Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple ID Accounts Logging Out Users and Requiring Password Reset

L

LeMo

macrumors member
Sep 8, 2020
78
106
I realised nearly 10 days later that my app-secific IMAP password died with this BS.
And I believe Apple has kept its silence on the topic.....
 
  • Like
Reactions: Surf Monkey
gank41

gank41

macrumors 601
Mar 25, 2008
4,051
4,590
Would be crazy to think the reason Apple hasn't responded about this issue is if they actually don't know the cause...
 
Surf Monkey

Surf Monkey

macrumors 603
Oct 3, 2010
5,819
4,613
Portland, OR
gank41 said:
Maybe?? There's been plenty of long-standing bugs Apple is either incapable or unwilling to fix. Not saying they're not aware, but maybe they're still trying to figure out RCA
Click to expand...

Maybe they’re still figuring it out, but I seriously doubt they’re unaware of it.
 
  • Like
Reactions: Morod
gank41

gank41

macrumors 601
Mar 25, 2008
4,051
4,590
Surf Monkey said:
Maybe they’re still figuring it out, but I seriously doubt they’re unaware of it.
Click to expand...
Maybe? It honestly depends on how many people were genuinely impacted by this, and yes, 19 pages on a Mac Forum is a lot! But in the grand scheme of things, to Apple, is it a lot? I look at all sorts of different issues with ongoing bugs that have been happening for years, been reporting them in the Feedback app, and some don't even get acknowledged at all, while some say "more than 10" and have been open for 2+ years with no resolution.

I'm just saying with this, and seeing that there truly is no rhyme or reason to WHY this is happening, just that people are inconvenienced and still able to "resolve their problem", I wouldn't hold out hope as to why this has happened.
 
Tagbert

Tagbert

macrumors 603
Jun 22, 2011
5,664
6,632
Seattle
gank41 said:
Maybe? It honestly depends on how many people were genuinely impacted by this, and yes, 19 pages on a Mac Forum is a lot! But in the grand scheme of things, to Apple, is it a lot? I look at all sorts of different issues with ongoing bugs that have been happening for years, been reporting them in the Feedback app, and some don't even get acknowledged at all, while some say "more than 10" and have been open for 2+ years with no resolution.

I'm just saying with this, and seeing that there truly is no rhyme or reason to WHY this is happening, just that people are inconvenienced and still able to "resolve their problem", I wouldn't hold out hope as to why this has happened.
Click to expand...
It hard to know how many are seeing this. I’m watching the thread to see what’s going on but no one I know of has had this happen to them so far. (Crossing fingers)
 
gank41

gank41

macrumors 601
Mar 25, 2008
4,051
4,590
Tagbert said:
It hard to know how many are seeing this. I’m watching the thread to see what’s going on but no one I know of has had this happen to them so far. (Crossing fingers)
Click to expand...
Same! Just like many others here, I have a super old @Mac.com account setup with 5 Devices on my end along with Family Sharing. Folks kept claiming THAT was the reason why or whatever.. But I'm totally fine!
If you sign in at the Apple IT Security Page, there's a card that says when the Password was last changed, and in my case it was roughly 2 years ago. Not sure if there's a limit now on Passwords before they're set to expire, if that's now a thing?

 
  • Like
Reactions: Tagbert
Surf Monkey

Surf Monkey

macrumors 603
Oct 3, 2010
5,819
4,613
Portland, OR
gank41 said:
Maybe? It honestly depends on how many people were genuinely impacted by this, and yes, 19 pages on a Mac Forum is a lot! But in the grand scheme of things, to Apple, is it a lot? I look at all sorts of different issues with ongoing bugs that have been happening for years, been reporting them in the Feedback app, and some don't even get acknowledged at all, while some say "more than 10" and have been open for 2+ years with no resolution.

I'm just saying with this, and seeing that there truly is no rhyme or reason to WHY this is happening, just that people are inconvenienced and still able to "resolve their problem", I wouldn't hold out hope as to why this has happened.
Click to expand...

I mean, MacRumors reported on it. Are you suggesting no one at Apple looks at MacRumors and other Apple related sites? That they didn’t get a mountain of support calls about it? That no one at Apple experienced the problem?

They KNOW it happened. Their silence towards the event is PURPOSEFUL.
 
  • Like
Reactions: xodh, Jim Lahey, Tagbert and 1 other person
katbel

katbel

macrumors 68040
Aug 19, 2009
3,381
29,203
gank41 said:
Same! Just like many others here, I have a super old @Mac.com account setup with 5 Devices on my end along with Family Sharing. Folks kept claiming THAT was the reason why or whatever.. But I'm totally fine!
If you sign in at the Apple IT Security Page, there's a card that says when the Password was last changed, and in my case it was roughly 2 years ago. Not sure if there's a limit now on Passwords before they're set to expire, if that's now a thing?

Click to expand...
I voluntarily changed mine in January, January 2024..

and to answer to @Surf Monkey : some of the websites reporting the incident

MacRumors, Forbes, The Verge, 9to5mac, Michele Tsai blog etc
 
Last edited:
  • Like
Reactions: Surf Monkey
dumastudetto

dumastudetto

macrumors 603
Aug 28, 2013
5,155
7,503
Los Angeles, USA
LeMo said:
I realised nearly 10 days later that my app-secific IMAP password died with this BS.
And I believe Apple has kept its silence on the topic.....
Click to expand...

I wonder if having "app-specific" passwords set on your account could be the trigger?

These "app-specific" passwords are not particularly safe as they bypass a lot of security provisions to allow third-party apps to access your data. The passwords are not app specific either, any of these passwords can be used by any app to pull in emails, contacts, calendars when setup - without requiring 2FA.

I'm amazed Apple hasn't implemented an alternative authentication solution that negates the need for these passwords.
 
katbel

katbel

macrumors 68040
Aug 19, 2009
3,381
29,203
dumastudetto said:
I wonder if having "app-specific" passwords set on your account could be the trigger?

These "app-specific" passwords are not particularly safe as they bypass a lot of security provisions to allow third-party apps to access your data. The passwords are not app specific either, any of these passwords can be used by any app to pull in emails, contacts, calendars when setup - without requiring 2FA.

I'm amazed Apple hasn't implemented an alternative authentication solution that negates the need for these passwords.
Click to expand...
Interesting point of view.
This could explain why I had to change the password but wasn't required for my husband and other members of my family who I know don't have app-specific passwords. Though the next day my husband had a prompt [a window asking allow or cancel] but it was too similar to the March phishing attack and restarting the phone made the prompt disappear and never come back again, so far.

This made me think that there was another phishing attack and Apple, being aware of that, forced a lot of users to change their passwords. Lots of questions and alas no answers.

Anyhow if it was because of a specific app why did we need to get a new password for those too?
If it is risky they would have changed something...you wish..
 
J

Jim Lahey

macrumors 68030
Apr 8, 2014
2,626
5,379
gank41 said:
Folks kept claiming THAT was the reason why or whatever.. But I'm totally fine!
Click to expand...

In all fairness I think you're possibly misrepresenting that suggestion. Falling down the stairs is a reason people break a leg but not all people who fall down the stairs break a leg. It could be a factor. In the end we don't know because Apple is singing la-la-la with its fingers in its ears. Real classy behaviour from the self-proclaimed paragon of privacy, security and integrity.
 
dumastudetto

dumastudetto

macrumors 603
Aug 28, 2013
5,155
7,503
Los Angeles, USA
katbel said:
Interesting point of view.
This could explain why I had to change the password but wasn't required for my husband and other members of my family who I know don't have app-specific passwords. Though the next day my husband had a prompt [a window asking allow or cancel] but it was too similar to the March phishing attack and restarting the phone made the prompt disappear and never come back again, so far.

This made me think that there was another phishing attack and Apple, being aware of that, forced a lot of users to change their passwords. Lots of questions and alas no answers.

Anyhow if it was because of a specific app why did we need to get a new password for those too?
If it is risky they would have changed something...you wish..
Click to expand...

Your so-called specific app password can be used in any app, anytime, as long as the password is known and not disabled. Generate a password and try using it in ten different email clients. All ten email clients will have full access to your email, without needing any kind of 2FA intervention.

Resetting the master Apple ID password wipes them out so that no app can use that app-specific password anymore.

If Apple decided they didn't want to make a big song and dance about whatever has happened, for whatever reason, this more covert approach would make sense.
 
Surf Monkey

Surf Monkey

macrumors 603
Oct 3, 2010
5,819
4,613
Portland, OR
dumastudetto said:
Your so-called specific app password can be used in any app, anytime, as long as the password is known and not disabled. Generate a password and try using it in ten different email clients. All ten email clients will have full access to your email, without needing any kind of 2FA intervention.

Resetting the master Apple ID password wipes them out so that no app can use that app-specific password anymore.

If Apple decided they didn't want to make a big song and dance about whatever has happened, for whatever reason, this more covert approach would make sense.
Click to expand...
For basic security reasons most of us who use app specific passwords generate a unique one for each application. So when this event happened we had to make new ones for each application, not a single one to deploy many times.

As to Apple, it’s obvious that they’ve already made the strategic decision to pretend it didn’t happen. That’s called “sweeping it under the rug” and it isn’t a sustainable strategy.
 
  • Like
Reactions: katbel
Surf Monkey

Surf Monkey

macrumors 603
Oct 3, 2010
5,819
4,613
Portland, OR
Jim Lahey said:
You would think not, expect Apple has a very large number of hardcore disciples who would find a way to defend them even if they kidnapped their first born. For every customer Apple loses, they'll recoup from the faithful by charging even more for even less.
Click to expand...

That’s absolutely true.
 
dumastudetto

dumastudetto

macrumors 603
Aug 28, 2013
5,155
7,503
Los Angeles, USA
Surf Monkey said:
For basic security reasons most of us who use app specific passwords generate a unique one for each application. So when this event happened we had to make new ones for each application, not a single one to deploy many times.
Click to expand...

If they don’t know how your password(s) were compromised, it’s best to assume all of your app-specific passwords are compromised.

Has anyone WITH app-specific passwords NOT encountered the issues discussed in this thread?
 
  • Like
Reactions: Surf Monkey
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom