Why is Apple asking me to upload my root/admin password for my MacBook Pro in order to use iCloud? This should not be necessary

Question

Level 1

8 points

Why is Apple asking me to upload my root/admin password for my MacBook Pro in order to use iCloud? This should not be necessary

Why would Apple, Inc. need me to upload my MacBook Pro administrator (i.e. root) password -- from my Iphone -- in order to use iCloud services (calendar, notes, etc.)?

Not my iCloud password, my laptop administrator password!

I asked Apple phone support just now and they are telling their senior-level CSR's to say this is "for verification purposes only" and "this is a form of two-factor authentication".

Um, no...

Root passwords for physical machines are absolutely NOT required for two-factor authentication and claiming that this is necessary to "protect the user" is bogus. Sending root passwords around to 3rd parties also goes against (arguably, very obvious) IT security fundamentals.

This is like an ATM machine asking for your PIN and then asking you to drop off copies of your house keys "just to make sure it's really you"

I can see no legitimate reason for Apple -- or any vendor -- to request and store root passwords of its users' machines. There is already an Apple ID and password. Need more proof of identity? First, why? But if you must, then use challenge/response in a custom app. Use email. Use text messages. There are lots of viable methods available that do not ask the customer to engage in such egregious security practices.

I'm posting here to find an acceptable solution if one exists, and also to let others know about this issue as it seems to be new with a recent OS update.

MacBook Pro, iOS 11.2.6

Posted on Mar 15, 2018 10:48 AM

Reply

Answer 1

LACAllen

Level 8

43,416 points

Mar 25, 2018 7:10 PM in response to ossiasys

Not my iCloud password, my laptop administrator password

They are asking for only any local admin password, which is not the same as a root user or password. This is to validate your iCloud Keychain.

If you have enabled root, which is not enabled by default, those are not the credentials they are asking for. Any admin level account password will do.

It is indeed to validate your identity.

I can see no legitimate reason for Apple -- or any vendor -- to request and store root passwords of its users' machines.

I agree. That is not what you are being asked for.

Reply

Answer 2

ossiasys Author

Level 1

8 points

Mar 27, 2018 7:43 AM in response to LACAllen

The security issue I have identified has nothing to do with whether or not "the root user" is enabled. It has to do with sending credentials for users with root privileges to Apple, Inc.

Members of the admin group enjoy root privileges via "sudo". These users can effectively change anything on the local machine. No one should possess these passwords except the users themselves.

No vendor needs login credentials for root-privileged accounts on your local machine just to verify your identity, just the way your bank does not need the keys to your house in order for you to use one of their ATMs.

You cannot at the same time be against giving someone your house key, but all for giving them the key to a lockbox that contains your house key.

Reply

Answer 3

ossiasys Author

Level 1

8 points

Mar 28, 2018 8:12 AM in response to LACAllen

I've already explained how admin users do, indeed, enjoy root privileges. You apparently Googled "root user mac". Now you can Google "sudo".

NOTE: Don't use that command unless you understand what you're doing. It gives you root privileges and all it requires is that you...enter your admin user's password 🙂

And, while all that may be useful for some people to know, I don't want to confuse the issue or allow it to be confused.

There is no justifiable reason an admin user's password (or any local machine user's password for that matter) should be required for something like iCloud authentication. Any user-controlled value could be used for two-factor verification. Security questions, PIN's, custom secure two-factor-authentication applications, etc. are the appropriate choices here.

Most users are ignorant of fundamental IT security concepts so it is irresponsible in my opinion for companies with such widespread market reach like Apple, Inc. to encourage (or require!) users to send local machine credentials to them, or to anyone.

Reply

Answer 4

Eric Root

Level 10

684,039 points

Mar 28, 2018 8:31 AM in response to ossiasys

Apple doesn’t routinely monitor the discussions. These are mostly user to user discussions and there is nothing we can do to change Apple policy. Use the feedback link posted by zinacef to make your idea(s) known to Apple.

Reply

Answer 5

ossiasys Author

Level 1

8 points

Apr 4, 2018 9:14 PM in response to Eric Root

I am posting this issue here for the benefit of other users and to spread awareness of the problem. This is actually one of the primary purposes of a public user forum.

When many customers become aware of a problem, they can all provide feedback and take action. This can absolutely cause a company to change its policies.

Reply