

Apple really needs two passwords, not one for everything - PanMan
http://martijnpannevis.nl/blog/2012/12/10/apple-really-needs-two-passwords/

======
Osmium
I think it's fair to say that any major service should be offering two factor
authentication. Amazon does, Google does, Dropbox does, Facebook does. Why not
Apple too? Why not Twitter?

Somewhat related, if anyone wants to get two factor auth working for their OS
X login, instructions are at the bottom of this page:

[https://code.google.com/p/google-
authenticator/wiki/PamModul...](https://code.google.com/p/google-
authenticator/wiki/PamModuleInstructions)

Though I can't speak to how well it works (if at all) it at least makes me
hopeful someone will implement it more sensibly at a later date...

~~~
eridius
I don't think TFA works well for securing mobile devices, because the entire
premise is that it sends the second authentication token to your mobile
device.

~~~
robmil
Even then, it would be better than the status quo — you'd need physical access
to my phone to access my Apple account, preventing the kind of remote attacks
that were made famous recently.

------
jug6ernaut
While not really applicable to any of the situations he described; I really
wish more applications/companies/etc would use 2-factor authentication. It
really baffles me that more applications DON'T use it, such as banking
applications where I personally consider 2-factor auth a must.

~~~
tptacek
Low user opt-in adoption.

Low demand.

Licensing costs from third party authentication providers.

Increased support costs.

Early adopter status of the technology.

Skepticism as to utility (to wit, malware that captures token keys or output).

Integration with non-interactive logins, APIs, mobile software.

Don't get me wrong, I like two factor auth, but there are lots of practical
reasons it's not universal.

------
cllns
Good point. Worth noting that there already are two passcodes (potentially)...
one is the account password and the other is the unlock PIN. It'd make sense
if they required the unlock PIN for free/cheap apps.

~~~
kylec
Actually, this brings up an interesting idea - why not allow people the option
of disabling the password entirely if their phone is locked with a passcode?
Apple already does this with the Find iPhone and Find Friends apps, they could
easily extend this to free/small purchases, etc.

~~~
nsp
This used to be case - there was a setting to not require the password until a
bit after the App Store launched. They removed the option after bad
press/complaints from parents re:their kids purchasing things - I believe the
iamrich app, which cost $999 for a picture of a gem was the app that got the
most press.

~~~
3825
You should especially not require passwords for free app updates.

~~~
tomku
iOS 6 appears to have dropped the password check for all updates.

~~~
3825
That is a very welcome change. Drops a barrier that causes people to be
lethargic about updating their apps

------
SquareWheel
Or simply add an option to disable passwords for free apps. Having two
passwords will confuse average people, so of course Apple won't do that.

~~~
rdl
Apple doesn't want it to be easier to buy a free app than a paid app. They
want you in the habit of entering your password to iTunes, so you're more
likely to buy a paid app in the future.

------
cdrxndr
I'm a little late to this, but my wife and I share an iTunes account since we
have shared devices. The fact that the same password is used to download a
free app and to __REMOTE WIPE __my primary business machine is terrifying. I
would like that nuclear password to be 20 random characters and symbols,
please, not one that I have to type in on my iPhone whenever I download the
new Cut the Rope.

It's just upsetting to think back to the story of the gentleman who had every
single device wiped remotely after someone called into Apple support and
impersonated him with publicly available information from his Amazon account.
Yet very little has been done.

------
geori
+1,000,000!

Apple's myriad of logins and passwords is so frustrating to me. I had an
iTunes ID for years and can't use it for anything anymore because it is not an
email address. It is such a pain in the ass to do anything. I have two apple
ids, an icloud account and a game center account.

The edge cases (10% of users who would use multiple icloud/gamecenter
accounts) are making things a huge pain in the ass for 90% of users who are
the only person that uses their iphone for app downloads, icloud, music and
game center.

~~~
Xymak1y
I recently bough an ipod and set it up with a new apple id. I didn't have
access to a computer at the time, and my god, it was such a pain. Not only are
the password requirements utterly stupid (at least one digit, one capital
letter, you know it), I was continously prompted to set up three security
questions to make my account safer. The one I'm just trying to set up so I can
download some free apps (I didn't have any sort of payment options associated
with the account at all!). Of course it isn't enough that I have to input my
Apple password separately to every single app that might use it - Facetime,
iMessage, iCloud backup. When I download a free app, it still prompts me to
input my password. Why? What's the risk here?

All in all it took about 20 minutes only to be able to download a news app.
Not exactly user-friendly.

~~~
egypturnash
> When I download a free app, it still prompts me to input my password. Why?
> What's the risk here?

Kids buying several hundred dollars worth of Smurfberries.

No, really, that's why they set it up that way. That really happened. So
everyone has to suffer for that.

~~~
Xymak1y
Are you talking about in-app purchases? Those are password protected. What's
the point of password-restricting free apps?

------
ctdonath
Forget two passwords.

Apple needs to accommodate two IDs. Single ID is a problem.

I have my ID for whatever is "mine": stuff which I wish to exclude everyone
else from. I need another ID for my family: stuff which should be shared among
others who have a practical right thereto by relationship. Next I need another
ID for work: identifying me, but shared with my company and which I renounce
access to should I leave. All of these would overlap, recognizing that data in
my life is compartmentalized in Venn diagram fashion.

------
kyllo
Agreed, Apple's authentication system is obnoxious. Compounding this is the
fact that they force you to reset your password if you enter it wrong more
than once, ensuring that you're never going to remember it. I basically have
to answer my security questions and pick a new 8-char password with upper and
lowercase letters and numbers every time I want to download a new app.

------
lucian1900
Why even bother asking for a password for free apps? That's stupid.

~~~
citricsquid
I assume it's due to the free apps ability to make in-app purchases and if you
have a child using your phone they could rack up lots of charges without ever
identifying if there was no password to download the app. If the password was
when making in-app charges it would be more of an annoyance than entering once
up front.

~~~
mahyarm
In app purchases require a password anyway. I really dont see the need for
passwords for free actions. Android hasn't needed a password in those cases.

------
GrantS
Apple already allows this and more, though it is not obvious and there is no
free/paid app distinction.

[http://gigaom.com/apple/how-many-apple-ids-should-your-
famil...](http://gigaom.com/apple/how-many-apple-ids-should-your-family-have/)

------
lominming
Having 2 passwords does not really solve the problem. I understand where the
writer is coming from, but it is a gray area to define what is considered
"high risk" vs "low risk". Using two factor authentication for selected task
seems to make more sense.

~~~
jarrett
Agreed. Although certain actions would seem to be pretty black and white.
Wiping a device is high-risk, and should obviously require a strong password.
Downloading a free app is low risk (unless I'm missing something important
about the permissions system on IOS). As for actions that are in the gray
area, either let the user configure which password is used, or just err on the
safe side and use the strong password.

Also, a really killer feature (admittedly for power users only) would be an
API for password manager apps to integrate more deeply into iOS. I love my
password manager's browser extensions. If I could have password auto-filling
on iOS like I do in the browser, downloading free apps would be much, much
easier. For that matter, visiting password-protected websites in iOS would be
a lot easier, too. You'd still have to type your crazy master password on the
finicky touchscreen. But it's a step up from what we have now.

Apple really should improve this aspect of the user experience. As it stands,
I can only assume it leads a great many users to pick a weak password.

------
Roelven
I completely agree! Users should be better educated about the risks they put
themselves to, but we all should also be aware of the crazy social engineering
exploits that we expose are precious machines to.

This article made me certainly think twice about my password policies:
[http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-
hona...](http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-
hacking/all/)

------
gcv
Judging by the sheer difficulty normal people experience with iCloud and App
Store logins when they use iOS devices, Apple should try to figure out a way
to have zero passwords. Its support must get a ridiculous number of calls from
people who locked out their phones or iCloud accounts and then forgot their
passwords. I suspect that an interesting solution to this problem is brewing
behind closed doors in Cupertino.

------
mayneack
Tangential, but I am a little frustrated that I can't sign into one of my
google products without being signed into all of them. I get so nervous any
time I sign into google music somewhere that I'm not necessarily actively
monitoring because it means someone can just type "mail.google.com" into the
browser and basically unlock my whole life.

(I'm not making any statement on apple or apple vs google)

------
lancewiggs
Why not use multiple IDs? one very simple passworded for purchasing apps, one
complicated password for master syncing, phone deleting functions?

~~~
vvhn
that's exactly how i use an recommend to anyone - one appleid for things which
need purchasing and are shareable across a family ( basically iTunes and the
Mac App Store) and one for individual services such as iCloud, facetime and
iMessages.

something like

A single shared family-email@gmail.com which every family member uses for
iTunes and MAS on their iDevices and Macs

while each person uses their own email@gmail.com as Apple ids for Facetime,
iCloud and iMessage.

------
bhousel
They already allow this. I use one Apple ID for iCloud and a different Apple
ID for purchases in iTunes/AppStore.

~~~
lostlogin
Great point and an obvious solution once its thought of - annoying to change
when already committed though..

------
rdamico
This hits the nail on the head. As the OP says, having to use the same
password for purchasing $0.99 apps (where something as simple as a pin number
would suffice) and tracking/erasing an entire device (where anything but a
strong password would be crazy) just doesn't make any sense.

------
rdl
I use separate accounts for iCloud and iTunes (and Developer, and Support
Forums), which seems to solve this. It wasn't on purpose -- I had a nice short
3-letter MobileMe username that I didn't want to give up, and a lot of
existing iTunes purchases.

------
misnome
I agree with this; I feel distinctly uncomfortable using the same password for
both my developer account and "Free" app and family downloads. The appleid
system really needs an overhaul.

------
jonikanerva
I would prefer a possibility to enable a PIN code to work as the default
password for all stuff on my iOS devices. After three invalid PINs, ask for
the regular password. Simple.

~~~
Xymak1y
Great point. Easiest solution would be to just separate the Apple ID password
and the Device password.

------
spullara
You can use any random email address for iCloud and use a different one for
iTunes. It works fine and that way you can separate them cleanly.

------
BryantD
Really good point. s/Apple/everyone/, of course -- Google suffers from the
same issue, but it's less worrisome thanks to two-factor.

~~~
estel
But the usecase that the op refers to (installing free/cheap apps) doesn't
require entering a password in the Play Store.

~~~
BryantD
Oh, sure. But the bigger picture -- one password/authenticator device allows
access to your whole life -- still applies.

------
jhaile
Having two passwords seems very un-Apple like. Simplicity, minimalism. And you
can just use two separate accounts today anyways.

------
yen223
I'm not so sure about this idea. If you have trouble remembering one password,
you're definitely not going to remember two.

------
crististm
hey guys - you know, there is life beyond Apple

------
darkway
Sorry, you have just infringed Apple Patent #2323232323. Hide. Now.

