阅读49 返回首页    go 小米 go 小米5

Apple Sharing Passcodes

Dear Apple,

 

How could you do this?

 

I just installed the Yahoo email app and tried to set up a security pin for the app but instead of being able to set a code, the app just seemed to set it's own code without any clue to what had just happened, Par for Yahoo.

 

It took me a while to finally realize that the Yahoo App set the security pin to be the same as the Apple Passcode for the iPad!?

 

This is a catastrophic security flaw. That you could do this to the world...., I just can't understand. You must realize what you have done but just in case you don't I'll explain it to you.

 

Regardless of how exclusive this passcode sharing is allowed to go, could any app access the code? If it went no further than the Yahoo Email App, its still a catastrophic security flaw, because now  you have just tied the email app which should have the strongest security due to the fact that it is the number 1 method for resetting passwords for online accounts.

 

And tied it to the inherrantly weakest security because no one wants to type a long password every time they want to use their device every 5 minutes.

 

Not only that, not even Two factor security (the so advanced security standard) is going do much good because the text message app is on the same device for 9 out of 10 users, and no doubt the same code unlocs text messaging app. I wouldnt know myself because my second factor has nothing to do with the iPad.

 

Even The 4 digit codebe cant be trusted, because if you could stoop so low as to link all security to a 4 digit code, theres certainly no reason to trust you to keep that pin safe, but even if you do, you can't guarantee all the of the apps that you shared the code with can be trusted.

 

You were once the best of the best and Apples integrity had set the bar that all others tried to catch up with.

 

As the engineer who solved signal integrity and EMI for PCB designs, which was validated with the Gigabit Ethernet rollout which caused 100% of PCBs at that frequency to fail for over two years. Marvell, my employer at the time, had entered that space two years after the rollout, which was why they failled for that long. My solutions wwere finally fully vetted by virtue of being the only designs in the world that worked at those frequencies.

 

But my point is, of the thousands of designs I reviewed world wide, there was only one company that got it perfect the first time and that was Apple. that was the last time my faith in Apple was renewed. The first time was when I first used the Macintosh. The second time was with the iMac, the third time was with the iPhone, and the fourth time was with sticking to strong security despite government pressure.

 

But that's not the worst of it. The worst case exploit for this flaw I can't even begin to describe in the public domain. I guess Apple died with Steve Jobs, which has long since been made clear, but still Apple's level of corruption still lagged well behind the rest.

 

If apple, the last trusted third party, could fail us so absolutely, what hope is left for humanity?

 

Hoping I can renew your faith in Humanity because there is still a way to turn things around, even now, but maybe not for long. Please contact me and give me a chance to convince you.

 

With Sad Regards,

Paul Ikeda

Questioning my dedication to Altruism for the first time.

Dear Apple,

We are fellow users, these are user forums, you are not talking to Apple on here.

Hi TakenItSeriously. Are you certain that the Yahoo app can access the device passcode? It may just be asking the internal software to interact with you and return a yes/no response. In any case, you can report this problem to Apple by posting at this link: Feedback - iPad - Apple. The post size is limited, so try to ease off on the philosophical and biographical aspects. Since you're concerned about Apple's approach to security, you might enjoy reading this link: https://www.apple.com/business/docs/iOS_Security_Guide.pdf.

Apple does NOT share your device screen lock passcode with anybody. Apple doesn’t know it to begin with, the device doesn’t allow anything access to it, and has no mechanism to send it anywhere.

 

Your post merely highlights how people are often ignorant of the security they actually use with apps, and how poorly those app developers are at explaining what they are doing.

 

See https://www.macworld.com/article/2993920/security/kill-the-password-yahoo-tries- it-and-it-works.html

 

or How to Use Yahoo's No-Password Account Login

 

BTW, yahoo has been using this mobile push notification, no password required method for about 2 years now with their mobile app.

 

YES it requires you to enter your screen lock passcode or use your fingerprint to open the app for use.

 

NO, it does not transmit your screen lock passcode to yahoo, or share any information about your device‘s passcode with yahoo.  Yahoo, And Apple, remain totally ignorant of whatever local device security settings yiu have enabled on your device. Only you know your screen lock passcode.

this is a user helping user forum we are not apple

 

you should try

Contact Apple Support

or

Product Feedback - Apple

It's definitely true that, the Yahoo email apps pin is automatically set to use the same as the iPad passcode.

 

On the app lock, It even says:

 

Enter iPad Passcode for "Yahoo mail"

unlock to proceed

 

So clearly, the fault lies partially with Yahoo as well as Apple, but Yahoo is like most companies who could care less about security, or at least are too dumb to know better, but that's being pretty dumb.

 

Theirs no point to even have the redundant yahoo lock. It only protects the app for the exact case of someone who leaves an iPad on with the cover left open but with the Yahoo app closed.

 

That happens about as often as leaving a car in public with the doors wide open and engine running, but the glove box locked.

 

And yes it is a catastrophic security flaw because it leaves people vulnerable to mass hacking. Wasn't Equifax enough of a lesson?

最后更新:2017-10-19 15:08:11

  上一篇:go How do I know my TM is stuck?
  下一篇:go Support with apps for iPads to use with students