The humble Apple ID has expanded over the years from its origins as a way to purchase music from iTunes or log in to a developer account to live up to its name: nearly everything that requires credentials at Apple uses the Apple ID — which must be a valid email address — as the key, including the lame duck MobileMe and the upcoming iCloud. Mac OS X 10.7 Lion has expanded the use of the Apple ID even further, however, using it as a useful but optional adjunct to user accounts.
The Apple ID will become even more important with the advent of iCloud, as it will be the key to the many different services Apple is bundling together under the iCloud rubric. Some of these, like syncing calendars and contacts, Find My iPhone, and Back to My Mac, were formerly under MobileMe. Others, such as iTunes in the Cloud and wireless backups of iOS devices, will be entirely new. And of course, the Apple ID remains in use for the iOS App Store, Mac App Store, developer accounts, online Apple Store, and more, too.
For the moment, though, let’s look at how you can use your Apple ID in Lion, and then discuss some of the problems that the Apple ID system suffers from now — and what Apple could do to address its limitations.
The Key to Bypass Accounts in Lion — In Lion, an Apple ID may be set up as a secondary identity for an account, allowing access to anything that user account can access. That includes services like screen sharing, file sharing, and account recovery.
To set this up, start in the Users & Groups preference pane, click the Apple ID’s Set button, and enter your Apple ID and password. Any account other than the special Guest account can have an Apple ID set to go along with it. Once you associate an Apple ID with an account, it becomes another option that you can use for remote access to that account. You can even associate multiple Apple IDs with a particular account by clicking the Change button after setting the initial Apple ID.
Screen sharing and file sharing are the two most obvious places where you can use an Apple ID for remote access. When you select a computer from the Shared part of the sidebar in any Finder window and then click either Share Screen or Connect As, and you haven’t previously stored a password for an account, you’re prompted to connect as a guest (file sharing only), as a registered user account, or using an Apple ID. If your current account has one or more Apple IDs associated with it, the IDs are shown in a pop-up menu.
(Either or both buttons will be available depending on the remotely activated services.)
Also new in Lion is that you can use the Apple ID to reset your user account’s password from the login sheet that appears at startup (unless you’re set to login automatically), if you log out of an account, or by choosing Login Window from the fast user switching menu. We can’t see this being necessary all that often, but it’s a nice fallback.
You should consider security issues here: if you use an Apple ID to which you’ve given someone else the password, or add an Apple ID that belongs to someone else (having them enter the password), your account on a Lion-based Mac can be accessible over a local network or even remotely if the right setup is in place, such as via Back to My Mac. It’s also a problem if you have a weak Apple ID password that someone might be able to guess along with knowing your email address. That could also allow remote screen, file, and account access.
A Lack of Help with Multiple Accounts for One Person — Even as Apple wants us to rely even more on the Apple ID system, it has become clear that it lacks what would be welcome flexibility. A clear case in point is if you ended up with multiple Apple IDs after many years and purchases. Apple offers no help in consolidating purchases and other registered items into a single account, and has no plans to do so at this writing, according to a FAQ offered by Apple about its universal login identifier. (The FAQ has tips for handling common account changes, too.) That will become a bigger issue when iCloud launches and people
realize that they have purchased apps, music, and other items across multiple accounts when it didn’t matter as much.
This isn’t hypothetical. Let’s say you have purchased items from the Apple online store using your ISP-given email address. That’s one Apple ID. Then let’s say you have an active MobileMe account that you created before 2008. That’s another Apple ID. And even Apple has required separate Apple IDs in the past; TidBITS Publisher Adam Engst had an iTunes Connect account (for managing the TidBITS iOS app) associated with his main Apple ID, but when Apple opened the iBookstore, he was forced to create a second Apple ID to log in to the version of iTunes Connect that acts as the back end for the iBookstore.
There’s also the confusion of the .Mac/MobileMe transition of 2008, which left those of us with .Mac accounts prior to that point with two valid login identities: email@example.com and firstname.lastname@example.org. They aren’t precisely both Apple IDs — they were originally used for Web access, sync, and iChat — but can be used as an Apple ID. I can never recall what I used @me.com for instead of @mac.com. Plus, we’ve seen situations where, for instance, iChat would accept only the mac.com version.
(To toot our own horn, when we designed the unified TidBITS and Take Control account system, we set it so every email address would be associated with a separate account, but then built in account consolidation so our readers could claim all their email addresses and merge all their associated ebook purchases into a single account. We did this because, looking back over 8 years of Take Control orders, it is clear that the email address is often a poor unique identifier: people graduate from schools, change jobs, and move to new locations, all of which result in new email addresses.)
Apple’s My Apple ID Web site provides access to your Apple ID account information, and does allow you to change the email address registered with the account, as well as associate additional email addresses with it (assuming they aren’t already associated with another Apple ID). If you set up an Apple ID account using a non-email-based username years ago, you can’t change it, except to an email address.
The Unitary Position — Beyond the functional annoyance of not being able to merge Apple IDs, I continue to have trouble with Apple’s ongoing conflict between the notion of home sharing and the company’s insistence on a single ID. It’s part of the firm’s ongoing myopia about how families share media. Apple’s “sharing,” as in its Home Sharing option in iTunes, is “sharing among devices registered to the same person’s single Apple ID account.”
Apple does let you use media, apps, and other items across devices and computers associated with different Apple IDs. However, in order to access these items — except DRM-free music, which lacks account-locked copy protection — you must enter the password of the accounts from which the other items were purchased or downloaded. This password has to be made available not just when installing or playing, but with apps, whenever an app upgrade is installed.
Apple loves to talk about how its products encourage sharing, but as even cursory investigation shows, Apple’s idea of sharing is a one-way, one-time transfer. That’s “giving,” not “sharing,” which is by definition a multi-party, bidirectional process. Whether you look at sharing of media in iTunes, photos in iPhoto, or documents on the lame iWork.com service, Apple isn’t comfortable with the inherent lack of control that true sharing involves.
Some families rely on a single Apple ID account for all purchases. And one can use one Apple ID for buying things, and another for MobileMe and iCloud sync. But it’s still jury-rigged and irritating. It would be far better to have a way to associate multiple Apple IDs with a single group account with easy-to-set policies in iTunes or via an iCloud interface.
For instance, let’s say my wife, Lynn, and my two children all had separate Apple ID accounts. We’d want separate accounts for the kids so that we could control purchases and give them gifts of credit. We wouldn’t want to simply merge all the content from our various purchases onto an account to which they had access. Rather, I would like to be able to say, “merge into the family account all G-rated movies and music without an Explicit rating.” These sorts of controls are available for syncing and for purchasing on individual devices; why not have them available to families, too?
The other notable advantage of a group account would be to bypass the requirement for any family member to have to know the password of any other, a concern that’s especially an issue with children with whom you would ostensibly not want to share your schedule, email, and contacts. Nor would you necessarily want to allow them unfettered access to your credit card-backed Apple ID.
However useful a family-level umbrella account might seem or even the capability to merge Apple ID accounts, I fear that Apple simply doesn’t care. They would rather pursue a course of simple action than provide assistance to millions of people who want group accounts for a family or to merge multiple accounts. It’s too much individual hand-holding for a company that thinks like Apple. Sadly, as far as I can tell from past performance, Apple doesn’t think anything is broken at all.
Evolving Notions of Identity — By having an Apple ID serve every function related to Apple — operating system, purchasing, and cloud-stored data — our friends in Cupertino may have bitten off too much. Simplicity is a wonderful concept, and we support it fully. Apple’s integration of the Apple ID into Lion shows how well it can be done as an adjunct and support, while allowing multiple identities in one place. If the company could only bring that same level of consideration to the broader use of Apple IDs, it would make many of us a little more sane.