Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

davelanger

macrumors 6502a
Original poster
Mar 25, 2009
832
2
Isn't iCloud keychain not very secure? I had someone trying to log into my apple ID the other day, luckily I had the two factor login turned on so I changed my password but I noticed under keychain they tell you what all your passwords are. So if someone is able to hack into your applie ID, they would have all your UN and PWs for everything. Why does apple show all those passwords instead of just saying like UN D**@emailaddress and then something like PW T***** to keep all of that secure incase someone hacks into your apple ID or even your iphone itsself if the phone is lost or stolen?

I deleted all of my accounts on keychain and turned it off. Is there any reason its a good idea for it to be this way espeically over icloud?
 

jk73

macrumors 65816
Jul 19, 2012
1,142
1,132
What are you suggesting in this particular situation? Obviously, it's not good if you're hacked, but the entire point of iCloud Keychain is to make your passwords available across devices. It wouldn't make sense for Apple not to show that info to a logged-in user.
 

davelanger

macrumors 6502a
Original poster
Mar 25, 2009
832
2
What are you suggesting in this particular situation? Obviously, it's not good if you're hacked, but the entire point of iCloud Keychain is to make your passwords available across devices. It wouldn't make sense for Apple not to show that info to a logged-in user.
Oh I understand its to make all your logins work across devices and it could still log you into all those sites, but without showing what your PW is. so even if you are hacked and they get into your account they wont know what your passwords are just by looking at one page and they would have to go into each website one by one to get into them.

Is that how all those 3rd party keychains work too? Once you are in the program the show you all the UN and PWs?

I think I just got a little paranoid when I saw that someone was trying to access my apple ID. I did notice some old data breaches were being sold around the internet a few weeks ago, my guess is that is where it came from. I have changed my apple ID many times since a lot of those oringal breaches, but I must have used one of my old PWs again and that is how they were able to attempt to get it.

I was just a little taken aback how if they got into my icloud that all of my stored UN and PW would have been at risk and not just my itunes and apps.

To answer your question is there a way to password lock (that is not your apple ID PW) the keychain? If not that would be an idea before showing all the UN and PWs.
 

johannnn

macrumors 68000
Nov 20, 2009
1,965
1,839
Sweden
but I must have used one of my old PWs again
If you use an unique password for your Apple ID, and have 2-factor turned on, it's extremely unlikely you're gonna be hacked.

If you don't like the the iCloud Keychain model, you should check out 1Password which is the most popular 3rd party password manager amongst Mac users. It's a subscription if you're up to it, but their entire business model is centered around security, so I doubt they'll get hacked.
 

davelanger

macrumors 6502a
Original poster
Mar 25, 2009
832
2
If you use an unique password for your Apple ID, and have 2-factor turned on, it's extremely unlikely you're gonna be hacked.

If you don't like the the iCloud Keychain model, you should check out 1Password which is the most popular 3rd party password manager amongst Mac users. It's a subscription if you're up to it, but their entire business model is centered around security, so I doubt they'll get hacked.

yeah the two factor is what saved me. Once it popped up I hit decline then started to change my PW and it popped up again this time from another location. Then finally got my Pw changed and it stopped. I then spent the next few hours changing all my PWs on every site just to be safe.

I was looking at the 1pw app you are speaking of, and it looked really good. So thanks for the recommendation.
 

TimFL1

macrumors 65816
Jul 6, 2017
1,289
1,366
Germany
Doesn‘t iCloud Keychain require an user-defined encryption code? Whenever I sign into a new device and turn on iCloud Keychain, it asks me for a 4-6 digit code I set when I turned on iCloud Keychain for the first time.

So even if someone got into your account, said person would still need to know your code for Keychain to enable it.
 
  • Like
Reactions: svenmany

Phil A.

Moderator
Staff member
Apr 2, 2006
5,723
2,890
Shropshire, UK
yeah the two factor is what saved me. Once it popped up I hit decline then started to change my PW and it popped up again this time from another location. Then finally got my Pw changed and it stopped. I then spent the next few hours changing all my PWs on every site just to be safe.

I was looking at the 1pw app you are speaking of, and it looked really good. So thanks for the recommendation.
1Password is great and I use it myself, but it still shows you your passwords in full if you ask it to. You can also copy passwords to the clipboard (for programs that aren't integrated with it) where they then exist in plain text (you can configure it to clear the clipboard after a pre-set period of time)
 

posguy99

macrumors 68020
Nov 3, 2004
2,073
1,234
Why the big generalisation? You just hate Apple and feel we should all ‘get on board’? Or do you have something constructive to offer?
Apple has yet to demonstrate competence in services, going back years.

Apple Music, that will randomly replace tracks with other tracks, often DRM'd.
iCloud Drive, that will randomly lose files rather than sync them when they change. Further is impossible to back up.
iCloud Photo Library, that will eat the CPU of the local computer.
iCloud Sync, that will randomly duplicate Contacts and Calendar entries, or will fail to sync delta changes from device to device.
Notes that will take info in, but you are unable to get it back out in the same form.
iCloud Keychain, that you can't back up.

No, I like my data, it won't be in any Apple services I can reasonably avoid.
 

ckoerner

macrumors member
May 21, 2006
60
89
St. Louis, MO
Apple has yet to demonstrate competence in services, going back years.

Apple Music, that will randomly replace tracks with other tracks, often DRM'd.
iCloud Drive, that will randomly lose files rather than sync them when they change. Further is impossible to back up.
iCloud Photo Library, that will eat the CPU of the local computer.
iCloud Sync, that will randomly duplicate Contacts and Calendar entries, or will fail to sync delta changes from device to device.
Notes that will take info in, but you are unable to get it back out in the same form.
iCloud Keychain, that you can't back up.

No, I like my data, it won't be in any Apple services I can reasonably avoid.
Thanks for sharing your experiences. I’m sorry these things don’t work well for you. I’ve had nearly the exact opposite experience. Love and use all the things you described.
 
  • Like
Reactions: KennethS

cupcakes2000

macrumors 68030
Apr 13, 2010
2,687
3,178
Apple has yet to demonstrate competence in services, going back years.

Apple Music, that will randomly replace tracks with other tracks, often DRM'd.
iCloud Drive, that will randomly lose files rather than sync them when they change. Further is impossible to back up.
iCloud Photo Library, that will eat the CPU of the local computer.
iCloud Sync, that will randomly duplicate Contacts and Calendar entries, or will fail to sync delta changes from device to device.
Notes that will take info in, but you are unable to get it back out in the same form.
iCloud Keychain, that you can't back up.

No, I like my data, it won't be in any Apple services I can reasonably avoid.
Bummer you have had all of these bugs. I haven’t had any of them.
 
  • Like
Reactions: KennethS

Apple_Robert

macrumors Penryn
Sep 21, 2012
29,952
39,206
In the middle of several books.
Isn't iCloud keychain not very secure? I had someone trying to log into my apple ID the other day, luckily I had the two factor login turned on so I changed my password but I noticed under keychain they tell you what all your passwords are. So if someone is able to hack into your applie ID, they would have all your UN and PWs for everything. Why does apple show all those passwords instead of just saying like UN D**@emailaddress and then something like PW T***** to keep all of that secure incase someone hacks into your apple ID or even your iphone itsself if the phone is lost or stolen?

I deleted all of my accounts on keychain and turned it off. Is there any reason its a good idea for it to be this way espeically over icloud?
ICloud is very secure with 2FA turned on. Even if someone was trying to guess your password, they wouldn’t have been able to gain access. You are being paranoid.
 

QCassidy352

macrumors G4
Mar 20, 2003
11,824
5,534
Bay Area
1Password is great and I use it myself, but it still shows you your passwords in full if you ask it to. You can also copy passwords to the clipboard (for programs that aren't integrated with it) where they then exist in plain text (you can configure it to clear the clipboard after a pre-set period of time)
I guess I'm confused why someone wouldn't want that. To me that's an important feature, not a bug.
Apple has yet to demonstrate competence in services, going back years.

Apple Music, that will randomly replace tracks with other tracks, often DRM'd.
iCloud Drive, that will randomly lose files rather than sync them when they change. Further is impossible to back up.
iCloud Photo Library, that will eat the CPU of the local computer.
iCloud Sync, that will randomly duplicate Contacts and Calendar entries, or will fail to sync delta changes from device to device.
Notes that will take info in, but you are unable to get it back out in the same form.
iCloud Keychain, that you can't back up.

No, I like my data, it won't be in any Apple services I can reasonably avoid.
I have all of those services, some of them for many years, and have never experienced any of those issues. It's good that there are lots of options out there, so everyone can find one that meets their needs.

Huh?? Why?

iCloud keychain is more secure than third party solutions and it just works
My issue with iCloud keychain, and the reason I prefer 1password, is that iCloud Keychain does not have a very robust app/interface for interacting with your passwords (which gets to my point about full-text access being a feature and not a bug of 1password). Yes there is keychain access on the Mac and settings / passwords on iOS, but both of those are incredibly rudimentary compared to the user interface 1password gives you.
 
  • Like
Reactions: chabig

posguy99

macrumors 68020
Nov 3, 2004
2,073
1,234
Thanks for sharing your experiences. I’m sorry these things don’t work well for you. I’ve had nearly the exact opposite experience. Love and use all the things you described.
You have a way to back up iCloud Drive? Do tell. Would love to hear about it. Many other people would as well, I'm sure.
 

svenmany

macrumors demi-god
Jun 19, 2011
712
354
Doesn‘t iCloud Keychain require an user-defined encryption code? Whenever I sign into a new device and turn on iCloud Keychain, it asks me for a 4-6 digit code I set when I turned on iCloud Keychain for the first time.

So even if someone got into your account, said person would still need to know your code for Keychain to enable it.

Thanks for this post. This rang a bell and I started to panic since I don't remember what code I might have set. I looked for references on how to reset the code and all instructions I found didn't match what I saw on my phone or mac. Then I read in this support article...

If you're not using two-factor authentication, you might be prompted to create an iCloud Security Code—six digits, complex alphanumerics, or randomly generated—to authorize additional devices and verify your identity. If you forgot your code, you might be able to reset it.

I do use two-factor authentication. Perhaps the security code is obsolete in such cases.
 

cupcakes2000

macrumors 68030
Apr 13, 2010
2,687
3,178
You have a way to back up iCloud Drive? Do tell. Would love to hear about it. Many other people would as well, I'm sure.
It’s extremely simple to copy a folder full of files, rudimentary computer usage in fact. You can do this manually or you can find an app that will do this automatically to a schedule. Or you can use time machine. What’s the issue here?
 
  • Like
Reactions: Jason2000

svenmany

macrumors demi-god
Jun 19, 2011
712
354
It’s extremely simple to copy a folder full of files, rudimentary computer usage in fact. You can do this manually or you can find an app that will do this automatically to a schedule. Or you can use time machine. What’s the issue here?

I generally agree, but have some concerns. I've had files from iCloud not show up on my local drive until I did something like store another file in the same folder. Also, doesn't "Optimize MacStorage" introduce a small risk if files are offloaded from the local disk?

Here's another scenario that would worry me. Imagine I added files to one of my computers at 1:00 AM. At 1:15 AM I have a clone scheduled in Carbon Copy on a different computer (the one responsible to back up iCloud). Carbon Copy will wake the backup computer and do the clone at 1:15 AM. I'm at a 50% confidence level that the new files will be downloaded in time for the clone. It might depend on the setting of Power Nap.

Basically, if you're counting on a particular computer's backup to back up all of iCloud, there is a risk that not all the content is on the computer. I feel the risk is non-trivial.
 

chabig

macrumors G3
Sep 6, 2002
9,297
6,602
There is no risk. It'll get copied at the next scheduled backup. To make this work do not use "Optimized storage."
 

fisherking

macrumors G3
Jul 16, 2010
8,851
3,140
ny somewhere
Apple has yet to demonstrate competence in services, going back years.

Apple Music, that will randomly replace tracks with other tracks, often DRM'd.
iCloud Drive, that will randomly lose files rather than sync them when they change. Further is impossible to back up.
iCloud Photo Library, that will eat the CPU of the local computer.
iCloud Sync, that will randomly duplicate Contacts and Calendar entries, or will fail to sync delta changes from device to device.
Notes that will take info in, but you are unable to get it back out in the same form.
iCloud Keychain, that you can't back up.

No, I like my data, it won't be in any Apple services I can reasonably avoid.
you think that's bad? here, the dog ate my homework...
 
  • Like
Reactions: Phil A.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.