By now most of us know the unpleasant drill. The credit card company calls or texts you and says there appears to be an unauthorized purchase. Somehow, that happened (near as I can tell, merely coincidentally) on three different accounts for me within a week in July. One has turned into a continuing pain months later: Apple Card. Some of this is a fault of the card, but the greater fault lies in a weak bit of design in Apple’s platforms I otherwise love.
It all started about two and a half months ago with a text: the bank that holds my primary credit card, Chase, texted me to inquire about a small, but suspicious purchase on my card. After verifying on their site that the text itself was not a phishing scam, I confirmed that their system was indeed correct: the purchase being questioned was fraudulent.
That began the process for the bank canceling my old card, which I still had physically in my possession, and awaiting a new one. I was in the middle of renewing my license plate online, so I switched cards only to discover that my older, rarely used card kept rejecting any attempts to use it. Stopping by a second bank’s account page, I discovered it too had a fraudulent charge that had locked it down. They just forgot to tell me about it.
Somewhere during that week, I also got a notification on my Mac which said there had been suspicious activity on my Apple Card. Near as I have been able to discern, all three were unrelated and just a case of bad timing. An interesting case, though, since it showed markedly different ways of handling the initial fraud situation.
Chase handled the situation well, as you’d hope a national bank would, immediately shipping out a new card after confirming the situation via my online account. The local bank only shipped a card after I called and sat on hold for a half hour to discuss the fraudulent charges they’d failed to contact me about. Chase replaced my card within days, the small bank’s card took over a week to arrive.
Apple Card was easiest of all through this stage. The system level, easily verifiable notification initially prompted me to confirm the detected fraud and allowed me to immediately act by transferring me to an iMessage conversation with support. Rather than waiting for a replacement credit card, my card number — which isn’t printed on the physical Apple Card — reset electronically. Boom.
If the story ended there, this column might have been so straightforward as to barely merit being written and, had I bothered, it would have been “Wow, Apple Card is great.”
That is not the column I’m writing.
In the days after that initial reset, notification after notification came in of attempts to charge my Apple Card. Thankfully, all the charges were intercepted, and with the change of card number, most of them were refused simply for using an expired card. At first it was interesting, watching different attempts to charge the card from small and large businesses in different regions. Days and weeks later, the incessant notifications started to feel like the drip-drip-drip of water torture. Just stop it and move on already!
The continued notifications also had a dangerous side effect. By desensitizing me to actual charges, I nearly missed — a month or so into the whole ordeal — when two charges occurred from Spotify. The first was rejected for using the old card, but mysteriously, a second went through.
I don’t subscribe to Spotify, so I contacted Apple Card Support, which after initially asking me to take it up with Spotify (I pointed out this made no sense since I didn’t have an account there), changed my card number again and refunded the charge.
The drip-drip-drip continued, and, oddly enough, so did the fraudulent Spotify subscription, which occurred again on last month’s bill. This time, Apple Card Support pressed harder for me to deal with Spotify, but after sending a screenshot showing them I didn’t have a paid Spotify account, they finally agreed to once again reset the card number and start the process to get the charge refunded.
With one stipulation. A big, big one. They wanted me to reset my Apple ID in case someone had gained access to it. I had zero reason to suspect that and have two-factor authentication turned on, but I agreed partly out of a desire to take every measure possible to end the fraud charges and partly to placate the customer service agent.
This is more complicated for me as a long time Apple user for a reason other long-term Apple users can relate to: when I first created an account with Apple, I signed up to make purchases on the shiny new iTunes Music Store. However, a year or so later, I decided to purchase a subscription to the service then known as .Mac (later MobileMe and ultimately transformed into iCloud).
When one joined .Mac way back in Ought-Four, it would create a second Apple ID account (if one already had an Apple ID), instead of just upgrading the existing one to a new status like it does now if you move up to a paid iCloud tier. Thus began the segmentation of my Apple universe where “media purchases” continued to be tied to the original account, but cloud services went onto the new Mac.com account.
That’s all to say, I had to reset not one but two Apple ID accounts with new passwords. The moment I set the new passwords, my iPad, my work computer, my home computer, my iPhone, my Apple TV and my Apple Watch all went into panic, begging for the new passwords.
Since my iCloud account is extremely valuable to me — with my keychain of other passwords, all my photos, my synchronized documents and so forth — it needed a secure password, the sort that I certainly wouldn’t be able to memorize quickly. That meant rereading and dutifully retyping the password of random characters I jotted down on each device. And then, often typing it in again. Then, repeating the steps with the second password. Then realizing Messages or some other service hadn’t gotten the password and reentering the first password again.
If a device was left on, it seemed to accumulate a series of password requests, so that it wasn’t enough to enter it once even in each possible place. When the same password prompt pops up two, three or four times before finally going away — with no error message to indicate any problem the first times — it isn’t particularly encouraging. Each time, of course, I also had to use a second device to approve the two-factor authentication.
When I grabbed an old iPad for a project and clicked the “Update later” option to defer going through entering the long, complicated password, it likewise prompted me multiple additional times before giving me just minutes of reprieve.
And then the keychain. Oh, the keychain.
Since Apple (to their great credit and one of the reasons I love using their cloud services) uses end-to-end encryption, enabling the keychain that keeps passwords in sync between computers requires entering the password of another device already in the keychain even after entering the hard-to-remember main account password. So, in addition to entering the newly minted passwords, I found myself going to each device and entering another device’s local password or passcode.
And then, as a new device is brought onto the keychain, sometimes it seems to emulate whack-a-mole by disabling the keychain on another device until I enter the newly added device’s password again on the previously signed in device.
Even once a device is signed on, and the keychain is updated, I’ve continued to get occasional flare ups of prompts to reenter iCloud’s password, which shows another flaw: unlike other, well written apps on MacOS or iOS, Apple’s iCloud prompts do not play nice with Apple’s keychain. If it offers to let you access your stored passwords at all when entering in the iCloud password, so you don’t have to keep manually entering it (it doesn’t always), it pops up the entire list of all accounts, rather than intelligently telling the keychain to show iCloud related passwords.
(Something is terribly wrong when Twitter’s client can rightly tell iCloud keychain to prioritize showing Twitter accounts when trying to log in — putting them at the top of the list — but iCloud can’t tell iCloud keychain to focus on iCloud accounts.)
All of this could be made into a case about the problems of an all-encompassing cloud service, no matter how good, when things start to go wrong. We needn’t go that far though. Instead, I would argue this: it shows how Apple desperately needs to improve the sign-on experience for its cloud services across devices.
First, there should be one — precisely one — prompt to sign on per device. If Messages and iCloud Drive both need to sign on to the same account, they should not ever pop-up separate prompts. If the password changes, bring up the on-boarding screen just like when you set up a new Mac, get the new password and then it should be done. Period.
Two, Apple seriously needs to prevent these requests from forming a repeating loop — once the password is entered correctly, it shouldn’t pop up another prompt just because the system had already tried to sign on several times. The system needs to be smart enough to wait until the user enters the password, not queue up a bunch of requests.
Third, and finally, in a world where Apple encourages using a whole ecosystem of devices, it shouldn’t be a multi-day project to bring them all onto a new password. One should change the password on a single device (say an iPhone) and then be able to use NFC or Bluetooth or even a QR code — in other words, something — to pass that authorization on to one’s other Apple devices without tediously entering the password (or in us loyal, long time users’ cases, passwords) in each one, multiple times.
In other words, make this process smooth — make it appear that someone in Apple’s user experience team simulated this sort of situation. Changing a password isn’t that rare of activity, after all. Making it hard discourages changing passwords and making it where one must reenter the password manually, repeatedly, on each device encourages the kind of short, easy to remember (read: incredibly insecure) passwords Apple’s own password generator encourages us to move away from even on far less important accounts.
And, when all that’s done… how about also making it so that when one’s Apple Card number gets changed, all the old, fraud charges go off into the trash can and one never has to think about that again? I’d like to write a column about how great Apple Card is someday.