Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Integrate Apple ID with macOS Sierra logon

I used to have my Apple ID integrated with with El Capitan logon - meaning I logged in with my AppleID username and password. Since running macOS Sierra I have lost this ability and even attempted this from a newly installed OS. The closest to this I can find is the option is to allow the macOS Sierra local user account to reset the password via Apple ID. I did manage to active the two-factor authentication but that does not offer any more options in regards to my initial problem.


In essence I want my local logon on macOS Sierra to be exactly the same as my AppleID username and password. This should also be linked to my AppleID - so if I change my AppleID password then my macSierra password changes as well. Surely there must be a way to achieve it - this is exactly how my local non-domain joined logons work on my Windows 10 devices. My Microsoft Live ID is used and authorized to be used on the Windows 10 devices I choose it to be used and providing me with a poor man version of single-sign on (e.g. sync to e-mail, drive encryption recovery key saved in Live ID, bookmarks synced, one username and password across devices, two-factor authentication, etc.)


I have also disabled FileVault on my internal drives as it seems that the drive encryption adds another interesting twist. I do not mind re-installing the operating system as I am going on leave soon and would not need my laptop for critical tasks.

MacBook Pro (Retina, 15-inch, Mid 2015), Windows 8

Posted on Dec 12, 2016 8:57 PM

Reply
21 replies

Dec 13, 2016 5:47 AM in response to 1-0-1

What I remember from pre-Sierra time: when you can't login, you can use your apple ID. Did that mean that you also at the same time are logged in iCloud?

Now Apple pushes two step verification.

What is the advantage of using the Apple ID approach? Why not just the password? You can even change your name in the Login setting with the Apple ID password if you so want.

Lex

Dec 13, 2016 12:14 PM in response to Barney-15E

Oh that is interesting to hear as I have not experienced it myself with El Capitan. Why would I NOT want that back? Well for starters I have a bunch of credentials to remeber - so ease of use would be reason number one and having a consistent logon experience on all my Apple devices. That alone is reason enough to have that option availebel.


This does not seem to be a technical problem as other OS vendors pull it off and tie in really useful features (e.g. computer preferences, application settings, etc.). One way of dealing with possible account lockouts would create a local admin account with a 16+ complex password for fallback purposes. password could be stored in keychain manually (?) so not to need to remeber another set of credentials.

Dec 13, 2016 2:08 PM in response to 1-0-1

Having to sign in twice may be a hassle, but think of it this way:


If you sign into your Mac with your Apple ID/password and that automatically signs you into iTunes/iCloud/app store, etc. then anyone who just stole your Mac would have easy access to everything, especially if you have a credit card associated with your account.


I'll take the hassle for a little extra peace of mind.

Dec 14, 2016 1:15 AM in response to babowa

Hey man - that does make sense however a couple of points why linked credentials is still a better option. First off my device is using FileVault and I have my screensaver set to display password. I also have not configured automatic logon.


If I had two different credentials the risk would be for somebody to brute-force or guess my local credentials and then my AppleID. Also as mentioned in my usage scenario, he will need to get past the drive encryption first. However. in the case of Barney-15E's suggestion I would be even worse off as my local account has the same password as my AppleID and is not governed by account lockout policies as my AppleID.


If I had a single linked account the same would apply but at this point I can change my password, unauthorize the computer (which can also be done in the first option), etc. Plus the AppleID will lock after a couple of wrong attempts.


So there is no real reduction of security as whoever steals my device still needs to guess or brute-force the password. This is obviously very different for people that have automatic logon enabled, no screensaver password lock or/and very long screensaver timeout period.


In short the extra inconvenience cause by not being able to link credentials does not really reduce the risk.

Integrate Apple ID with macOS Sierra logon

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.