Security, authentication, and authorisation are never far away. Start your Mac up after it has been shut down over a holiday, and you will be prompted several times for passwords before you can resume whatever you intended to do. Enter the wrong password at the wrong time, and you could end up with a long and painful delay.
In theory, it should be simple. You can now opt to log onto your Mac through iCloud, in which case access to your Mac will be controlled through your iCloud password, that for your Apple ID. Even if you don’t do that, every dialog prompting for a password should make it crystal clear which password is required.
Well, that is sort of true most of the time. But when you are trying to cut a quick way through a succession of such dialogs, it is very easy to get them muddled.
Strictly speaking, authentication – verifying the identity of a user – and authorisation – obtaining permission to do something which is restricted or controlled – are different things. But whichever they are, you are likely to be asked for a password of some kind.
There are two notable exceptions to this with Macs and iOS devices:
- application passwords, which are sometimes required to open Messages or FaceTime, or other iCloud-based services; these have to be obtained through your Apple ID account webpage;
- verification performed under two-step authentication, by sending a PIN to your designated primary device (normally your iPhone).
In both those cases, the prompt given in the dialog should be clear enough for you to know what is needed.
So assuming that you do not log onto your Mac with your iCloud credentials (Apple ID), when are you likely to be prompted for your Mac account password?
- if you have FileVault 2 enabled for full-disk encryption, your password is required to unlock and decrypt the startup volume;
- if automatic login is disabled – which should be your preference – your password is required to log into your account after startup, or when switching between accounts;
- when waking from sleep (or opening from a screen saver), if set in the Security & Privacy pane, General tab;
- when accessing a locked keychain, in which case that keychain’s password is required;
- when accessing any pane or service which requires higher privileges, when an admin user’s password is required;
- when connecting to any remote server or service, for which the username and password for that system is required;
- when accessing (especially writing to) files, folders, or volumes which are protected by their permissions;
- often during software installations which need to write files to protected areas (which normally excludes apps from the App Store).
The most likely times that you will be prompted for your Apple ID password are when accessing iCloud-based services, including:
- iTunes, its purchased content, and its stores,
- the App Store,
- Message and FaceTime,
- shared files in iCloud,
- starting for the first time any apps purchased from the App Store on another computer.
There are also, of course, many occasions when you will be prompted to enter app- or service-specific user names and passwords.