NO NEED TO SHOUT.
What you were asked for does not mean they weren't carrying out the other checks I mentioned. Typically they will use a scoring mechanism so it may not be as straightforward as a pass required on ALL info/behaviour etc.
OK
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
apple DOES NOT USE a human approach to protect my information
- Thread starter aicul
- Start date
- Sort by reaction score
NO NEED TO SHOUT.
What you were asked for does not mean they weren't carrying out the other checks I mentioned. Typically they will use a scoring mechanism so it may not be as straightforward as a pass required on ALL info/behaviour etc.
OK
Not shouting, just emphasizing that ONLY the password was required. One of the points underling the reasoning of this thread. An item I have put forwards several times.
Back to the thread;
The fact is, a hacker will try and try on multiple accounts. So it will end up having the right story to tell, or the find the more complacent customer care rep., or whatever that will do just what happened to me and then only password will be sufficient.
Don't quote me on this, but I'm assuming that access to Keychain entries are authorized on a per thread/application basis (might explain why you have to reauthorize Keychain access when an application is updated). So even though you authorize an iCloud UN/PW combination for one application, it doesn't automatically make it available to any/every application. A pain in the rear it is, sure. But at least you're only entering the same password each time, so you can knock them all out in one fell swoop, ideally. And you're not automatically making that UN/PW combination available system-wide to any/every application that may request it.
E.g., I don't need passwords from my banking application being made available to my email software, nor my email software being made available to Facebook.
Unfortunately the answer is "Yes" from the moment I can reach the PIN generator with the password. It only adds complication, but does not truthfully give an extra level of security.
----------
Indeed, but my point is to look at it from a how it happened perspective;
1. user logs into computer (most often with passoword)
2. user starts Yosemite install which requires Admin user/password (which gives access to keychain)
3. Install occurs
4. Same user logs back into his own account
5. User is asked for iCloud password ... !!
Here there are 3 things.
A. User may just want to recover a file but is forced to enter a password for services he does not even want
B. Its the same user, who has Admin access.
C. If the user logged into the account, then either give him the keychain iCloud password, or ask for it "after giving him access to his local MAC account files"
Really makes me think that the "more I have to behave like a trained monkey" the less there is security. Here slamming in passwords, PINs, etc. without consideration of what is the "real key" is pointless from a security perspective.
Fully agree to both statement. And I don't understand either why Yosemite asked for the iCloud password before logging into any account. And once logged-on actually asked for the iCloud password again once for every (calendar, dress, mail) as I opened each App.
Hence my thread.
I actually feel reassured that I am being asked to verify my credentials now and then. Having passwords blindly stored and never prompting the user to enter them is really bad in my book, especially when setting up a new computer or after an upgrade! I'd expect them to verify who I am!
This does make sense; but aside the discussion of the way iCloud manages security..
The credentials being asked were for iCloud and I was attempting to access the files on my local iMac (i.e. logging into my local iMac user account).
Doesn't that seem like a little confusing and not in line with logic of what protects what ?