Apple ID Becomes Mac OS X and iCloud Glue
The humble Apple ID has expanded over the years from its origins as a way to purchase music from iTunes or log in to a developer account to live up to its name: nearly everything that requires credentials at Apple uses the Apple ID — which must be a valid email address — as the key, including the lame duck MobileMe and the upcoming iCloud. Mac OS X 10.7 Lion has expanded the use of the Apple ID even further, however, using it as a useful but optional adjunct to user accounts.
The Apple ID will become even more important with the advent of iCloud, as it will be the key to the many different services Apple is bundling together under the iCloud rubric. Some of these, like syncing calendars and contacts, Find My iPhone, and Back to My Mac, were formerly under MobileMe. Others, such as iTunes in the Cloud and wireless backups of iOS devices, will be entirely new. And of course, the Apple ID remains in use for the iOS App Store, Mac App Store, developer accounts, online Apple Store, and more, too.
For the moment, though, let’s look at how you can use your Apple ID in Lion, and then discuss some of the problems that the Apple ID system suffers from now — and what Apple could do to address its limitations.
The Key to Bypass Accounts in Lion — In Lion, an Apple ID may be set up as a secondary identity for an account, allowing access to anything that user account can access. That includes services like screen sharing, file sharing, and account recovery.
To set this up, start in the Users & Groups preference pane, click the Apple ID’s Set button, and enter your Apple ID and password. Any account other than the special Guest account can have an Apple ID set to go along with it. Once you associate an Apple ID with an account, it becomes another option that you can use for remote access to that account. You can even associate multiple Apple IDs with a particular account by clicking the Change button after setting the initial Apple ID.
Screen sharing and file sharing are the two most obvious places where you can use an Apple ID for remote access. When you select a computer from the Shared part of the sidebar in any Finder window and then click either Share Screen or Connect As, and you haven’t previously stored a password for an account, you’re prompted to connect as a guest (file sharing only), as a registered user account, or using an Apple ID. If your current account has one or more Apple IDs associated with it, the IDs are shown in a pop-up menu.
(Either or both buttons will be available depending on the remotely activated services.)
Also new in Lion is that you can use the Apple ID to reset your user account’s password from the login sheet that appears at startup (unless you’re set to login automatically), if you log out of an account, or by choosing Login Window from the fast user switching menu. We can’t see this being necessary all that often, but it’s a nice fallback.
You should consider security issues here: if you use an Apple ID to which you’ve given someone else the password, or add an Apple ID that belongs to someone else (having them enter the password), your account on a Lion-based Mac can be accessible over a local network or even remotely if the right setup is in place, such as via Back to My Mac. It’s also a problem if you have a weak Apple ID password that someone might be able to guess along with knowing your email address. That could also allow remote screen, file, and account access.
A Lack of Help with Multiple Accounts for One Person — Even as Apple wants us to rely even more on the Apple ID system, it has become clear that it lacks what would be welcome flexibility. A clear case in point is if you ended up with multiple Apple IDs after many years and purchases. Apple offers no help in consolidating purchases and other registered items into a single account, and has no plans to do so at this writing, according to a FAQ offered by Apple about its universal login identifier. (The FAQ has tips for handling common account changes, too.) That will become a bigger issue when iCloud launches and people
realize that they have purchased apps, music, and other items across multiple accounts when it didn’t matter as much.
This isn’t hypothetical. Let’s say you have purchased items from the Apple online store using your ISP-given email address. That’s one Apple ID. Then let’s say you have an active MobileMe account that you created before 2008. That’s another Apple ID. And even Apple has required separate Apple IDs in the past; TidBITS Publisher Adam Engst had an iTunes Connect account (for managing the TidBITS iOS app) associated with his main Apple ID, but when Apple opened the iBookstore, he was forced to create a second Apple ID to log in to the version of iTunes Connect that acts as the back end for the iBookstore.
There’s also the confusion of the .Mac/MobileMe transition of 2008, which left those of us with .Mac accounts prior to that point with two valid login identities: firstname.lastname@example.org and email@example.com. They aren’t precisely both Apple IDs — they were originally used for Web access, sync, and iChat — but can be used as an Apple ID. I can never recall what I used @me.com for instead of @mac.com. Plus, we’ve seen situations where, for instance, iChat would accept only the mac.com version.
(To toot our own horn, when we designed the unified TidBITS and Take Control account system, we set it so every email address would be associated with a separate account, but then built in account consolidation so our readers could claim all their email addresses and merge all their associated ebook purchases into a single account. We did this because, looking back over 8 years of Take Control orders, it is clear that the email address is often a poor unique identifier: people graduate from schools, change jobs, and move to new locations, all of which result in new email addresses.)
Apple’s My Apple ID Web site provides access to your Apple ID account information, and does allow you to change the email address registered with the account, as well as associate additional email addresses with it (assuming they aren’t already associated with another Apple ID). If you set up an Apple ID account using a non-email-based username years ago, you can’t change it, except to an email address.
The Unitary Position — Beyond the functional annoyance of not being able to merge Apple IDs, I continue to have trouble with Apple’s ongoing conflict between the notion of home sharing and the company’s insistence on a single ID. It’s part of the firm’s ongoing myopia about how families share media. Apple’s “sharing,” as in its Home Sharing option in iTunes, is “sharing among devices registered to the same person’s single Apple ID account.”
Apple does let you use media, apps, and other items across devices and computers associated with different Apple IDs. However, in order to access these items — except DRM-free music, which lacks account-locked copy protection — you must enter the password of the accounts from which the other items were purchased or downloaded. This password has to be made available not just when installing or playing, but with apps, whenever an app upgrade is installed.
Apple loves to talk about how its products encourage sharing, but as even cursory investigation shows, Apple’s idea of sharing is a one-way, one-time transfer. That’s “giving,” not “sharing,” which is by definition a multi-party, bidirectional process. Whether you look at sharing of media in iTunes, photos in iPhoto, or documents on the lame iWork.com service, Apple isn’t comfortable with the inherent lack of control that true sharing involves.
Some families rely on a single Apple ID account for all purchases. And one can use one Apple ID for buying things, and another for MobileMe and iCloud sync. But it’s still jury-rigged and irritating. It would be far better to have a way to associate multiple Apple IDs with a single group account with easy-to-set policies in iTunes or via an iCloud interface.
For instance, let’s say my wife, Lynn, and my two children all had separate Apple ID accounts. We’d want separate accounts for the kids so that we could control purchases and give them gifts of credit. We wouldn’t want to simply merge all the content from our various purchases onto an account to which they had access. Rather, I would like to be able to say, “merge into the family account all G-rated movies and music without an Explicit rating.” These sorts of controls are available for syncing and for purchasing on individual devices; why not have them available to families, too?
The other notable advantage of a group account would be to bypass the requirement for any family member to have to know the password of any other, a concern that’s especially an issue with children with whom you would ostensibly not want to share your schedule, email, and contacts. Nor would you necessarily want to allow them unfettered access to your credit card-backed Apple ID.
However useful a family-level umbrella account might seem or even the capability to merge Apple ID accounts, I fear that Apple simply doesn’t care. They would rather pursue a course of simple action than provide assistance to millions of people who want group accounts for a family or to merge multiple accounts. It’s too much individual hand-holding for a company that thinks like Apple. Sadly, as far as I can tell from past performance, Apple doesn’t think anything is broken at all.
Evolving Notions of Identity — By having an Apple ID serve every function related to Apple — operating system, purchasing, and cloud-stored data — our friends in Cupertino may have bitten off too much. Simplicity is a wonderful concept, and we support it fully. Apple’s integration of the Apple ID into Lion shows how well it can be done as an adjunct and support, while allowing multiple identities in one place. If the company could only bring that same level of consideration to the broader use of Apple IDs, it would make many of us a little more sane.
Amen to all you've said Glenn. We've got 4 Apple device users in our family, all with separate Apple IDs, and some (myself) with multiple developed over the years. Currently we all share a common ID (mine) for purchases but that makes things difficult when the kids and my wife want to do something separate (email, contacts, calendars) that requires the use of THEIR ids. I hope Apple respects Tidbits enough to read your article and pay attention. I can't imagine that with thousands of employees, they don't run into the same problems themselves.
This apple ID mess will eventually cost apps developers money because there is no way to consolidate all apps purchased withr multiple IDs. I finally decided to just forget about apps that were purchased with old IDs. I refuse to pay for an app twice just to align the IDs. Apple appears arrogant on this issue.
My AppleID was created back when I signed up for Apple's .mac service. I kept it up for a few years but just couldn't justify the $100/year vs gmail. It's still my AppleID, and I was able to change the email address associated with it, but I wonder if I'm going to have a problem when iCloud rolls out...
I believe that should be OK.
Actually it's not required that an Apple ID be a valid email address. My Apple ID was tied to an old email address that I retired when I signed up for .Mac. When I tried to update my Apple ID, the system refused to allow me to change it to an existing, valid .Mac/MobileMe email address. By going to myinfo.apple.com, one can update their Apple ID to be anything they want. My Apple ID does not contain a domain name. While I couldn't use '[email protected]' or '[email protected]", I was able to migrate my old ID to be simply, 'myemail'
I believe original developer IDs, I have one but don't recall it's provenance, also were not email addresses and became AppleIDs at some point. I want to consolidate my 'xxxx' ID with my '[email protected]' ID, but cannot.
So, while I know this is true, why-o-why does Apple support still have Article HT2204 (11 Feb 2011) up? the first sentence of the second paragraph is pretty clear, "Your Apple ID must be a valid email address (such as [email protected])."
No wonder this AppleID thing is a mess. Their left hand doesn't know if they even have a right hand.
My Apple ID is NOT an email. It is just a short string of letters and numbers. I think I signed up before it was required that the ID be an email. I wonder how that is going to affect me later on with iCloud. Does anyone else have a non-email account ID?
I do. From what I have read here and elsewhere, it shouldn't be a problem. The Apple ID just needs to be unique, and as noted in the article, any new Apple IDs need to look like an e-mail address, whether they are currently valid or not.
"It's impossible to get out of a problem by using the same kind of thinking that it took to get into the problem."
Multiple Accounts for One Person:
Ugh! I hope Apple changes their position. This is my number one issue - I have two accounts and it is a real pain! Any suggestions how we might "lobby" Apple to change this policy?
I agree with the family account and kids issue. Mine couldn't stop spending money, so I switched her to her own account with no credit card (no mean feat in itself.) Now, she can't upgrade any of her apps without my ID which I won't give to her. Really a pain.
I've been paying for "Dot-Me" since it started, and have run into the .Mac, .me and email.edu multiple account issue *and* the family sharing issue (two iPads, two iPhones and a 'touch). It would help me a great deal to be able to merge. Had it been crystal clear that this wasvthe direction the Apple ID was headed, I would definitely have made some different choices. How about it Apple? Merge privileges for those with dotMac/mobileMe historical records?
Given how few people have issues with this it is incomprehensible that Apple is unaware of the issue. This always leads me to question what other reasons there might be for this situation and the one glaring one is DRM and licensing of content, especially through iTMS. As simple as family accounts are on the surface implementing them when dealing with license terms is anything but simple. How many "families" will suddenly want to share media? How many neighbors will continue with one account per family and share media across a neighborhood?
It's a terrible system yet I fear the solutions will be long in coming.
Not to mention multiple accounts from different iTunes stores. Through necessity I have accounts in more than 1 iTunes store; a real pain when needing app updates on iOS.
Last year when the iPhone 4 came out I kept wondering why I didn't get the magic email from the Apple Store. It turned out they were emailing me at my (old) mac.com address, long since given up since I didn't want to pay for it, even though I had signed up for notice with my gmail account. Even after a trip to the store to check, they somehow couldn't manage to email me at the correct address. They finally just let me have the new phone without coming in at the precise time they told my mac.com email black hole...
Recent reports have Apple planning to allow the merging of multiple Apple IDs: http://www.macrumors.com/2011/09/16/apple-working-on-allowing-the-merging-of-multiple-apple-ids/
That would be "report" and it's more in the nature of a rumor than a report. Still, good news!
Great article. I remember reading it back when it was published. Now I re-read it, because I have new iCloud needs for my family that I'm having trouble solving. The "iCloud for Families" article looked too good to be true, and it was :-(
Basically, I have an iPhone 5 and my wife finally upgraded to an iPhone 4, which is capable of iCloud. I've been looking forward to finally being able to have Find My iPhone support for her phone and also to track our crazy family happenings with Find My Friends.
But when I finally set up her new iPhone, I was disappointed to find that, unlike Find My iPhone, Find My Friends cannot work between two users signed on under the same iCloud account. I don't think iMessages behave well in this setup either.
So I tried setting her up with her own iCloud account, and adding that new iCloud account as a "secondary" iCloud account under our Mac's iCloud settings. But then there was no way for her to use the same Contacts database which we depend heavily on. Plus Photo Stream would be disconnected, another big problem. Plus Find My iPhone would get broken.
So for now, I've gone back to a common iCloud id scheme. But is there a solution you can think of that I'm missing?
No thoughts, sorry; Apple is terrible about how Apple ID and iCloud-associated accounts are managed. It makes tools ostensibly designed for families, and yet which lack the features needed to let them really work!
iCloud accounts are designed to be per-person; they just don't work when shared between people, and you give some great examples of why.
In your case, you can get most of the way to a solution by having your wife set up her individual iCloud account as her PRIMARY account, and then the shared account as secondary so she can access shared contacts. You'll each have a separate Photo Stream, but that's OK because one of you can set up a Shared Photo Stream that the other person can access.
I say more about all this stuff in Take Control of iCloud (http://www.takecontrolbooks.com/icloud).
Joe, I've read Take Control of iCloud from cover to cover :-)
At first your suggestion baffled me, since I don't see anywhere in the iPhone's iCloud settings to set up a secondary account. But I now see that under Mail, Contacts, and Calendars, it appears to allow any number of iCloud accounts to be added there, eh? That might work! I think I can live without a common Photo Stream, as long as I can still sync her photos to my main iPhoto library either by plugging directly into my Mac or via iPhoto's Shared Photo Streams feature. I will try this out some night soon that I'm not up past 1am... :-)
Thanks in advance!