ADP doesn’t have anything to do with 2FA. 2FA codes to your phone is on by default and you can set up hardware security keys if you want.
Maybe you’re thinking of Google’s Advanced Protection Program.
1 Like
To activate Apple ADP you need to provide two security keys. Won‘t these count as 2FA too?
You don’t have to set up two security keys you just need to set up a recovery method which isn’t 2FA.
Hmm, I need to check it again because last time I activated it, it asked for two security keys on my iPhone
Did you previously set up your security keys? I just did it and all I had to do is set up a recovery method.
I did it with two keys before, was several months ago. Today I will try with my wife‘s phone and let you know.
Apples documentation doesn’t mention needing a security key.
2 Likes
This could be looked at an eggs-in-one-basket kind of situation.
If you had no other copy of the password database, you would be locked in all of your accounts had you only relied on one provider (in this case Apple).
Or if someone maliciously filed a complaint to Apple about you and you do not have access to your email or any other kind of service. You also could not ask for a support ticket or have great difficulty in getting one.
1 Like
It’s not anymore than Bitwarden. You lose access to Bitwarden somehow then all your passwords are gone as well. If someone “maliciously files a complaint” to Bitwarden then I guess you’re toast too.
To lose access to you Apple passwords you’d need to somehow not be able to log in to any of your devices and also lose your recovery method and not be able to log in to your iCloud. I don’t know what maliciously filing a complaint is, if that’s ever happened I’d love an example and an explanation why it doesn’t also apply to Bitwarden.
1 Like
This is true for all apps. There was a guy who locked up his proton pass account. 
So, you need to keep backups irrevelant of the service you use.
1 Like
You are right. Finally did the testing with wife’s iPhone and it didn’t ask for two security keys. It is weird because I bought my Yubikey pairs just for this
1 Like
No, it could be as simple as a false positive flag of CSAM and you’d get insta ban wrongly. Or a government requesting to Apple to (maybe temporarily) suspend your account.
They don’t do CSAM scanning it was never implemented. Again they could just as easily ban your Bitwarden account. The passwords are local to your phone anyway so actually they couldn’t do that. The worst that could happen is you lose iCloud syncing I suppose in the event that the government decides to step in and suspend your account? Has that ever actually happened before?
Relaying on Apple Passwords forces you to upgrade all your devices periodically.
I encountered this problem myself when I wanted to enable ADP but had an old MacBook that couldn’t be updated to the latest macOS that support it, by enabling ADP I couldn’t access my passwords on my Mac so I moved to Bitwarden.
Passwords are always E2EE don’t need to enable ADP. True though at some point if your computer is old enough it probably won’t be able to sync properly, although you should ideally be using a supported machine anyway.
Passwords are E2EE but enabling ADP encrypts even more Apple services.
Back then when I enabled ADP I was forced to unlink the device from my Apple ID so I couldn’t sync anything including my Passwords.
From the pure security point, your whole system is vulnerable when you use a system including other password managers, which does not get security updates.
This message could have been perfectly sarcastic, but I know it’s not. Let’s be honest: Apple has done a great job of making normies believe that they care about user privacy and their systems are very secure. I myself am an apple user, too, but this belief is far from the truth. Read this:
Every system has vulnerabilities and Apple devices are widely used so therefore highly targeted. Doesn’t mean they’re not secure.
1 Like