I've gotten a few "<Kid>'s Apple ID was used to sign in to iCloud on a new device" emails today that have me mildly concerned. I've logged in to the kid's iCloud account and verified that I don't see any unknown devices there. But while I'm used to sometimes seeing these spuriously when picking up a device that hasn't been used in a while, "out of the blue when everyone in the house is definitely asleep" is a new one for me. Anyone know how to debug this? #macos #icloud #infosec
Perhaps useful additional context: I got *one* "new device" email in the middle of the night, then I got 3 more right at the moment when I logged in to appleid.apple.com to check the device list, then 1 more when I touched the mouse of a sleeping macbook. So "weird iCloud keychain behavior" seems like a much more likely culprit than "stock photo person in hoodie at keyboard" but it would be nice to actually have something to check against.
@glyph this is what drives me nuts about this “feature”
It’s a good idea that’s completely non-actionable. What are you supposed to do next to track it down?
@danilo It's bonkers. The wording is annoying to the point of being insulting. "If you don’t recognize this device" — which device? What device?? WHAT DEVICE?!?
@danilo literally nothing but a timestamp, and also it's inaccurate. It is actually telling you something about key material being exchanged or something (which I can infer because of programmer brainworms, not because of anything visible in the UI) and then "simplifying" the language to talk about being "used to sign in", which is patently not what it is actually alerting you to.