They should let the users decide instead forcing it upon everyone
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Third-Party Apps Will Need App-Specific Passwords for iCloud Access From June 15
- Thread starter MacRumors
- Start date
- Sort by reaction score
The word password I now equate with the word despair; sometimes it is just that feeling right before one vomits.
That's the whole point of two factor authentication, is it not? Making you generate a separate password to use an email client on a different platform does not add more security for you. It's just another password. And back to my original comment, what's the point of passwords? For security. What if Apple mandated app specific passwords for each Apple Mail client on your iPhone, iPad, Macbook, iMac, Powermac, et al? What's the damn point except being a pain in the ass and making it harder and more time consuming for YOU to access your stuff?
Great more passwords for me to store in an unsecured file..... Passwords are dead... figure out a better way Apple.
I agree with you! Apple has had this technique for sometime, but most developers don't seem to care about using it. If they did, the level of security would be so much higher.
Not a problem. Happy Apple is strengthening their security.
I've had two-factor authorization set up for about six months. I also use Fantastical across all of my Apple computers/devices, and it mandates an app specific password. Keychain takes care of that nicely. I set it once using a Keychain generated password and it just works. As it's supposed to. Haven't futzed with it since.
As an aside, though a little pricey, Fantastical is one of my favorite apps. It's a great example of a developer being able to charge a decent price for a high quality app and do well, and still use app store distribution. Ditto with Omni apps, such as OmniGraffle...
I've had two-factor authorization set up for about six months. I also use Fantastical across all of my Apple computers/devices, and it mandates an app specific password. Keychain takes care of that nicely. I set it once using a Keychain generated password and it just works. As it's supposed to. Haven't futzed with it since.
As an aside, though a little pricey, Fantastical is one of my favorite apps. It's a great example of a developer being able to charge a decent price for a high quality app and do well, and still use app store distribution. Ditto with Omni apps, such as OmniGraffle...
Last edited:
While I personally use this feature, I'm not a fan of forcing everyone to use this.
Keychain access is available to apps, though they can only access their own password. A third-party app can never request access to iCloud passwords or passwords for other apps.
https://developer.apple.com/library...html#//apple_ref/doc/uid/TP30000897-CH208-SW1
I responded back to you and you just seemed to ignore it.
Here is another scenario that it prevents, by requiring 2 factor: Thousands of idiots download an app from the App Store that masquerades as a legitimate app, but uses secret sauce to trick users for their Apple ID / Password combinations in order to install free third party apps or some other dodgy or phishy tactic. What these "Free App Store" and related apps don't tell you is that it hijacks those Apple IDs to send to some remote server. There they can be stolen, iDevices locked and ransomed, registered as devs to spread additional malware, exploited for review manipulation, etc etc. A chain is only as strong as its weakest link, and this is a major issue Apple has been combating for a while now.
Personally, as a developer, I'm affected by accounts that have been compromised because they often steal purchase receipt information from those accounts, using that to validate an app that was paid for once an unlimited number of times. Sure, you could say those people may have never bought the app in the first place, but when you see those statistics thrown off so badly, it really burns you out.
Time to upgrade the girlfriend...
Does she come with an app-specific password, depending on what you're trying to access?
The subscription costs are too high
Why do we still need passwords in 2017? Surely Apple could extend Touch ID to replace all passwords.
I for one love this idea. I know Google used (or maybe still does) app-specific password. I don't want to provide third-party apps my password to my iCloud so never use it to access my iCloud.
Last edited:
Luckily, with 2 factor turned on, security questions are a thing of the past.
2 factor authentication works brilliantly for me. Log in to a device and up pops up a map with the location it was requested on my other devices awaiting confirmation. Apple even did away with security questions which I always thought was way too easy to guess if the hacker simply follows you on social media or otherwise knows you.
Sometimes, when it comes to complex topics that people don't understand, they don't know what's good for them so they have to be forced. They only know to complain when someone figures out their one password and breaks into all their data.
The bottom line: You don't want to give your master password to a third party app. That was a huge hole in the security of the entire system.
Sometimes, when it comes to complex topics that people don't understand, they don't know what's good for them so they have to be forced. They only know to complain when someone figures out their one password and breaks into all their data.
The bottom line: You don't want to give your master password to a third party app. That was a huge hole in the security of the entire system.
The main problem I have with two factor identification is, as I understand it, it uses one of your devices as an authentication factor. So what happens when I upgrade to another device, or my device gets lost/stolen? I get a new device, and now what? I have to jump through hoops to get my new device recognized as my new authentication device with all services with two factor turned on, correct? Right now, if I have an encrypted backup, setting up a new device is relatively quick and painless. I don't want the process to get any more complicated. Can someone tell me whether or not turning on two factor will make setting up a new device more complicated, any by how much?
Simple, TouchID isn't yet available for everyone. In addition, biometric security is not a replacement of passwords, it complements them.
TouchID does not replace passwords, it stores the passwords you have into a secure hardware vault that is protected by your fingerprint hash. Once a month or sooner if you don't use your device with Touch ID, you still must unlock with the device's password.
I can very very easily steal all of your data on your iPhone by simply waiting for you to go to sleep, grab your hand and unlock your iPhone.
That's not what two factor authentication is. Multiple passwords to access the same email account using different apps on different platforms is not two factor authentication.
Have any other Apple devices using iCloud? My two factor will send notification to all my devices including my Mac's once they are activated and used.
I use 2FA with my 2 iPhones, iPad Pro, MacBook Pro, iMac and Mac mini server. Zero issues setting it up and it works fine. Dunno what folk find hard about it tbh.
No... Reread what I said. I never claimed what you're suggesting. What I said is I have two factor set up on all my devices, AND, I use Fantastical which mandates an app-specific password to access my contacts. And that it all works together seamlessly and hassle-free.
I have no idea why you brought "email accounts" into the conversation.
Good intention but somehow flawed implementation.
The key is to recognize someone IS legitimately someone yes. But, why Apple Connect is not compatible with 2FA? What if trusted device is lost/stolen/damaged? Added security is achieved in exchange of fragile system. Adding more steps also adds the chance of "something is going wrong".
Regarding security question thing, my security question answer is immune to social engineering. All answers are random characters. Good luck for those hackers guessing the answer.
Two factor is just a pure pain for me to even consider using it.
The key is to recognize someone IS legitimately someone yes. But, why Apple Connect is not compatible with 2FA? What if trusted device is lost/stolen/damaged? Added security is achieved in exchange of fragile system. Adding more steps also adds the chance of "something is going wrong".
Regarding security question thing, my security question answer is immune to social engineering. All answers are random characters. Good luck for those hackers guessing the answer.
Issue is: if his trusted device is stolen, alongside SIM card, he will have a very hard time trying to access his data and set up a new trusted device. SMS is not always a good idea, and it is easy to be stolen.If you live in a country were can get robbed easily, you should be happy with two-factor authentication. Now only you phone gets robbed, otherwise also your data
Btw, they steel your phone not your number.
I have two Apple ID one for store one for both store and data and more.
Two factor is just a pure pain for me to even consider using it.