Question: Why is Apple asking me to upload my root/admin password for my MacBook Pro in order to use iCloud? This should not be necessary
Why would Apple, Inc. need me to upload my MacBook Pro administrator (i.e. root) password -- from my Iphone -- in order to use iCloud services (calendar, notes, etc.)?
Not my iCloud password, my laptop administrator password!
I asked Apple phone support just now and they are telling their senior-level CSR's to say this is "for verification purposes only" and "this is a form of two-factor authentication".
Root passwords for physical machines are absolutely NOT required for two-factor authentication and claiming that this is necessary to "protect the user" is bogus. Sending root passwords around to 3rd parties also goes against (arguably, very obvious) IT security fundamentals.
This is like an ATM machine asking for your PIN and then asking you to drop off copies of your house keys "just to make sure it's really you"
I can see no legitimate reason for Apple -- or any vendor -- to request and store root passwords of its users' machines. There is already an Apple ID and password. Need more proof of identity? First, why? But if you must, then use challenge/response in a custom app. Use email. Use text messages. There are lots of viable methods available that do not ask the customer to engage in such egregious security practices.
I'm posting here to find an acceptable solution if one exists, and also to let others know about this issue as it seems to be new with a recent OS update.
MacBook Pro, iOS 11.2.6