Apple Started Asking to Enter Mac Passwords with Login, and That Is Great News

Have you ever received an odd prompt from Apple when you tried to sync your new iPhone with your iCloud? Did that prompt ask you to enter your Mac password on iPhone without any decent explanation? In fact, did it ask for a Mac password from one of your OTHER devices? If the answer is yes, then you’re not the only one out there. And don’t worry, there’s nothing wrong with the prompt. In fact, it shows that Apple is trying to protect your data from potential exploitation, so just enter that password and carry on syncing your device, while we tell you more about this situation.

Apple ways of protecting your data

The truth is that this “Enter Mac Password” prompt pops up on your screen only when certain conditions are met. You need to set up or restore a new Apple device, and you also have to have two-factor authentication enabled on your Apple ID. Then, when you try to sync your new device (or reconnect the old one) to your iCloud, the system will ask you to confirm your identity by requesting to enter not your Apple ID password, but a specific passcode for one of your other devices. That sounds weird, doesn’t it?

Well, yes. You may think it’s slightly unorthodox, but to understand why Apple might require your Mac Password, we need to look at the way Apple stores data on iCloud.

All data stored by Apple is encrypted. The encryption takes place when the data is transferred, and it’s also encrypted on Apple’s servers. While you can access all of your data via Apple servers on your devices, only some of the data can be accessed directly via iCloud.com. It means that the encryption keys that Apple have allow them to decrypt only certain types of information, whereas the rest of your data could only be decrypted by the encryption keys stored on your personal devices. In other words, even Apple couldn’t decrypt some of the information if they wanted to! And if anyone asked Apple to hand over your personal data, all they could give would be strings of scrambled information.

This kind of approach protects users and their personal information from phishing and fraudulent certificate attacks. Of course, no one is impervious against phishing attacks, and Apple users have to go through its own share of phishing attempts, but all in all, the effort to protect their customer data shows. And the request to enter Mac password on iPhone is also the manifestation of those efforts.

Who has Mac Passwords?

So, if Apple is adamant at keeping your data secure, how does it protect your Mac passwords then? Well, the truth is that Apple protects those by… not knowing them. Now, what in the name of cybersecurity gods is this? How can the service provider not know your password? To tell you the truth, the idea is genius because Apple cannot leak what it doesn’t know.

It doesn’t mean that your Apple ID passwords or Mac passwords are not recorded in any way anywhere. After all, if they weren’t recorded, you wouldn’t be able to access your devices and your accounts. What we mean by saying that Apple doesn’t know your passwords is that they are stored in a way that Apple cannot access them in plain text.

Your Mac password is stored in an encrypted form. And it’s not just your usual encryption. The password is hashed, and hashing is a one-way ticket. Once the password is hashed, it cannot be “unhashed,” and whatever string of data that results would look like gibberish to anyone trying to make sense out of it.

The point of hashing is that it applies a certain algorithm for the data that has to be encrypted. And while the resulting value cannot be decrypted, running the same string of data through the same algorithm gives the same results. Hence, if you enter the right Mac password and the hashed value of the password you have entered corresponds with the hashed string stored by Apple, you’re free to enter your account.

All these security measures are implemented with the intension to ensure that your Mac passwords and other important data don’t get leaked somewhere in between. To put it simply, you are the only one who is in possession of the actual password. Also, there is always a possibility that the iCloud password could be hacked or stolen so, at the end of the day, asking you to enter your Mac password instead is a great idea.

So, what’s left?

The only problem that you might encounter here is forgetting your Mac password. In fact, let us ask you something, how do you remember your passwords? Where do you store them? Hopefully, you don’t jot them down on a piece of paper, and you don’t keep them in plain text on your device. That would be beyond terrible.

Also, please don’t tell us that your password is 12345 or password12345. That would go straight into the top of the list of the worst passwords of the decade. While Apple tries its best to protect your personal data, you have to put some effort into it on your side, too. Your job is to create a strong Mac password that would protect your device and your account.

Running out of ideas for a strong password? Tired of renewing your password regularly? Why should you do it yourself when you can leave it to a reliable tool that is available free of charge! Cyclonis Password Manager comes with two-factor authentication and end-to-end encryption that ensures secure password storage.

The tool is compatible with macOS 10.11 or newer, and it can help you generate strong passwords for all of your devices. Or, if you don’t like the idea of entering complicated passwords upon accessing your device, you can use the tool to store your other information, like your credit card details, your Wi-Fi password, and even your to-do list. Everything is safe in the encrypted vault!

December 9, 2019

Leave a Reply