On August 19th, Apple emailed some podcasters warning them about an upcoming change to their login system.
First up: shared login credentials
Last year, Apple updated Podcasts Connect, making it possible to share a podcast between multiple people, each with differing responsibilities. I use this to setup new podcasts for my clients so they don’t have to fiddle with the setup process. Instead of sharing Apple IDs, I just invite them to register or login with their Apple ID, to get access to show stats.
You should never share login details for any service with anyone if you can avoid it. You might implicitly trust the person you’re sharing details with, but their computer could have malware they don’t know about. Good podcasts hosts like Transistor and Captivate, and even services like SquadCast let you invite team members who can login as themselves, and who never see your password.
That’s what Apple is cracking down on here. It’s a sensible move, as it keeps everyone protected. So, how can they stop multiple people having access to the same login details?
Have you ever logged into a service with a password, and then been asked to enter a 6 digit number from a text message, or another app? That’s two-factor authentication (it doesn’t have to be text). The idea is to protect your account so that even if someone gets your password, they can’t login unless they also have your phone. Your password is the first factor, and the random 6-digit code (which quickly expires) is the second.
Apple has had two-factor authentication for a while. In true Apple style, they don’t do it like everyone else does (in a proven way that works). Instead, they tried to implement their own system which (again in typical Apple style) works for 90% of people, 90% of the time.
The way they do it is, when you login to your Apple account, they ping another Apple device that you own, to ask you to confirm the login. So if you login on your Mac, they’ll ping your phone and say “Is this you logging in? If so, tap here”. Your Mac will notice you confirmed, and log you in.
If you don’t get a ping on another device, there’s a link you can hit which will present a few options. One of them is “send me an SMS”, which will send a 6 digit code to your phone you type into your Mac. Despite there being more Apple devices in my flat than organic lifeforms, I have to do this every time I login to Podcasts Connect.
How this affects Podcasts Connect
Podcasts Connect is where you go to submit your podcast to Apple, and it’s where you can get some additional info about listeners. Apple is now going to mandate two-factor authentication (or “2fa”) when logging into this service, to avoid people sharing their login details with teammates.
I don’t think you’ll have to do anything; they’ll just turn that on. The recent email from Apple is just informing people that this is going to happen, as it’s best to be aware of these things.
If you don’t remember using Podcasts Connect, it’s unlikely to affect you at all. Although I’d recommend logging in just to make sure it all still works. Your podcast manager, editor, or producer can help if you’re not sure what this entails.
Still got questions about Podcasts Connect?
Feel free to drop me an email with any questions you have, and I should be able to point you in the right direction.