Apple ID - Two-Step vs. Two Factor Authentication

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Apple ID - Two-Step vs. Two Factor Authentication

Dave Scocca

Good evening, all!

I'm trying to make sense of the change to Apple ID authentication, which requires me to set up two factor authentication and create app-specific passwords.

For several years now, my wife and I have used the contact/calendar sharing work-around of a separate "family" Apple ID, using an email address that forwards to both of us.  Both of us also have individual Apple IDs, and our devices are primarily signed in to our individual IDs and use the family ID only for calendars and contacts.

The problem is that (a) to get an app-specific password for third-party calendar/contact clients, I need to enable two factor authentication on the family Apple ID; and (b) in order to enable two factor authentication on an Apple ID, I believe you have to be using that ID as your primary iCloud login on a Mac, iPhone, or iPad.  

Has anyone else solved this problem?  Can I temporarily log in to the family ID, get everything set up, and then log out and back in to my personal ID and have everything continue to work?  Can a Mac/iPhone/iPad serve as a trusted device for multiple Apple IDs?

A related question -- does Family Sharing provide a better work-around?  

https://support.apple.com/en-us/HT201060

The description page says that it has "a" shared calendar--does it actually allow you to have multiple shared calendars among the family, or only a single one?  I also see no mention of contacts -- does Family Sharing provide any contact-sharing features, or does that still require a third iCloud account?

I'd be grateful for any suggestions about getting this straightened out.

Dave Scocca


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Apple ID - Two-Step vs. Two Factor Authentication

Al Varnell
Family AppleID's are, in general, a bad idea. Look into using Family Sharing with only individual AppleID's instead.

Sent from my iPhone

-Al-
--
Al Varnell
Mountain View, CA

> On Jun 15, 2017, at 8:47 PM, Dave Scocca <[hidden email]> wrote:
>
>
> Good evening, all!
>
> I'm trying to make sense of the change to Apple ID authentication, which requires me to set up two factor authentication and create app-specific passwords.
>
> For several years now, my wife and I have used the contact/calendar sharing work-around of a separate "family" Apple ID, using an email address that forwards to both of us.  Both of us also have individual Apple IDs, and our devices are primarily signed in to our individual IDs and use the family ID only for calendars and contacts.
>
> The problem is that (a) to get an app-specific password for third-party calendar/contact clients, I need to enable two factor authentication on the family Apple ID; and (b) in order to enable two factor authentication on an Apple ID, I believe you have to be using that ID as your primary iCloud login on a Mac, iPhone, or iPad.  
>
> Has anyone else solved this problem?  Can I temporarily log in to the family ID, get everything set up, and then log out and back in to my personal ID and have everything continue to work?  Can a Mac/iPhone/iPad serve as a trusted device for multiple Apple IDs?
>
> A related question -- does Family Sharing provide a better work-around?  
>
> https://support.apple.com/en-us/HT201060
>
> The description page says that it has "a" shared calendar--does it actually allow you to have multiple shared calendars among the family, or only a single one?  I also see no mention of contacts -- does Family Sharing provide any contact-sharing features, or does that still require a third iCloud account?
>
> I'd be grateful for any suggestions about getting this straightened out.
>
> Dave Scocca
>
>
> ____________TidBITS Talk Participation Guidelines____________
> Post only when you have something substantive to contribute.
> Be polite and constructive, and comment on posts, not people.
> Quote sparingly, if at all. We all read the previous message.
> Start threads with a new message to [hidden email].
> Read archives at: http://tidbits.com/pipermail/tidbits-talk/
> Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
> ____Mailing List Manners: http://tidbits.com/series/1141 ____



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Apple ID - Two-Step vs. Two Factor Authentication

Dave Scocca

> On Jun 15, 2017, at 11:56 PM, Al Varnell <[hidden email]> wrote:
>
> Family AppleID's are, in general, a bad idea. Look into using Family Sharing with only individual AppleID's instead.

Research shows Family Sharing does not support contacts, which is 50% of the reason we're using the family Apple ID in the first place.

Dave


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Apple ID - Two-Step vs. Two Factor Authentication

Zeedar Marc-2
In reply to this post by Dave Scocca

> On Jun 15, 2017, at 8:47 PM, Dave Scocca <[hidden email]> wrote:
>
> The problem is that (a) to get an app-specific password for third-party calendar/contact clients, I need to enable two factor authentication on the family Apple ID

My solution was to stop using third-party calendar app (goodbye Fantastical).

But that's only temporary, as I hear iOS 11 is going to *require* two-factor.

No idea how that would work for your extra Apple ID if two-factor only works for primary IDs. (I suppose it means the end of Apple IDs that aren't primary?)


Marc Zeedar
Publisher, xDev Magazine and xDevLibrary
www.xdevmag.com | www.xdevlibrary.com







____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Apple ID - Two-Step vs. Two Factor Authentication

John Turner
In reply to this post by Dave Scocca
Dave, all I can say is that there are thousands and thousands of confused and angry Mac users because of this new ID requirement. It took me days working with Senior Tech People to supposedly activate and fix this mess. But within a day of getting this ID working I was unable to access the iCloud and had to go through all kinds of machinations to get on it again.

I hate to say this, but I did say it to Apple and the Apple Community, that I think that Apple is trying to keep us from using alternative apps such as SPARK which is a vastly better app than MAIL, that has gotten hundreds of rave reviews. It is intelligent, simple to use, and has far better and knowledgeable  support than MAIL. And, it’s free. Finally I decided that I would disable my iCloud connection and use my SPARK and no longer have to deal with this crazed ID process!

JT

On Jun 15, 2017, 11:49 PM -0400, Dave Scocca <[hidden email]>, wrote:

Good evening, all!

I'm trying to make sense of the change to Apple ID authentication, which requires me to set up two factor authentication and create app-specific passwords.

For several years now, my wife and I have used the contact/calendar sharing work-around of a separate "family" Apple ID, using an email address that forwards to both of us. Both of us also have individual Apple IDs, and our devices are primarily signed in to our individual IDs and use the family ID only for calendars and contacts.

The problem is that (a) to get an app-specific password for third-party calendar/contact clients, I need to enable two factor authentication on the family Apple ID; and (b) in order to enable two factor authentication on an Apple ID, I believe you have to be using that ID as your primary iCloud login on a Mac, iPhone, or iPad.

Has anyone else solved this problem? Can I temporarily log in to the family ID, get everything set up, and then log out and back in to my personal ID and have everything continue to work? Can a Mac/iPhone/iPad serve as a trusted device for multiple Apple IDs?

A related question -- does Family Sharing provide a better work-around?

https://support.apple.com/en-us/HT201060

The description page says that it has "a" shared calendar--does it actually allow you to have multiple shared calendars among the family, or only a single one? I also see no mention of contacts -- does Family Sharing provide any contact-sharing features, or does that still require a third iCloud account?

I'd be grateful for any suggestions about getting this straightened out.

Dave Scocca


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Apple ID - Two-Step vs. Two Factor Authentication

James R Cutler
In reply to this post by Dave Scocca
Here are some useful rules developed as we survived the me.com through iCloud transitions.

0. Every user should have their own macOS login on macOS devices and should login to iCloud using their own primary iCloud account ID..

Messages will be delivered to the correct devices.
Find My iPhone will label devices correctly.
Find My Friends will label devices correctly.

1. Every user should have one primary iCloud account ID and each user’s ID should be used as the primary ID on that user’s iOS Devices.

Messages will be delivered to the correct devices.
Find My iPhone will label devices correctly.
Find My Friends will label devices correctly.
Mail will always be delivered to the correct iDevice.

2. A single user and corresponding Cloud account should be chosen for a joint contact list. Other users can use this share this contact list using a secondary iCloud account on their devices. (iOS or macOS)

Example - Carol has the shared contact list on her iCloud account. Bob has access using Carol’s iCloud account as a secondary account. 

3. A single user and iCloud account should be used for a joint Calendar. Other users share this calendar as invited.

Example - Calendar Ted&Alice is on Alice’s iCloud. Alice shares this read/weite with Ted.
Example - Calendar BoysNiteOut is on Ted’s iClout. Ted shares this read/write with Bob.

4. Any user should share a Note containing the master shopping list (or packing list, etc) by invite from the Note owner. Checklist format is an important feature here.

Family sharing is primary intended (my conclusion) for sharing purchases from Apple. None of the rules cited above require family sharing.


 
On Jun 15, 2017, at 11:47 PM, Dave Scocca <[hidden email]> wrote:


Good evening, all!

I'm trying to make sense of the change to Apple ID authentication, which requires me to set up two factor authentication and create app-specific passwords.

For several years now, my wife and I have used the contact/calendar sharing work-around of a separate "family" Apple ID, using an email address that forwards to both of us.  Both of us also have individual Apple IDs, and our devices are primarily signed in to our individual IDs and use the family ID only for calendars and contacts.

The problem is that (a) to get an app-specific password for third-party calendar/contact clients, I need to enable two factor authentication on the family Apple ID; and (b) in order to enable two factor authentication on an Apple ID, I believe you have to be using that ID as your primary iCloud login on a Mac, iPhone, or iPad.  

Has anyone else solved this problem?  Can I temporarily log in to the family ID, get everything set up, and then log out and back in to my personal ID and have everything continue to work?  Can a Mac/iPhone/iPad serve as a trusted device for multiple Apple IDs?

A related question -- does Family Sharing provide a better work-around?  

https://support.apple.com/en-us/HT201060

The description page says that it has "a" shared calendar--does it actually allow you to have multiple shared calendars among the family, or only a single one?  I also see no mention of contacts -- does Family Sharing provide any contact-sharing features, or does that still require a third iCloud account?

I'd be grateful for any suggestions about getting this straightened out.

Dave Scocca


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____

James R. Cutler
PGP keys at http://pgp.mit.edu






____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Apple ID - Two-Step vs. Two Factor Authentication

Dave Scocca
On Fri, Jun 16, 2017, at 09:09 AM, James R Cutler wrote:

> 2. A single user and corresponding Cloud account should be chosen for a
> joint contact list. Other users can use this share this contact list
> using a secondary iCloud account on their devices. (iOS or macOS)
>
> Example - Carol has the shared contact list on her iCloud account. Bob
> has access using Carol’s iCloud account as a secondary account.

So -- to turn this into actionable advice for me, the recommendation
would be:

(1) Copy all the calendars and contacts from the household Apple ID
iCloud account to my personal iCloud account.

(2) Where my wife's devices now have secondary access to the household
iCloud ID, remove that ID and replace it with my personal iCloud ID.  

(3) (eventually) delete the household Apple ID.

That is, since I don't have any reason to keep calendars or contacts
that my wife can't see, I might as well just have her log in to my
iCloud account rather than keep a "joint" account to segregate "mine"
from "ours".

Dave

--
  Dave Scocca
  [hidden email]



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Apple ID - Two-Step vs. Two Factor Authentication

Dave Scocca
In reply to this post by Dave Scocca
One additional thought...

> The problem is that (a) to get an app-specific password for third-party
> calendar/contact clients, I need to enable two factor authentication on
> the family Apple ID; and (b) in order to enable two factor authentication
> on an Apple ID, I believe you have to be using that ID as your primary
> iCloud login on a Mac, iPhone, or iPad.  

The primary iCloud login on a Mac is on a per-account basis, right?  One
possibility I can see would be adding a joint login account to my Mac,
and making the family Apple ID the primary iCloud login for that
account.

The question then would be -- what happens if the only "trusted device"
for an iCloud account is a Mac which is not currently logged in to the
correct account?  Would that prevent other devices from connecting to
that iCloud account at all?  

Once the two factor authentication is set up using the Mac, can a single
iOS device be a "trusted device" for more than one iCloud account at a
time?

Dave

--
  Dave Scocca
  [hidden email]


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Apple ID - Two-Step vs. Two Factor Authentication

James R Cutler
In reply to this post by Dave Scocca
That is, since I don't have any reason to keep calendars or contacts
that my wife can't see, I might as well just have her log in to my
iCloud account rather than keep a "joint" account to segregate "mine"
from "ours".

Your numbered steps are fine. Your summary is ambiguousl - remember rule 1

1. Every user should have one primary iCloud account ID and each user’s ID should be used as the primary ID on that user’s iOS Devices.

Your iCloud ID should ONLY be a secondary account on your wife’s devices. Otherwise confusion abounds. Bigly!




On Jun 16, 2017, at 9:25 AM, Dave Scocca <[hidden email]> wrote:

On Fri, Jun 16, 2017, at 09:09 AM, James R Cutler wrote:

2. A single user and corresponding Cloud account should be chosen for a
joint contact list. Other users can use this share this contact list
using a secondary iCloud account on their devices. (iOS or macOS)

Example - Carol has the shared contact list on her iCloud account. Bob
has access using Carol’s iCloud account as a secondary account.

So -- to turn this into actionable advice for me, the recommendation
would be:

(1) Copy all the calendars and contacts from the household Apple ID
iCloud account to my personal iCloud account.

(2) Where my wife's devices now have secondary access to the household
iCloud ID, remove that ID and replace it with my personal iCloud ID.  

(3) (eventually) delete the household Apple ID.

That is, since I don't have any reason to keep calendars or contacts
that my wife can't see, I might as well just have her log in to my
iCloud account rather than keep a "joint" account to segregate "mine"
from "ours".

Dave

--
 Dave Scocca
 [hidden email]

James R. Cutler
PGP keys at http://pgp.mit.edu






____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Apple ID - Two-Step vs. Two Factor Authentication

Doug Miller
In reply to this post by Zeedar Marc-2
On Fri, Jun 16, 2017 at 12:05 AM, Zeedar Marc <[hidden email]> wrote:

> No idea how that would work for your extra Apple ID if two-factor only works for primary IDs. (I suppose it means the end of Apple IDs that aren't primary?)
>

 I have a second Apple ID with two-factor authentication set up. While
I was logged in to an account on Sierra on my primary Apple ID, I just
logged in on a second browser to that secondary Apple ID.  I still
received the prompt with the map to verify the log in attempt, and
then the six digit two factor authentication code to enter into the
next step of the log in.


--
Doug


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Apple ID - Two-Step vs. Two Factor Authentication

Mark R. Williamson
In reply to this post by James R Cutler
On Jun 16, 2017, at 8:09 AM, James R Cutler wrote:
Here are some useful rules developed as we survived the me.com through iCloud transitions.

0. Every user should have their own macOS login on macOS devices and should login to iCloud using their own primary iCloud account ID..

Messages will be delivered to the correct devices.
Find My iPhone will label devices correctly.
Find My Friends will label devices correctly.

Check.

1. Every user should have one primary iCloud account ID and each user’s ID should be used as the primary ID on that user’s iOS Devices.

Messages will be delivered to the correct devices.
Find My iPhone will label devices correctly.
Find My Friends will label devices correctly.
Mail will always be delivered to the correct iDevice.

Check.

2. A single user and corresponding Cloud account should be chosen for a joint contact list. Other users can use this share this contact list using a secondary iCloud account on their devices. (iOS or macOS)

Example - Carol has the shared contact list on her iCloud account. Bob has access using Carol’s iCloud account as a secondary account. 

** Problem. Bob doesn’t want to see Carol’s business associates, nor does Carol want to see Bob’s poker buddies.
Solution that used to work: Extra iCloud account ID (AppleID) called “BobAndCarol” (maybe created as part of their old Family account) that holds a shared contact list (and calendars).
** Challenge: Set up two-factor authentication for virtual user BobAndCarol, who owns no device and only rarely is signed in to a Mac, so that third-party contact (and calendar) managers can use the shared contact list (and existing calendar items).

3. A single user and iCloud account should be used for a joint Calendar. Other users share this calendar as invited.

Example - Calendar Ted&Alice is on Alice’s iCloud. Alice shares this read/weite with Ted.
Example - Calendar BoysNiteOut is on Ted’s iClout. Ted shares this read/write with Bob.

Right. Also, Family Sharing members can use the pre-shared Family calendar.

4. Any user should share a Note containing the master shopping list (or packing list, etc) by invite from the Note owner. Checklist format is an important feature here.

OK.

Family sharing is primary intended (my conclusion) for sharing purchases from Apple. None of the rules cited above require family sharing.

OK.

—Mark



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____