Thanks for ruining my keychain with your redundant security measures, geniuses

Discussion in 'OS X Yosemite (10.10)' started by Essenar, Feb 13, 2015.

  1. Essenar macrumors 6502a

    Oct 24, 2008
    Let's see what iCloud has in store for security:
    A secondary device based approval system where you can only retrieve your keychain if you have another device with the keychain so it can "approve it".
    An approved phone number that you yourself verified, because you own the iCloud/Apple ID associated with it so it only makes sense that once that device is approved, you can use it.
    A password with strict alphanumeric and capitalization rules SoThisPassword1159 would be secure enough and about less than 1% chance of being cracked by brute force by some of the best hackers in the world.
    And lastly, a passcode PIN that you associate with the account.

    But if you forgot the PIN or if you have no device to approve from because, for example, your MacBook and iPhone were stolen, you're screwed. You have to reset your entire Keychain.

    I know what you're thinking: Why even approve a phone to begin with? That's a good question that I don't have the answer for. It's a completely stupid and asinine security layer. In fact, the entire password system, the Apple ID login, the SMS recovery system is all pointless if you forget some stupid 4-digit pin that you NEVER use again.

    So thanks Apple. Your Keychain is worthless and Google's password storage on Chrome is decades ahead and more convenient. I love your hardware and your OS but your emphasis on security leaves a lot of regular users abused by redundant measures that end up damaging us more than they protect us. There should ABSOLUTELY be a way to recover your keychain if you know enough about the account without remembering the PIN, otherwise what is the freaking point of the SMS system?

    Screwed Over and Should Have Relied Only on Chrome
  2. crashoverride77, Feb 13, 2015
    Last edited: Feb 13, 2015

    crashoverride77 macrumors 65816

    Jan 27, 2014
    The approved device step is great because if someone gets your apple ID password they still cannot access your keychain. This is obviously deeply thought out and adds an extra layer of security. If you don't have an approved device you can use the keychain code/PIN with SMS code (or just the keychain code if you decide to use the complex one) to approve. You do this once for every device and that's it, so what's the big deal. Obviously if you don't have an approved device with keychain turned on AND you forgot your keychain recovery code/PIN you have to reset your keychain. This again is called security and you deserve to reset your keychain if you mess up both things. For the love of God don't turn on 2FA with your Apple ID.

    You can't be serious and just want your Apple ID password to access your keychain, that's a joke. I want 2FA on my password list and so does every sane person. Keychain is one of the only password managers that you must use 2FA and that's great. If you use LastPass or 1Password without 2FA than good luck because if that password is stolen you are ffed. The one place you want 2FA is password managers so stop talking nonsense since you seem to have zero clue.

Share This Page