.

App-specific passwords, which have long been used by other sites like Google, are a function of two-step verification. Typically, two-step verification requires a user to enter a verification code, but oftentimes, the codes will not work properly in third-party apps, so app-specific passwords are substituted instead.

As outlined in the support document, app-specific passwords can be generated by accessing My Apple ID, where the option to generate an app-specific password is listed under Password and Security. According to Apple, users can have up to 25 active app-specific passwords at a time, which are listed in the Password and Security section of My Apple ID.

Generating an app-specific password is limited to accounts with two-factor authentication turned on, and for security reasons, Apple sends an email whenever an app-specific password is generated. App-specific passwords will be revoked whenever a user's primary Apple ID password is changed, requiring new app-specific passwords to be generated.

Apple's new app-specific passwords follow the launch of two-factor verification for accessing iCloud.com and come after a hacking incident that saw the iCloud accounts of several celebrities compromised due to weak passwords.

Apple CEO Tim Cook has promised to improve iCloud security by increasing awareness about two-factor verification, as well as sending out security emails whenever a device is restored, iCloud is accessed, or a password change is attempted.

Article Link: Apple to Require App-Specific Passwords For Third-Party Apps Accessing iCloud
Click to expand...
 
Great. So another 25 passwords I have to remember. :confused:

Now where the f..k did I put my iphone?
 
Wow. Just Wow.

Talk about FAST turn around.

Absolutely proud of, surprised, and thankful for Apple's excellent response to this phishing attack.
 
Great news. I don't see why anyone would complain about this even though "Google did it first". Now Apple just need to sort the ridiculously easy to guess recovery questions and make them free text instead of locked down to specific ones.
 
collegitdept said:
Wow. Just Wow.

Talk about FAST turn around.

Absolutely proud of, surprised, and thankful for Apple's excellent response to this phishing attack.
Click to expand...

I don't like that it's required. Maybe it's not well-explained, but I don't want to have to remember 25 more passwords now.
 
tYNS said:
is it me or is this all getting to be a mess.

Steve was all about simplifying things. iTunes is an utter mess. It doesn't even have an identity of purpose now.

Plug in syncing, wireless syncing, management of syncing through itunes on both wireless and wired, manual management of content that gets rid of previous said options. icloud downloading of content, itunes match, home sharing (which never works), now account sharing between people in your family, iphoto streaming, iphoto library with video and photo backup, icloud 2 question authentication, icloud 2 factor authentication, app specific password, icloud keychains.

HONESTLY?? Can we not do a better job of simplifying this? Then you get constant backup error messages saying icloud couldn't backup guilting you into buying more icloud storage.

Now every time you change something on your account you get 5-10 emails in a row telling you something changed and a message popping up on every device telling you something changed.

This is a complete mess. and NO MERE MORTAL will understand what this all means.

Seriously. The whole Spirit of Steve was to do better on issues like this.
Click to expand...

When Apple introduced iCloud, it screwed up my Apple ID which I'd had for like 10 years. Now my IDs and passwords are a jumble, which only work some of the time and require periodic changes. It's a mess indeed!
 
Mums said:
When Apple introduced iCloud, it screwed up my Apple ID which I'd had for like 10 years. Now my IDs and passwords are a jumble, which only work some of the time and require periodic changes. It's a mess indeed!
Click to expand...

Here's a huge advantage of Apple: They have these Apple Stores, with people called "Genius", who are (1) paid to help you for free and (2) capable and willing of helping you. Instead of moaning, make an appointment and they'll sort it out. Whatever problem you have, they have seen it before.
 
Primejimbo said:
Very true, so many people have no clue what it is.
Click to expand...

And it seems like most of the people that do know what it is are unwilling to go through the trouble to set it up, and use it.

My wife finally allowed me to set it up for her on Google Mail last weekend, after a bunch of allegedly valid Gmail passwords were published.

I enable 2-factor authentication wherever I can. Since Google Authenticator is open, you can implement it in your own application. Here's how to use it in an SSH server:

https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-two-factor-authentication
 
spectrumfox said:
Wow, some of you really like just making stuff up on these forums huh?

As long as you sound like you know what you're talking about, and praise Apple, no one will really question you.

Gotta support the team, I guess. :apple:
Click to expand...

It's not making stuff up. It's my experience. Reading your posts I find it ironic that you would make statements about other people making stuff up. LOL

----------
Michaelgtrusa said:
How will this help with the NSA/MI6 looking?
Click to expand...

Honestly, these posts are getting as old as the "Safari feels snappier" statements. Yeah, we get it. The NSA is looking at peoples' stuff. It's not funny.
 
OK.... so where in Tweetbot and Fantastical am I supposed to enter my shiny new app-specific password, exactly?

It doesn't look like iCloud-enabled apps have anywhere to enter passwords, since they've just been pulling your credentials from the system. Is it reasonable of Apple to expect every app to be updated with this new mechanism by October 1st? Or am I missing something really obvious?
 
rdlink said:
It's not making stuff up. It's my experience. Reading your posts I find it ironic that you would make statements about other people making stuff up. LOL
Click to expand...

The way Apple invokes two-factor is no different than the way Google does it. No different, at all.

The fact that you find Google's two-factor to be more difficult than Apple's just shows your incredible bias towards Apple products.

Because both companies do it the SAME way. I should know, I just activated it on my iPad last night. :cool:

P.S. Just because someone is more knowledgeable than you doesn't mean they're making stuff up. Be careful of making this mistake in the future.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back