On 2017-06-15 00:46:17 (+0200), Bob Stern <[email protected]> wrote:
FYI, a counter-intuitive aspect of app-specific passwords is that they
need not be specific to a single application. Although Apple can
issue up to 25 different app-specific passwords for a given iCloud
account, the account owner can elect to use a single app-specific
password for multiple applications.
As Benny states in his blog post, an application is not restricted to
a specific subset of iCloud data, which seems to defeat the purpose of
app-specific passwords. The only advantage I can think of for
creating different passwords for different applications is it enables
you to revoke one application's access to iCloud if, for example, you
stop using the application or the application is acquired by a company
with notorious privacy practices.
You could also read this as "device specific password" so you can revoke
access for a device (and all the applications on it) when it gets stolen
or lost.
There is zero added value to having different passwords for contacts,
calendar and mail on your laptop. Being able to kill access for the
laptop without having to change the password on your phone makes sense.
The main benefit of x-specific passwords -- if implemented correctly --
is that they only give access to (possibly a subset of) your data and
not to your account itself. In other words: if implemented correctly, a
compromised x-specific password cannot be used to change your account
password, create new x-specific passwords or revoke access from other
x-specific passwords.
Philip
--
Philip Paeps
Senior Reality Engineer
Ministry of Information
_______________________________________________
mailmate mailing list
[email protected]
https://lists.freron.com/listinfo/mailmate
