iCloud setup on iOS asks for MacBook Pro password.

[keaide]

I just logged in to my iCloud account on my iPhone 7 (latest iOS 10). As Part of the setup, I was asked to enter my MacBook Pro password. What is that about? Why is my MacBook Pro password required and how does Apple know it in the first place? Can anyone explain that to me? Is there any iCloud data protected by my Mac password or what's going on there?
Thanks.

 

[jpn]

are you sure it didn't ask you to enter your MacBook pro password on your MacBook Pro? when the iPhone is trying to access your mac device for a legitimate reason, but that mac device is currently locked, then it will ask you to unlock your mac device so it can access it. but that only is asking you to enter it on the mac device, not the iPhone.

 

[slippy]

I was troubleshooting some iCloud storage issues for my wife a couple weeks back. I logged out of iCloud on her iPhone and iMac. Logged back in to iCloud on her iMac then iPhone. During the login steps on the iPhne I was prompted to enter the password for the iMac. In her case, two different passwords. It successfully took the password for her local account on the iMac, but it was never clear what it was for.

Ultimately this iCloud storage issue put me in touch with a senior advisor at Apple. I asked her during our talks and she said she had never heard of that before. Unfortunately I don't think she followed up on it either since it wasn't the primary focus of the ticket.

 

[IowaLynn]

Sure it wasn't Apple ID?
Logging in on new device do you have 2FA set up?
I am asked for my icloud/Apple ID. There should be a Mac only pswd that is separate from Apple ID.

 

[KALLT]

I encountered this issue too and I never figured out why it happened. When you log into iCloud on a device, it will ask you for the passcode/password of another device. For me it did stop after I turned off 2FA, but Apple’s support documentation mentions nothing about this. I was also not using iCloud Keychain or Notes. I only seemed to receive the 6-digit code when I logged into a website. I never received this when logging into iCloud on a device, which leads me to believe that there is some other security mechanism involved that Apple does not document.

For me this added to my growing distrust of everything iCloud, as a result of which I have stopped using it altogether.

 

[IowaLynn]

The first time you use an.app it will ask if it should always trust it.
Alsi it presents a location alert and then 6-digit pin cide to be entered ... on the other device. Insures your trusted device is part of 2fa chain.

Need to logout if all devices to change 2fa setting.

You haveto have an Apple id and when macos boots it does present a login now for icloud whether you "use" it or not.

That is not the pswd that you were using or shouldnt be when you use os x and allowed changes to be made.

 

[keaide]

Thanks for the replies. I searched a bit around and found two possible suspects. One would be 2FA, the other one iCloud encryption.

2FA usually asks me for a 6-digit code that is presented on a trusted device. I wasn't prompted to enter such code when I logged into iCloud on the iPhone yesterday, but had to enter the password for the MacBook (instead?). That's weird. I don't use iCloud Keychain. Now I cannot remember to have submitted my MacBook password to Apple during the MacBook setup procedure, but I might have just forgotten that.

The second suspect would be iCloud encryption (Data, Notes, Backup etc...). There seem to be some rumors about Apple using "real" encryption now (i.e. Apple does not have the key to decrypt the iCloud data on their servers), but I am not sure about that. If actually true then Apple might just use the MacBook password to encrypt that iCloud data and thus would need me to provide the password to download iCloud data to the iPhone.

Now I am not sure what's the real reason for that password request. But I also wonder what happens when I change the MacBook password (will it be changed on Apple's side as well?) or the MacBook gets stolen (can I reset/untie/replace it somehow?). No official documentation found so far.

 

[IowaLynn]

About @FA and Apple ID https://support.apple.com/en-gb/HT204152
About Apple ID Password https://support.apple.com/en-us/ht201355

System Preferences: Security & Privacy / Users & Groups - a personal login password (just for that Mac) is "optional" and used to make changes.

Apple ID is not optional and am asked to enter on startup to log into iCloud.

 

[Mlrollin91]

I've had it happen. Setting up a new macOS device has asked for my iPhone passcode. And setting up an new iOS device has asked for my macOS device password. It must have something to do with 2FA and trusted devices. Maybe also keychains.

 

[IowaLynn]

There are Apple ID (email address and password) that is used to setup an iPhone. "Passcode" to me are pin security codes to unlock phone but are now passwords

 

[Mlrollin91]

There are Apple ID (email address and password) that is used to setup an iPhone. "Passcode" to me are pin security codes to unlock phone but are now passwords

Not entirely sure I am following what you are saying.

iOS does ask for macOS device password when setting up a new iOS device. And macOS does ask for iOS device passcode for setting up a new macOS device. I went through both of this last week. Reformatted my MBA and iPad.

 

[keaide]

Not entirely sure I am following what you are saying.
iOS does ask for macOS device password when setting up a new iOS device. And macOS does ask for iOS device passcode for setting up a new macOS device. I went through both of this last week. Reformatted my MBA and iPad.

This sounds like what I was talking about. What I have encountered is not a request to enter a PIN code (2-step verification and 2-factor authentication). It was really about my MacBook (macOS) login password. I would have indeed expected such PIN code request but not the Mac password.

 

[Mlrollin91]

This sounds like what I was talking about. What I have encountered is not a request to enter a PIN code (2-step verification and 2-factor authentication). It was really about my MacBook (macOS) login password. I would have indeed expected such PIN code request but not the Mac password.

Yeah I thought it was particularly strange too. I think it is something to do with 2FA + Keychains. Before I ever enabled 2FA, keychains had its own pin. It no longer asks me for that. So I think this is a trusted device verification not a 2FA verification.

 

[DJLAXL]

Traded my S8+ for a 7+ (again) and yes I was asked to enter the password OF my Macbook Pro during setup on 10.3.2 beta.

 

[rjcchan]

This happened to me today.

I had set up a device password for new iPad which i attempted to restore from another iPad iCloud back up. One thing has led to another and it was taking to long so I wiped both iPads and set up both as new. When I log into iCloud from either iPad I enter ID and ID password. Then I am told the account is protected by the new iPads device password that was that was set up on the installation that I wiped. The new set up is without a password.
Thank heavens for "123456" There is a forgotten password option...but i was told to enter a code without any indication where it was I would get this code. 2FA is active on this but it did not give me a code.

Once I enter "123456" everything seems to work except the preexisting backup of the older iPad "cannot be deleted at this time". I can get by without iCloud so I am not going to pursue this with Apple. Interested if someone has figured out what is going on though.

 

[zorinlynx]

My theory is that the encryption key that is used for your iCloud data is derived from or encrypted using the password or passcode, and that when you set up a new device it will ask you for that information.

This is all conjecture, but I bet it starts with the password/passcode to the FIRST device you use iCloud with. Then as you add more devices, the passcode/passwords on those are also used to encrypt the iCloud data encryption key, so now those passcodes or passwords can be used as well to set up new devices.

So to access iCloud data, you need two things:

- Authentication to obtain access to the encrypted data (logging in with your Apple ID and doing 2FA)
- Encryption key (to decrypt the data once you have access to it)

Again, I have NO idea how iCloud encryption and security actually work. This is just a theory based on behavior I've observed. In my case I was asked for the passcode of my iPhone when setting up iCloud on a new Mac. Maybe it asks for the passcode/password on the other device you most recently used. I haven't set up enough devices yet to find a pattern.

 

[SOLLERBOY]

This is so strange. I have just had this updating to iOS 11 - My iPad Air 2 wanted my MacBook Pro password. I also had the option to enter my iMac password or get authorisation "another way". When I selected this a notification popped up on my iMac and wanted me to enter my iCloud password - this removed the prompt from the iPad and everything worked as normal.

My iPhone didn't want anything else than my iCloud password like normal but nothing else.

This behaviour is really strange 0 I have 2 factor auth set up and that usually prompts all my trusted devices with a notification showing a map and allow and disallow buttons. I have also had it ask for a 6 digit code but I think that was with 2 step verification rather than 2 factor auth.

I have Filevault set up on both my macs and did NOT store the password with Apple. I didn't enter either of the macs passwords because i didn't want them transmitting to servers. Also I have iCloud keychain turned off so it shouldn't be anything to do with that. Don't know what is more concerning - being asked for my mac passwords or the fact the iPhone got in with no 2 factor approval required.

Edit : Just logged into iCloud and it pushed the 6 digit code to all my devices. So weird - loads of different auth methods. Not to forget being able to manually ask for a 6 digit code on iOS devices. My mist important questions though is, does Apple have my Mac passwords even though I chose not to store in iCloud?

 

[jonathanbruck]

I experienced this. I was setting up an iphone from a backup, and after the icloud login, I saw the alert to enter my MacBook Pro password.

My only guess is that the backup contained Notes I locked when I was using my MacBook Pro.

Earlier this week I had another strange one when I set up my wife's iphone 8 from a backup. Her iphone on her icloud asked for my icloud info: The backup it was trying to load contained downloads of apps from when we had family sharing turned on.

I got rid of the alert by deleting the 'family share' apps, and re-installing them from the app store.

 

[AlwayswithGrace]

So i still do not understand how Apple got my password that i use to open my iPad Pro. Any help? Not a fan of others knowing information without my permission. No one should know my private password to sign onto any device.

We should not have to GUESS how this is happening!

 

[keaide]

I still don't know what's really going on there. Did not find anything "official" either. I assume it has something to do with this 2FA. But this is the typical Apple style… "It just works" (even if it doesn't). Anyway, I guess they don't store any plain text passwords in their databases, so I assume there is no security issue...

 

[phalseHUD]

I've just encountered this and had to disable 2FA. That did the trick but where the feck was my password for my MacBook being sent?!?!?!?!!!! I'm getting seriously pissed off with Apple. You do not need to know my feckin MacBook Pro login password!!! ArrrrghHHHHHH!

Disclaimer from rant: Maybe I've misunderstood something or perhaps just not educated enough.

 

[ladygreen42]

I think I downloaded a virus, I stopped it and then updated my laptop to the new iOS...I hadn't updated for 2 years. I ran a virus scan after and it doesn't detect anything. My iPhone kept prompting me to enter my iCloud password and I did and then it asked for my MACBookPro password...which I thought was weird. I was wondering if I did have a virus after all and someone is trying to access my information. It all is just weird.

 

[JKnickie]

I was wondering about the issue on hand and found this

If you use two-factor authentication, your device is trusted when you sign in. In most cases, you won’t need to approve your device separately to turn on iCloud Keychain. Depending on your account and device setup, you might need to enter your iCloud security code, enter the passcode that you use to unlock one of your other devices, or approve from another device.

on https://support.apple.com/en-us/HT204085.

 

[TLMuse]

So i still do not understand how Apple got my password that i use to open my iPad Pro. Any help? Not a fan of others knowing information without my permission. No one should know my private password to sign onto any device.

We should not have to GUESS how this is happening!

This request for a Mac password just happened to me, after upgrading an iPad Mini from 10.3.3 to 11.2.6. I agree that we shouldn't have to guess about why/how this is happening. It's frustrating that a search about it didn't turn up anything official from Apple about when and why this is requested.

That said, this does not mean that Apple knows your Mac's password (or mine). The way this kind of verification typically works is that an encryption of your password is what has been sent to Apple. This is a string of characters that your Mac computes from you password that is nearly impossible to "invert." So even though Apple has it, they most likely cannot get into your computer (and cannot tell you your password if you lose it). When you enter the password on your iPad, the same encryption is used. So Apple can tell that you entered the same password you use on your Mac, even though it can't tell what that password is.

Since Apple hasn't explained anything about this authorization step online, I can't say for sure it's what's going on. But it's a standard way passwords are handled in settings like this. I'd be very surprised if Apple wasn't doing something along these lines. Given that they tell us that they can't give us our passwords if we forget/lose them, it seems very likely to me that this is what's going on.

If you'd like to learn a bit about the technology behind this, this Wikipedia article is probably a good place to start: Cryptographic hash function - Wikipedia.

 

[ultimatenerds]

I just logged in to my iCloud account on my iPhone 7 (latest iOS 10). As Part of the setup, I was asked to enter my MacBook Pro password. What is that about? Why is my MacBook Pro password required and how does Apple know it in the first place? Can anyone explain that to me? Is there any iCloud data protected by my Mac password or what's going on there?
Thanks.

just make sure the lock is off in the users list in preferences before you start trying to add the icloud account... hope this is useful..